Painful Proxy Problem 127.0.0.1;8800

[Jagwa]

So about two months ago I accidentally downloaded some malware. I recognized it as soon as it started downloading and deleted it before it could install completely, but it did manage to change some of my settings. The most noticeable change was that it forced me to use a proxy (127.0.0.1;8800) and did not allow me to change it. The sliders and check boxes that normally would help me disable the proxy are just grayed out. It says some settings are managed by my administrator. I managed to get Chrome working again after digging through regedit, but I still notice a few of my programs (Internet Explorer, Steam, etc.) can not connect to the internet. Any advice?

 

Here is what FRST had to say:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014

Ran by AJ (administrator) on JAGWA on 18-12-2014 15:33:21

Running from C:\Users\AJ\Downloads

Loaded Profile: AJ (Available profiles: AJ)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://www.youtube.com/feed/subscriptions"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]

CHR Extension: (Adblock Plus) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-22]

CHR Extension: (Bing) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-12-11]

CHR Extension: (Google Wallet) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]

CHR HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)

R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [394512 2013-12-16] (Hauppauge Computer Works, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]

S2 Hamachi2Svc; C:\hamachi-2.exe -s [X]

S2 YouTubeDownload_P2; C:\Program Files (x86)\YouTube Downloader Services\P2\youtubeserv.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)

R3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [968792 2013-11-04] (Hauppauge Computer Work, Inc.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-18 15:33 - 2014-12-18 15:33 - 00020249 _____ () C:\Users\AJ\Downloads\FRST.txt

2014-12-18 15:09 - 2014-12-18 15:09 - 02121216 _____ (Farbar) C:\Users\AJ\Downloads\FRST64.exe

2014-12-18 14:53 - 2014-12-18 14:53 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\AJ\Downloads\rkill.com

2014-12-18 14:28 - 2014-12-18 15:33 - 00000000 ___DC () C:\FRST

2014-12-18 14:28 - 2014-12-18 14:28 - 18315864 _____ () C:\Users\AJ\Downloads\RogueKillerX64.exe

2014-12-18 14:28 - 2014-12-18 14:28 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-12-18 14:28 - 2014-12-18 14:28 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-12-18 14:10 - 2014-12-18 14:10 - 01142392 _____ () C:\Users\AJ\Downloads\SteamSetup (1).exe

2014-12-18 14:01 - 2014-12-18 14:04 - 00000000 ___DC () C:\AdwCleaner

2014-12-18 14:00 - 2014-12-18 14:01 - 02166272 _____ () C:\Users\AJ\Downloads\AdwCleaner.exe

2014-12-18 13:21 - 2014-12-18 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-18 13:21 - 2014-12-18 14:10 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-12-18 13:21 - 2014-12-18 13:21 - 01142392 _____ () C:\Users\AJ\Downloads\SteamSetup.exe

2014-12-18 13:21 - 2014-12-18 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-12-15 18:51 - 2014-12-15 18:51 - 00004630 _____ () C:\Users\AJ\AppData\Local\recently-used.xbel

2014-12-15 16:48 - 2014-12-15 16:48 - 08941140 _____ () C:\Users\AJ\Downloads\audacity-win-2.0.6 (1).zip

2014-12-15 16:48 - 2014-12-15 16:48 - 00000000 ____D () C:\Users\AJ\Downloads\audacity-win-2.0.6 (1)

2014-12-15 16:43 - 2014-12-15 16:44 - 20546786 _____ () C:\Users\AJ\Downloads\Future City Science Fiction 3D Visual Effects.mp4

2014-12-11 21:39 - 2014-12-11 21:42 - 483929486 _____ () C:\Users\AJ\Downloads\nohomebrew.zip

2014-12-11 17:50 - 2014-12-11 17:55 - 01252032 _____ () C:\Users\AJ\Downloads\Logitech G930 Driver (1).exe

2014-12-11 17:34 - 2014-12-11 17:34 - 01242304 _____ () C:\Users\AJ\Downloads\Logitech G930 Driver.exe

