Jump to content

Painful Proxy Problem 127.0.0.1;8800


Jagwa
 Share

Recommended Posts

So about two months ago I accidentally downloaded some malware. I recognized it as soon as it started downloading and deleted it before it could install completely, but it did manage to change some of my settings. The most noticeable change was that it forced me to use a proxy (127.0.0.1;8800) and did not allow me to change it. The sliders and check boxes that normally would help me disable the proxy are just grayed out. It says some settings are managed by my administrator. I managed to get Chrome working again after digging through regedit, but I still notice a few of my programs (Internet Explorer, Steam, etc.) can not connect to the internet. Any advice?

 

Here is what FRST had to say:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by AJ (administrator) on JAGWA on 18-12-2014 15:33:21
Running from C:\Users\AJ\Downloads
Loaded Profile: AJ (Available profiles: AJ)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: "https://www.youtube.com/feed/subscriptions"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (Adblock Plus) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-22]
CHR Extension: (Bing) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [394512 2013-12-16] (Hauppauge Computer Works, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 Hamachi2Svc; C:\hamachi-2.exe -s [X]
S2 YouTubeDownload_P2; C:\Program Files (x86)\YouTube Downloader Services\P2\youtubeserv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [968792 2013-11-04] (Hauppauge Computer Work, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 15:33 - 2014-12-18 15:33 - 00020249 _____ () C:\Users\AJ\Downloads\FRST.txt
2014-12-18 15:09 - 2014-12-18 15:09 - 02121216 _____ (Farbar) C:\Users\AJ\Downloads\FRST64.exe
2014-12-18 14:53 - 2014-12-18 14:53 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\AJ\Downloads\rkill.com
2014-12-18 14:28 - 2014-12-18 15:33 - 00000000 ___DC () C:\FRST
2014-12-18 14:28 - 2014-12-18 14:28 - 18315864 _____ () C:\Users\AJ\Downloads\RogueKillerX64.exe
2014-12-18 14:28 - 2014-12-18 14:28 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-18 14:28 - 2014-12-18 14:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-18 14:10 - 2014-12-18 14:10 - 01142392 _____ () C:\Users\AJ\Downloads\SteamSetup (1).exe
2014-12-18 14:01 - 2014-12-18 14:04 - 00000000 ___DC () C:\AdwCleaner
2014-12-18 14:00 - 2014-12-18 14:01 - 02166272 _____ () C:\Users\AJ\Downloads\AdwCleaner.exe
2014-12-18 13:21 - 2014-12-18 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-18 13:21 - 2014-12-18 14:10 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-18 13:21 - 2014-12-18 13:21 - 01142392 _____ () C:\Users\AJ\Downloads\SteamSetup.exe
2014-12-18 13:21 - 2014-12-18 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-15 18:51 - 2014-12-15 18:51 - 00004630 _____ () C:\Users\AJ\AppData\Local\recently-used.xbel
2014-12-15 16:48 - 2014-12-15 16:48 - 08941140 _____ () C:\Users\AJ\Downloads\audacity-win-2.0.6 (1).zip
2014-12-15 16:48 - 2014-12-15 16:48 - 00000000 ____D () C:\Users\AJ\Downloads\audacity-win-2.0.6 (1)
2014-12-15 16:43 - 2014-12-15 16:44 - 20546786 _____ () C:\Users\AJ\Downloads\Future City Science Fiction 3D Visual Effects.mp4
2014-12-11 21:39 - 2014-12-11 21:42 - 483929486 _____ () C:\Users\AJ\Downloads\nohomebrew.zip
2014-12-11 17:50 - 2014-12-11 17:55 - 01252032 _____ () C:\Users\AJ\Downloads\Logitech G930 Driver (1).exe
2014-12-11 17:34 - 2014-12-11 17:34 - 01242304 _____ () C:\Users\AJ\Downloads\Logitech G930 Driver.exe
2014-12-11 17:11 - 2014-12-11 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 17:10 - 2014-12-11 17:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-11 17:10 - 2014-12-11 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-11 17:09 - 2014-12-11 17:09 - 01548384 _____ (Skype Technologies S.A.) C:\Users\AJ\Downloads\SkypeSetup.exe
2014-12-10 21:03 - 2014-12-10 21:03 - 00000951 _____ () C:\Users\AJ\Desktop\Open Broadcaster Software.lnk