2014-12-11 17:11 - 2014-12-11 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-11 17:10 - 2014-12-11 17:11 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-11 17:10 - 2014-12-11 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-12-11 17:09 - 2014-12-11 17:09 - 01548384 _____ (Skype Technologies S.A.) C:\Users\AJ\Downloads\SkypeSetup.exe

2014-12-10 21:03 - 2014-12-10 21:03 - 00000951 _____ () C:\Users\AJ\Desktop\Open Broadcaster Software.lnk

2014-12-10 21:03 - 2014-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-12-10 20:57 - 2014-12-10 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-12-10 20:56 - 2014-12-10 20:56 - 04030370 _____ ( ) C:\Users\AJ\Downloads\OBS_0452a_Installer.exe

2014-12-10 20:52 - 2014-12-10 20:52 - 08952729 _____ () C:\Users\AJ\Downloads\OBS_0452a_Source.zip

2014-12-10 19:02 - 2014-12-10 19:03 - 00000000 ____D () C:\Program Files\Virtual Audio Cable

2014-12-10 19:02 - 2014-12-10 19:02 - 00110368 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys

2014-12-10 19:02 - 2014-12-10 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable

2014-12-10 19:01 - 2014-12-10 19:01 - 00549492 _____ () C:\Users\AJ\Downloads\vac414.zip

2014-12-10 19:01 - 2014-12-10 19:01 - 00230768 _____ () C:\Users\AJ\Downloads\vac414.exe

2014-12-10 18:04 - 2014-12-14 16:53 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\OBS

2014-12-10 18:02 - 2014-12-10 18:02 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-12-10 18:02 - 2014-12-10 18:02 - 00000000 ____D () C:\Program Files\OBS

2014-12-10 18:01 - 2014-12-10 18:01 - 07518634 _____ () C:\Users\AJ\Downloads\OBS_0_638b_Installer.exe

2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\SplitmediaLabs

2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\ProgramData\SplitMediaLabs

2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs

2014-12-10 16:38 - 2014-12-10 16:38 - 63146232 _____ (SplitmediaLabs) C:\Users\AJ\Downloads\xsplit_gc_installer.exe

2014-12-10 01:59 - 2014-11-09 19:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll

2014-12-10 01:59 - 2014-11-09 18:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-10 01:59 - 2014-10-30 16:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-12-10 01:59 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-12-10 01:47 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 01:47 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 01:47 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 01:47 - 2014-11-21 19:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-12-10 01:47 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 01:47 - 2014-11-21 19:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-12-10 01:47 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 01:47 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 01:47 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 01:47 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 01:47 - 2014-11-21 19:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-12-10 01:47 - 2014-11-21 19:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-12-10 01:47 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 01:47 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 01:47 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 01:47 - 2014-11-21 18:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2014-12-10 01:47 - 2014-11-21 18:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-12-10 01:47 - 2014-11-21 18:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-12-10 01:47 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 01:47 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 01:47 - 2014-11-21 18:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 01:47 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 01:47 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 01:47 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 01:47 - 2014-11-21 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-12-10 01:47 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 01:47 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 01:47 - 2014-11-21 18:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2014-12-10 01:47 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 01:47 - 2014-11-21 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-12-10 01:47 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 01:47 - 2014-11-21 18:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 01:47 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 01:47 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 01:47 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 01:47 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 01:47 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 01:47 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 01:47 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 01:47 - 2014-11-06 21:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 01:47 - 2014-11-06 20:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 01:47 - 2014-10-31 16:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll

2014-12-10 01:47 - 2014-10-31 16:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll

2014-12-10 01:47 - 2014-10-12 19:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2014-12-10 01:47 - 2014-10-12 19:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2014-12-10 01:47 - 2014-10-12 19:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys

2014-12-10 01:47 - 2014-10-12 19:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys

2014-11-30 22:25 - 2014-11-30 22:27 - 54882588 _____ () C:\Users\AJ\Downloads\The Legend of Zelda Wii U Gameplay Trailer E3 2014 Nintendo Digital Event.mp4

2014-11-30 22:04 - 2014-11-30 22:04 - 00000000 ____D () C:\Users\AJ\Downloads\audacity-win-2.0.6

2014-11-30 22:02 - 2014-11-30 22:03 - 08941140 _____ () C:\Users\AJ\Downloads\audacity-win-2.0.6.zip

2014-11-30 16:06 - 2014-11-30 16:06 - 00625685 _____ () C:\Users\AJ\Downloads\cardboard_design_v1.0.zip

2014-11-30 13:27 - 2014-11-30 13:29 - 81612822 _____ () C:\Users\AJ\Downloads\Mario Kart 8 - Luigi -Death Stare- Compilation.mp4

2014-11-30 13:24 - 2014-11-30 13:26 - 55231577 _____ () C:\Users\AJ\Downloads\videoplayback

2014-11-24 22:38 - 2014-11-24 22:38 - 00002140 _____ () C:\Users\Public\Desktop\ArcSoft ShowBiz (Video Editor).lnk

2014-11-24 22:38 - 2014-11-24 22:38 - 00000393 _____ () C:\Windows\SysWOW64\deleteme.log

2014-11-24 22:37 - 2014-11-24 22:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-24 22:37 - 2007-04-19 09:39 - 00256768 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll

2014-11-24 22:37 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

2014-11-24 22:37 - 2005-05-28 06:58 - 00393216 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll

2014-11-24 22:36 - 2014-12-15 21:45 - 00000000 ____D () C:\Users\Public\Hauppauge Capture

2014-11-24 22:36 - 2014-11-24 22:38 - 00000000 ____D () C:\ProgramData\Hauppauge

2014-11-24 22:36 - 2014-11-24 22:36 - 00002108 _____ () C:\Users\Public\Desktop\Hauppauge Capture.lnk

2014-11-24 22:36 - 2008-06-30 09:02 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2014-11-24 22:31 - 2014-11-24 22:35 - 279021056 _____ () C:\Users\AJ\Downloads\hauppaugecapture_1_0_31351_full (1).exe

2014-11-24 21:23 - 2014-11-24 21:23 - 05890416 _____ () C:\Users\AJ\Downloads\hdpvr2_driver_1_5_32118.exe

2014-11-23 22:40 - 2014-12-18 14:44 - 01134307 _____ () C:\Windows\WindowsUpdate.log

2014-11-23 18:44 - 2014-12-15 20:11 - 00338432 ___SH () C:\Users\AJ\Desktop\Thumbs.db

2014-11-23 18:36 - 2014-11-23 18:36 - 02395584 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer (2).mp4

2014-11-23 18:36 - 2014-11-23 18:36 - 02395584 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer (1).mp4

2014-11-23 18:26 - 2014-11-23 18:27 - 121823676 _____ () C:\Users\AJ\Downloads\Legend of Zelda- Skyward Sword - The Triforce and the Ancient Seal [HD].mp4

2014-11-23 18:25 - 2014-11-23 18:25 - 01722610 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer.flv

2014-11-23 15:27 - 2014-11-23 16:43 - 1162385682 _____ () C:\Users\AJ\Downloads\The Legend of Zelda - The Wind Waker.rar

2014-11-23 15:15 - 2012-10-08 21:30 - 00000000 ____D () C:\Users\AJ\Documents\The_Legend_Of_Zelda_The_Wind_Waker_USA_NGC-STARCUBE

2014-11-22 12:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2014-11-21 17:11 - 2007-06-27 21:11 - 00192512 _____ () C:\Users\AJ\Desktop\TakeControl.exe

2014-11-21 17:10 - 2014-11-21 17:10 - 00171479 _____ () C:\Users\AJ\Downloads\TakeControlb2 (2).zip

2014-11-21 16:15 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-21 16:15 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-21 16:15 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-21 16:15 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-19 16:56 - 2014-11-19 16:56 - 00000000 ____D () C:\aa3641d017bdac51bd30d9

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-18 15:32 - 2014-10-19 21:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-18 15:29 - 2013-12-24 10:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1042700968-1541978006-1148080477-1001

2014-12-18 15:26 - 2014-07-06 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-18 15:10 - 2013-12-24 12:32 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Skype