2014-12-10 21:03 - 2014-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-10 20:57 - 2014-12-10 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-10 20:56 - 2014-12-10 20:56 - 04030370 _____ ( ) C:\Users\AJ\Downloads\OBS_0452a_Installer.exe
2014-12-10 20:52 - 2014-12-10 20:52 - 08952729 _____ () C:\Users\AJ\Downloads\OBS_0452a_Source.zip
2014-12-10 19:02 - 2014-12-10 19:03 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-12-10 19:02 - 2014-12-10 19:02 - 00110368 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-12-10 19:02 - 2014-12-10 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-12-10 19:01 - 2014-12-10 19:01 - 00549492 _____ () C:\Users\AJ\Downloads\vac414.zip
2014-12-10 19:01 - 2014-12-10 19:01 - 00230768 _____ () C:\Users\AJ\Downloads\vac414.exe
2014-12-10 18:04 - 2014-12-14 16:53 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\OBS
2014-12-10 18:02 - 2014-12-10 18:02 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-10 18:02 - 2014-12-10 18:02 - 00000000 ____D () C:\Program Files\OBS
2014-12-10 18:01 - 2014-12-10 18:01 - 07518634 _____ () C:\Users\AJ\Downloads\OBS_0_638b_Installer.exe
2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\SplitmediaLabs
2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-12-10 16:39 - 2014-12-10 16:39 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs
2014-12-10 16:38 - 2014-12-10 16:38 - 63146232 _____ (SplitmediaLabs) C:\Users\AJ\Downloads\xsplit_gc_installer.exe
2014-12-10 01:59 - 2014-11-09 19:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 01:59 - 2014-11-09 18:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 01:59 - 2014-10-30 16:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 01:59 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 01:47 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 01:47 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 01:47 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 01:47 - 2014-11-21 19:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 01:47 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 01:47 - 2014-11-21 19:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 01:47 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 01:47 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 01:47 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 01:47 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 01:47 - 2014-11-21 19:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 01:47 - 2014-11-21 19:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 01:47 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 01:47 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:47 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 01:47 - 2014-11-21 18:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 01:47 - 2014-11-21 18:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 01:47 - 2014-11-21 18:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 01:47 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 01:47 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 01:47 - 2014-11-21 18:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 01:47 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 01:47 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 01:47 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 01:47 - 2014-11-21 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 01:47 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 01:47 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 01:47 - 2014-11-21 18:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 01:47 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 01:47 - 2014-11-21 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 01:47 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 01:47 - 2014-11-21 18:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 01:47 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 01:47 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 01:47 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 01:47 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 01:47 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 01:47 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 01:47 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 01:47 - 2014-11-06 21:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 01:47 - 2014-11-06 20:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:47 - 2014-10-31 16:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 01:47 - 2014-10-31 16:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 01:47 - 2014-10-12 19:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 01:47 - 2014-10-12 19:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 01:47 - 2014-10-12 19:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 01:47 - 2014-10-12 19:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-11-30 22:25 - 2014-11-30 22:27 - 54882588 _____ () C:\Users\AJ\Downloads\The Legend of Zelda Wii U Gameplay Trailer E3 2014 Nintendo Digital Event.mp4
2014-11-30 22:04 - 2014-11-30 22:04 - 00000000 ____D () C:\Users\AJ\Downloads\audacity-win-2.0.6
2014-11-30 22:02 - 2014-11-30 22:03 - 08941140 _____ () C:\Users\AJ\Downloads\audacity-win-2.0.6.zip
2014-11-30 16:06 - 2014-11-30 16:06 - 00625685 _____ () C:\Users\AJ\Downloads\cardboard_design_v1.0.zip
2014-11-30 13:27 - 2014-11-30 13:29 - 81612822 _____ () C:\Users\AJ\Downloads\Mario Kart 8 - Luigi -Death Stare- Compilation.mp4
2014-11-30 13:24 - 2014-11-30 13:26 - 55231577 _____ () C:\Users\AJ\Downloads\videoplayback
2014-11-24 22:38 - 2014-11-24 22:38 - 00002140 _____ () C:\Users\Public\Desktop\ArcSoft ShowBiz (Video Editor).lnk
2014-11-24 22:38 - 2014-11-24 22:38 - 00000393 _____ () C:\Windows\SysWOW64\deleteme.log
2014-11-24 22:37 - 2014-11-24 22:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-24 22:37 - 2007-04-19 09:39 - 00256768 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll
2014-11-24 22:37 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-11-24 22:37 - 2005-05-28 06:58 - 00393216 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll
2014-11-24 22:36 - 2014-12-15 21:45 - 00000000 ____D () C:\Users\Public\Hauppauge Capture
2014-11-24 22:36 - 2014-11-24 22:38 - 00000000 ____D () C:\ProgramData\Hauppauge
2014-11-24 22:36 - 2014-11-24 22:36 - 00002108 _____ () C:\Users\Public\Desktop\Hauppauge Capture.lnk
2014-11-24 22:36 - 2008-06-30 09:02 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-11-24 22:31 - 2014-11-24 22:35 - 279021056 _____ () C:\Users\AJ\Downloads\hauppaugecapture_1_0_31351_full (1).exe
2014-11-24 21:23 - 2014-11-24 21:23 - 05890416 _____ () C:\Users\AJ\Downloads\hdpvr2_driver_1_5_32118.exe
2014-11-23 22:40 - 2014-12-18 14:44 - 01134307 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 18:44 - 2014-12-15 20:11 - 00338432 ___SH () C:\Users\AJ\Desktop\Thumbs.db
2014-11-23 18:36 - 2014-11-23 18:36 - 02395584 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer (2).mp4
2014-11-23 18:36 - 2014-11-23 18:36 - 02395584 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer (1).mp4
2014-11-23 18:26 - 2014-11-23 18:27 - 121823676 _____ () C:\Users\AJ\Downloads\Legend of Zelda- Skyward Sword - The Triforce and the Ancient Seal [HD].mp4
2014-11-23 18:25 - 2014-11-23 18:25 - 01722610 _____ () C:\Users\AJ\Downloads\Punch-Out!! (Wii) Debut Trailer.flv
2014-11-23 15:27 - 2014-11-23 16:43 - 1162385682 _____ () C:\Users\AJ\Downloads\The Legend of Zelda - The Wind Waker.rar
2014-11-23 15:15 - 2012-10-08 21:30 - 00000000 ____D () C:\Users\AJ\Documents\The_Legend_Of_Zelda_The_Wind_Waker_USA_NGC-STARCUBE
2014-11-22 12:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-11-21 17:11 - 2007-06-27 21:11 - 00192512 _____ () C:\Users\AJ\Desktop\TakeControl.exe
2014-11-21 17:10 - 2014-11-21 17:10 - 00171479 _____ () C:\Users\AJ\Downloads\TakeControlb2 (2).zip
2014-11-21 16:15 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 16:15 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 16:15 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 16:15 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 16:56 - 2014-11-19 16:56 - 00000000 ____D () C:\aa3641d017bdac51bd30d9