2014-12-18 15:00 - 2014-02-21 23:59 - 00565248 ___SH () C:\Users\AJ\Downloads\Thumbs.db

2014-12-18 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru

2014-12-18 14:11 - 2013-12-24 10:28 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-18 14:08 - 2014-11-06 12:05 - 00000000 ___HD () C:\a

2014-12-18 14:08 - 2014-10-19 21:21 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-18 14:08 - 2014-01-30 20:13 - 00000000 ____D () C:\Users\AJ\AppData\Local\Adobe

2014-12-18 14:07 - 2014-05-10 13:07 - 00000000 __RDO () C:\Users\AJ\SkyDrive

2014-12-18 14:05 - 2014-06-25 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-18 14:05 - 2013-12-24 10:22 - 00056024 _____ () C:\Windows\PFRO.log

2014-12-18 14:05 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-18 14:04 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-12-18 13:15 - 2014-11-15 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-18 05:07 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-12-18 03:35 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-12-15 21:34 - 2014-01-11 11:03 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Audacity

2014-12-15 21:33 - 2014-01-11 19:14 - 00000000 ____D () C:\Users\AJ\.gimp-2.8

2014-12-15 18:51 - 2014-02-24 19:49 - 00000000 ____D () C:\Users\AJ\AppData\Local\gtk-2.0

2014-12-14 12:20 - 2014-11-14 19:33 - 00001133 _____ () C:\Windows\setupact.log

2014-12-13 13:51 - 2014-02-21 23:56 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\vlc

2014-12-12 03:57 - 2013-12-24 10:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-12 03:50 - 2013-12-24 10:49 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-11 17:59 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\AJ\Desktop\Wonders Await Within

2014-12-11 17:42 - 2013-12-24 10:31 - 00000000 ____D () C:\Users\AJ

2014-12-11 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS

2014-12-11 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS

2014-12-11 17:38 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 17:10 - 2014-01-25 13:16 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-12-11 17:10 - 2013-12-24 11:18 - 00000000 ____D () C:\ProgramData\Skype

2014-12-11 16:17 - 2014-01-25 13:17 - 00000000 ____D () C:\Users\AJ\AppData\Local\Paint.NET

2014-12-09 11:26 - 2014-07-06 14:22 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-26 14:10 - 2014-10-18 19:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-26 14:10 - 2014-10-18 19:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-24 22:38 - 2014-01-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge

2014-11-24 22:37 - 2014-01-12 16:52 - 00000000 ____D () C:\Program Files (x86)\ArcSoft

2014-11-24 22:36 - 2014-01-12 16:48 - 00004671 _____ () C:\Windows\HCWPNP.INI

2014-11-24 22:36 - 2014-01-12 16:00 - 00004521 ____C () C:\hcwDriverInstall.txt

2014-11-24 22:36 - 2014-01-12 15:40 - 00000000 ____D () C:\Program Files (x86)\Hauppauge

2014-11-24 22:34 - 2014-01-12 16:00 - 00002127 _____ () C:\Users\Public\Desktop\Hauppauge Personal Logo inserter.lnk

2014-11-23 20:45 - 2014-01-25 12:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-11-23 19:55 - 2014-02-06 23:15 - 00000000 ____D () C:\Windows\Minidump

2014-11-22 12:18 - 2013-12-25 09:24 - 00281156 _____ () C:\Windows\DirectX.log

2014-11-19 16:55 - 2014-11-16 17:19 - 00002312 _____ () C:\Users\AJ\Desktop\Google Chrome.lnk

 

Some content of TEMP:

====================

C:\Users\AJ\AppData\Local\Temp\32E6C7e1.exe

C:\Users\AJ\AppData\Local\Temp\46f3DcFbB4.exe

C:\Users\AJ\AppData\Local\Temp\dllnt_dump.dll

C:\Users\AJ\AppData\Local\Temp\hcwclear.exe

C:\Users\AJ\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\AJ\AppData\Local\Temp\Quarantine.exe

C:\Users\AJ\AppData\Local\Temp\SearchProtectionSetup.exe

C:\Users\AJ\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-13 03:06

 

==================== End Of Log ============================

 

And here is the addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014

Ran by AJ at 2014-12-18 15:33:51

Running from C:\Users\AJ\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)

Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Chrome Launcher (HKLM-x32\...\{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}) (Version: 1.0.0 - TopTab)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)

DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)

Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)

Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)

Elite Unzip (HKLM-x32\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION

EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)

FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Free Sound Recorder v10.0.4 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.31351 - Hauppauge Computer Works)

Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.31349 - Hauppauge Computer Works, Inc.)

Hauppauge StreamEez (HKLM-x32\...\Hauppauge StreamEez) (Version: 1.0.31029 - Hauppauge Computer Works, Inc.)

Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)

iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)

Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)

NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Open Broadcaster Software version 0.452a (HKLM-x32\...\{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1) (Version: 0.452a - )

Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)

Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)

resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)

Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)

Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version:  - )

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)

Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

Unity (HKLM-x32\...\Unity) (Version: 4.5.4f1 - Unity Technologies ApS)

Unity Web Player (HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)

Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)

Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

XSplit Gamecaster (HKLM-x32\...\{8780DFA8-7E56-43B1-93DB-FE001F8290D7}) (Version: 2.0.1411.2413 - SplitmediaLabs)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

23-11-2014 20:37:42 Removed ShowBiz

24-11-2014 22:36:52 Installed ShowBiz

10-12-2014 03:29:47 Windows Update

18-12-2014 14:35:22 BEFORE ROUGEKILLER

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {03185193-1CA8-4062-AF70-3659B87FD01F} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe

Task: {1B12C085-26A6-49B5-B656-9FBE2B3AE0EB} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {1EE7E4C7-C334-452C-B2F3-FFF524C6AFF0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-Jagwa36@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {2EB01A71-07F3-43BC-9C52-58C59956F7EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)

Task: {37A44558-E85F-4F91-A825-ACB6169E5306} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\updater.exe

Task: {39ECB8AA-B4C9-458A-9193-E9BD813FBD0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {3F3335A5-ECDD-4C36-B5C0-294796DA6D60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)

Task: {49DE5AB9-C326-496A-A672-BDAE5B521276} - \PastaQuotes No Task File <==== ATTENTION

Task: {5829697A-514E-48DD-82CD-CF8E0ACE7026} - System32\Tasks\{0E2DFA2A-9B75-4388-BFD3-A5AC7A07E981} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Mass Effect\runme.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Mass Effect"

Task: {6450311F-29A3-40E4-A9C0-EA3DD63298DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)

Task: {7E1003B7-7A16-4D45-9A34-AC5BA53C5258} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\WarningPopUp.exe

Task: {87802EB2-D08B-4655-8582-E969D1D064C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {AD6C8032-5CBE-424A-9E39-5B13D3D12C7A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-12] (Microsoft Corporation)

Task: {E906F88E-B2DF-4635-929A-2EB86EE5CC4C} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

Task: {ECF37F86-2F18-4C8D-B7AF-29365A9A30BF} - System32\Tasks\{2C4821E6-7933-454D-9DA1-62EF2B301F04} => pcalua.exe -a "C:\Users\AJ\Downloads\Xbox360_64Eng (1).exe" -d C:\Users\AJ\Downloads

Task: {F4A49CCB-069F-4104-ABBC-4A5D2C61F02D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {FBB12DCD-1FE2-4D7A-9367-C606041D9146} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-06-25 15:43 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-10 16:03 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-03-15 01:00 - 2014-03-15 01:00 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2014-11-15 09:51 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-10-01 22:06 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll

2014-11-06 12:05 - 2014-10-27 01:06 - 00007168 _____ () C:\a\internetport3.exe

2014-02-18 17:03 - 2014-02-18 17:03 - 04697968 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

2014-10-01 22:06 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll

2014-10-01 22:06 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

2014-12-11 22:33 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 22:33 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-11 22:33 - 2014-12-05 18:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