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 15:32 - 2014-10-19 21:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 15:29 - 2013-12-24 10:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1042700968-1541978006-1148080477-1001
2014-12-18 15:26 - 2014-07-06 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 15:10 - 2013-12-24 12:32 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Skype
2014-12-18 15:00 - 2014-02-21 23:59 - 00565248 ___SH () C:\Users\AJ\Downloads\Thumbs.db
2014-12-18 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-18 14:11 - 2013-12-24 10:28 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 14:08 - 2014-11-06 12:05 - 00000000 ___HD () C:\a
2014-12-18 14:08 - 2014-10-19 21:21 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-18 14:08 - 2014-01-30 20:13 - 00000000 ____D () C:\Users\AJ\AppData\Local\Adobe
2014-12-18 14:07 - 2014-05-10 13:07 - 00000000 __RDO () C:\Users\AJ\SkyDrive
2014-12-18 14:05 - 2014-06-25 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-18 14:05 - 2013-12-24 10:22 - 00056024 _____ () C:\Windows\PFRO.log
2014-12-18 14:05 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 14:04 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-18 13:15 - 2014-11-15 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 05:07 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 03:35 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-15 21:34 - 2014-01-11 11:03 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Audacity
2014-12-15 21:33 - 2014-01-11 19:14 - 00000000 ____D () C:\Users\AJ\.gimp-2.8
2014-12-15 18:51 - 2014-02-24 19:49 - 00000000 ____D () C:\Users\AJ\AppData\Local\gtk-2.0
2014-12-14 12:20 - 2014-11-14 19:33 - 00001133 _____ () C:\Windows\setupact.log
2014-12-13 13:51 - 2014-02-21 23:56 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\vlc
2014-12-12 03:57 - 2013-12-24 10:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:50 - 2013-12-24 10:49 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 17:59 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\AJ\Desktop\Wonders Await Within
2014-12-11 17:42 - 2013-12-24 10:31 - 00000000 ____D () C:\Users\AJ
2014-12-11 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-11 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-11 17:38 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 17:10 - 2014-01-25 13:16 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-11 17:10 - 2013-12-24 11:18 - 00000000 ____D () C:\ProgramData\Skype
2014-12-11 16:17 - 2014-01-25 13:17 - 00000000 ____D () C:\Users\AJ\AppData\Local\Paint.NET
2014-12-09 11:26 - 2014-07-06 14:22 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 14:10 - 2014-10-18 19:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 14:10 - 2014-10-18 19:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 22:38 - 2014-01-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge
2014-11-24 22:37 - 2014-01-12 16:52 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-11-24 22:36 - 2014-01-12 16:48 - 00004671 _____ () C:\Windows\HCWPNP.INI
2014-11-24 22:36 - 2014-01-12 16:00 - 00004521 ____C () C:\hcwDriverInstall.txt
2014-11-24 22:36 - 2014-01-12 15:40 - 00000000 ____D () C:\Program Files (x86)\Hauppauge
2014-11-24 22:34 - 2014-01-12 16:00 - 00002127 _____ () C:\Users\Public\Desktop\Hauppauge Personal Logo inserter.lnk
2014-11-23 20:45 - 2014-01-25 12:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-23 19:55 - 2014-02-06 23:15 - 00000000 ____D () C:\Windows\Minidump
2014-11-22 12:18 - 2013-12-25 09:24 - 00281156 _____ () C:\Windows\DirectX.log
2014-11-19 16:55 - 2014-11-16 17:19 - 00002312 _____ () C:\Users\AJ\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\AJ\AppData\Local\Temp\32E6C7e1.exe
C:\Users\AJ\AppData\Local\Temp\46f3DcFbB4.exe
C:\Users\AJ\AppData\Local\Temp\dllnt_dump.dll
C:\Users\AJ\AppData\Local\Temp\hcwclear.exe
C:\Users\AJ\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\AJ\AppData\Local\Temp\Quarantine.exe
C:\Users\AJ\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\AJ\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-13 03:06
 