2014-11-16 16:17 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\AJ\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-11-16 16:17 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\AJ\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\AJ\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\AJ\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\AJ\SkyDrive (3).old:ms-properties

AlternateDataStreams: C:\Users\AJ\SkyDrive.old:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36644605.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36644605.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "NvBackend"

HKLM\...\StartupApproved\Run: => "Nvtmru"

HKLM\...\StartupApproved\Run: => "XboxStat"

HKLM\...\StartupApproved\Run32: => "dnsshield"

HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1042700968-1541978006-1148080477-500 - Administrator - Disabled)

AJ (S-1-5-21-1042700968-1541978006-1148080477-1001 - Administrator - Enabled) => C:\Users\AJ

Guest (S-1-5-21-1042700968-1541978006-1148080477-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1042700968-1541978006-1148080477-1003 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: G:\

Description: MS/MS-PRO       

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFWpdFs

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: H:\

Description: xD-Picture      

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFWpdFs

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: E:\

Description: Compact Flash   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFWpdFs

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: F:\

Description: SD/MMC          

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFWpdFs

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/18/2014 02:10:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Error: Failed to poke open firewall

 

Error: (12/18/2014 01:21:34 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Error: Failed to poke open firewall

 

Error: (12/18/2014 03:41:28 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/18/2014 03:35:47 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/16/2014 04:49:03 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/15/2014 09:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HauppaugeCapture.exe, version: 1.0.0.0, time stamp: 0x52af907d

Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460

Exception code: 0x0eedfade

Fault offset: 0x00012f71

Faulting process id: 0x320

Faulting application start time: 0xHauppaugeCapture.exe0

Faulting application path: HauppaugeCapture.exe1

Faulting module path: HauppaugeCapture.exe2

Report Id: HauppaugeCapture.exe3

Faulting package full name: HauppaugeCapture.exe4

Faulting package-relative application ID: HauppaugeCapture.exe5

 

Error: (12/15/2014 09:45:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: HauppaugeCapture.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: exception code eedfade, exception address 77462F71

 

Error: (12/15/2014 06:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe

Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69

Exception code: 0xc000027b

Fault offset: 0x00000000000547ac

Faulting process id: 0x8ec

Faulting application start time: 0xPhotosApp.exe0

Faulting application path: PhotosApp.exe1

Faulting module path: PhotosApp.exe2

Report Id: PhotosApp.exe3

Faulting package full name: PhotosApp.exe4

Faulting package-relative application ID: PhotosApp.exe5

 

Error: (12/15/2014 05:25:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe

Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17238, time stamp: 0x53d0d45c

Exception code: 0xc000027b

Fault offset: 0x000000000084a6f2

Faulting process id: 0xeb4

Faulting application start time: 0xPhotosApp.exe0

Faulting application path: PhotosApp.exe1

Faulting module path: PhotosApp.exe2

Report Id: PhotosApp.exe3

Faulting package full name: PhotosApp.exe4

Faulting package-relative application ID: PhotosApp.exe5

 

Error: (12/15/2014 05:24:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe

Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17238, time stamp: 0x53d0d45c

Exception code: 0xc000027b

Fault offset: 0x000000000084a6f2

Faulting process id: 0xb00

Faulting application start time: 0xPhotosApp.exe0

Faulting application path: PhotosApp.exe1

Faulting module path: PhotosApp.exe2

Report Id: PhotosApp.exe3

Faulting package full name: PhotosApp.exe4

Faulting package-relative application ID: PhotosApp.exe5

 

 

System errors:

=============

Error: (12/18/2014 02:05:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 

%%2

 

Error: (12/18/2014 02:05:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The YouTube Downloader Services (P2) service failed to start due to the following error: 

%%2

 

Error: (12/18/2014 02:05:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Apple Mobile Device service failed to start due to the following error: 

%%2

 

Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 

%%1069

 

Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1069

 

Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1069

 

Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (12/18/2014 02:04:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Virtual Network (WVN3) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/18/2014 02:04:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

Error: (12/18/2014 02:10:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Failed to poke open firewall

 

Error: (12/18/2014 01:21:34 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Failed to poke open firewall

 

Error: (12/18/2014 03:41:28 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

 

Error: (12/18/2014 03:35:47 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

 

Error: (12/16/2014 04:49:03 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

 

Error: (12/15/2014 09:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: HauppaugeCapture.exe1.0.0.052af907dKERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f7132001d017dd6bd5447bC:\Program Files (x86)\Hauppauge\Capture\HauppaugeCapture.exeC:\Windows\SYSTEM32\KERNELBASE.dll63b724a5-84de-11e4-82bd-60a44cec143f

 

Error: (12/15/2014 09:45:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: HauppaugeCapture.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: exception code eedfade, exception address 77462F71

 

Error: (12/15/2014 06:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192fetwinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac8ec01d018c711882f0aC:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\twinapi.appcore.dll8936d9e0-84c3-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

 

Error: (12/15/2014 05:25:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192feWindows.UI.Xaml.dll6.3.9600.1723853d0d45cc000027b000000000084a6f2eb401d018c6b8b5d1bfC:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dll06de6c88-84ba-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

 

Error: (12/15/2014 05:24:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192feWindows.UI.Xaml.dll6.3.9600.1723853d0d45cc000027b000000000084a6f2b0001d018c6ab8b1bb3C:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dllf199c327-84b9-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-22 04:24:17.342

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:17.280

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:17.201

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:17.108

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:17.045

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:16.967

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:16.764

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:16.701

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:16.623

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-22 04:24:11.995

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-3570K CPU @ 3.40GHz

Percentage of memory in use: 40%

Total physical RAM: 8144.13 MB

Available physical RAM: 4874.21 MB

Total Pagefile: 15824.13 MB

Available Pagefile: 13172.22 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:339.73 GB) NTFS

Drive d: (CD-HDPVR2-V1.6-A) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF1EC154)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

[RPMcMurphy]

Hello and welcome.  Please follow these guidelines while we work on your PC:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKLM-x32\...\Run: [autoauto] => 80169954.batHKU\S-1-5-21-1042700968-1541978006-1148080477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [HKLM] => ProxyEnable is set.ProxyEnable: [HKLM-x32] => ProxyEnable is set.ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800ProxyEnable: [S-1-5-21-1042700968-1541978006-1148080477-1001] => Internet Explorer proxy is enabled.ProxyServer: [S-1-5-21-1042700968-1541978006-1148080477-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877C:\Users\AJ\AppData\Local\Temp\32E6C7e1.exeC:\Users\AJ\AppData\Local\Temp\46f3DcFbB4.exeEmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) please post it to your reply.

[Jagwa]

Ok, that certainly did something. The programs that were not working before seem to be able to connect to the internet. However; it looks like chrome is being weird now because it only wants to connect to certain sites. Attached is the fixlog.txt.

 

Thanks for helping! What should I do now?

Fixlog.txt

[RPMcMurphy]

Good!  Please do this next:

  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
• When finished, it will produce a report for you.

.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

• ComboFix log

[Jagwa]

When I try to download ComboFix I get this message...

 

"This operating system is not supported!

ComboFix only runs on:

 

*Windows XP (32 bit)

*Windows Vista (32/64 bit)

*Windows 7 (32/64 bit)

*Windows 8 (32/64 bit)

 

Windows 2000 is no longer supported."

 

This is strange because I have Windows 8 (64 bit). What should I do?

[RPMcMurphy]

Please do this while I look into that:

 

 Open Malwarebytes AntiMalware (MBAM)

 

• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.

• 'Could not load DDA driver'

• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.

• Click on the History tab > Application Logs.

• Double click on the scan log which shows the Date and time of the scan just performed.

• Click 'Copy to Clipboard'

• Paste the contents of the clipboard into your reply.

 

Please include the following in your next post:

• MBAM log

[Jagwa]

Alright here is the MBAM log.

MBAM log.txt

[RPMcMurphy]

How is your computer running now?  Please do this next:

  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version and remove any older, insecure versions.
  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:

• How is your computer running now?
• ESET log

[Jagwa]

Computer is working a lot better. At some point during this last step chrome has become able to connect to the internet again. Other programs are looking good too.

 

Here is the ESET log you asked for. Is there any more clean up to do?

ESET log.txt

[Jagwa]

Computer is working a lot better. At some point during this last step chrome has become able to connect to the internet again.

Er...maybe not. Chrome is only working half of the time. I can connect to the internet on it, but some sites give me the "unable to connect to proxy" error. Very strange...

[RPMcMurphy]

Most of those ESET detections are in your backups.  Once we are done, I'd delete any existing backups and make fresh ones.  Please do this next:

   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Users\All Users\Optimizer\program\winapp_Test002.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) please post it to your reply.

Run another scan with FRST for me and post the new log

Please include the following in your next post:

• fixlog.txt report
• FRST log

[Jagwa]

Okedokey, I did the fix and the scan here is what I got.

 

I'll remember to delete my backups once you give me the ok.

Fixlog.txt

FRST.txt

[RPMcMurphy]

Is that only occurring in Chrome, or are all of your browsers acting up?  Please do this next:

   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No FileCHR HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) please post it to your reply.

[Jagwa]

Well when this all started everything was down. After reading a bunch of information online I thought I solved the problem after diving into the registry. Chrome was working fine so I thought I got rid of the problem, but after starting some other programs I noticed I had only managed to free Chrome from the issue. As of right now all my programs are working great except for Chrome which seems to randomly decide some sites can't be reached due to the proxy error. Except for sometimes if I try to get to the site through Google, instead of just typing it in the search bar, I can reach the website. It's really weird I've never seen anything like this. 

 

Anyway, the fixlog is attached.

Fixlog.txt

[RPMcMurphy]

I don't see anything in your logs that would account for those issues, but if you were making changes in your registry our tools would not necessarily detect those.  I'd recommend completely uninstalling and re-installing Chrome.  I have some other important housekeeping for you to take care of also, as I see no remaining malware in your logs:

 

  Uninstall ComboFix

• Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
  Combofix /Uninstall

  Download OTC to your desktop and run it

• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
• Manually delete any remaining logs or tools from our fixes

  Double click on AdwCleaner.exe to run the tool again.

• Click on the Uninstall button.
• Click Yes when asked are you sure you want to uninstall.
• Both AdwCleaner.exe, its folder and all logs will be removed.

  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
• Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
• Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

[Jagwa]

After uninstalling and re-installing Chrome, things appear to be working again.

 

I'm all set. Thanks for all your help!

[RPMcMurphy]

You're welcome.  Happy New Year!

[Jagwa]

Er guess not...

 

The computer was working great for two days, but the problem has showed back up today... 

 

After a restart the original issue resurfaced pretty much how we started. All programs that need to connect to the internet give me a proxy error. This time however I can click on or even completely change the settings. It's not grayed out like it was last time, but if I close the window with the settings the proxy shows back up.

 

Sorry for the false all clear. It seemed to be completely clean. I don't know what I could have done to make it reappear. I hope you can still see this, if not I can probably just make a new thread. Thanks again for all your help.

[Jagwa]

Also, I'll be going hunting with my family for the next 3 or 4 days so I will not be active for a little bit of time. Sorry about that.

[RPMcMurphy]

No worries.  Enjoy your trip and when you get back we will have to start from scratch.  Once you are ready to go, do this:

 

   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Jagwa]

Whew. Glad you're still there. Attached are the files I got from FRST.

Addition.txt

FRST.txt

[RPMcMurphy]

Sorry for the delay.  Please do this:

   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONEmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) please post it to your reply.

  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
• When finished, it will produce a report for you.

.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

• fixlog.txt report
• ComboFix log

[Jagwa]

I attached the fixlog, but combofix still thinks i'm running an older version of windows even after updating java.

Fixlog.txt

[RPMcMurphy]

Sorry for the delay again.  I’m having issues with my notifications.  Please do this:

   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]C:\Program Files (x86)\Windows Network Acceleraterreg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /freg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) please post it to your reply.

  Please include the following in your next post:

• fixlog.txt report

[Jagwa]

No problem. I've attached the fixlog.

Fixlog.txt