==================== End Of Log ============================
 
And here is the addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by AJ at 2014-12-18 15:33:51
Running from C:\Users\AJ\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Launcher (HKLM-x32\...\{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}) (Version: 1.0.0 - TopTab)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Elite Unzip (HKLM-x32\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Sound Recorder v10.0.4 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.31351 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.31349 - Hauppauge Computer Works, Inc.)
Hauppauge StreamEez (HKLM-x32\...\Hauppauge StreamEez) (Version: 1.0.31029 - Hauppauge Computer Works, Inc.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Broadcaster Software version 0.452a (HKLM-x32\...\{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1) (Version: 0.452a - )
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Unity (HKLM-x32\...\Unity) (Version: 4.5.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{8780DFA8-7E56-43B1-93DB-FE001F8290D7}) (Version: 2.0.1411.2413 - SplitmediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-11-2014 20:37:42 Removed ShowBiz
24-11-2014 22:36:52 Installed ShowBiz
10-12-2014 03:29:47 Windows Update
18-12-2014 14:35:22 BEFORE ROUGEKILLER
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03185193-1CA8-4062-AF70-3659B87FD01F} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe
Task: {1B12C085-26A6-49B5-B656-9FBE2B3AE0EB} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {1EE7E4C7-C334-452C-B2F3-FFF524C6AFF0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-Jagwa36@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2EB01A71-07F3-43BC-9C52-58C59956F7EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {37A44558-E85F-4F91-A825-ACB6169E5306} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\updater.exe
Task: {39ECB8AA-B4C9-458A-9193-E9BD813FBD0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {3F3335A5-ECDD-4C36-B5C0-294796DA6D60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {49DE5AB9-C326-496A-A672-BDAE5B521276} - \PastaQuotes No Task File <==== ATTENTION
Task: {5829697A-514E-48DD-82CD-CF8E0ACE7026} - System32\Tasks\{0E2DFA2A-9B75-4388-BFD3-A5AC7A07E981} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Mass Effect\runme.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Mass Effect"
Task: {6450311F-29A3-40E4-A9C0-EA3DD63298DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {7E1003B7-7A16-4D45-9A34-AC5BA53C5258} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\WarningPopUp.exe
Task: {87802EB2-D08B-4655-8582-E969D1D064C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {AD6C8032-5CBE-424A-9E39-5B13D3D12C7A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: {E906F88E-B2DF-4635-929A-2EB86EE5CC4C} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {ECF37F86-2F18-4C8D-B7AF-29365A9A30BF} - System32\Tasks\{2C4821E6-7933-454D-9DA1-62EF2B301F04} => pcalua.exe -a "C:\Users\AJ\Downloads\Xbox360_64Eng (1).exe" -d C:\Users\AJ\Downloads
Task: {F4A49CCB-069F-4104-ABBC-4A5D2C61F02D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FBB12DCD-1FE2-4D7A-9367-C606041D9146} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-25 15:43 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-10 16:03 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-15 01:00 - 2014-03-15 01:00 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-11-15 09:51 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-01 22:06 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2014-11-06 12:05 - 2014-10-27 01:06 - 00007168 _____ () C:\a\internetport3.exe
2014-02-18 17:03 - 2014-02-18 17:03 - 04697968 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-10-01 22:06 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-10-01 22:06 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2014-12-11 22:33 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 22:33 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 22:33 - 2014-12-05 18:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-11-16 16:17 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\AJ\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-11-16 16:17 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\AJ\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\AJ\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\AJ\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\AJ\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\AJ\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36644605.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36644605.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "dnsshield"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1042700968-1541978006-1148080477-500 - Administrator - Disabled)
AJ (S-1-5-21-1042700968-1541978006-1148080477-1001 - Administrator - Enabled) => C:\Users\AJ
Guest (S-1-5-21-1042700968-1541978006-1148080477-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1042700968-1541978006-1148080477-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: G:\
Description: MS/MS-PRO       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: H:\
Description: xD-Picture      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: E:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: F:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/18/2014 02:10:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (12/18/2014 01:21:34 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (12/18/2014 03:41:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/18/2014 03:35:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/16/2014 04:49:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/15/2014 09:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeCapture.exe, version: 1.0.0.0, time stamp: 0x52af907d
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x320
Faulting application start time: 0xHauppaugeCapture.exe0
Faulting application path: HauppaugeCapture.exe1
Faulting module path: HauppaugeCapture.exe2
Report Id: HauppaugeCapture.exe3
Faulting package full name: HauppaugeCapture.exe4
Faulting package-relative application ID: HauppaugeCapture.exe5
 
Error: (12/15/2014 09:45:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HauppaugeCapture.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code eedfade, exception address 77462F71
 
Error: (12/15/2014 06:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x8ec
Faulting application start time: 0xPhotosApp.exe0
Faulting application path: PhotosApp.exe1
Faulting module path: PhotosApp.exe2
Report Id: PhotosApp.exe3
Faulting package full name: PhotosApp.exe4
Faulting package-relative application ID: PhotosApp.exe5
 
Error: (12/15/2014 05:25:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17238, time stamp: 0x53d0d45c
Exception code: 0xc000027b
Fault offset: 0x000000000084a6f2
Faulting process id: 0xeb4
Faulting application start time: 0xPhotosApp.exe0
Faulting application path: PhotosApp.exe1
Faulting module path: PhotosApp.exe2
Report Id: PhotosApp.exe3
Faulting package full name: PhotosApp.exe4
Faulting package-relative application ID: PhotosApp.exe5
 
Error: (12/15/2014 05:24:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17122, time stamp: 0x537192fe
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17238, time stamp: 0x53d0d45c
Exception code: 0xc000027b
Fault offset: 0x000000000084a6f2
Faulting process id: 0xb00
Faulting application start time: 0xPhotosApp.exe0
Faulting application path: PhotosApp.exe1
Faulting module path: PhotosApp.exe2
Report Id: PhotosApp.exe3
Faulting package full name: PhotosApp.exe4
Faulting package-relative application ID: PhotosApp.exe5
 
 
System errors:
=============
Error: (12/18/2014 02:05:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%2
 
Error: (12/18/2014 02:05:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YouTube Downloader Services (P2) service failed to start due to the following error: 
%%2
 
Error: (12/18/2014 02:05:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%2
 
Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1069
 
Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (12/18/2014 02:04:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/18/2014 02:04:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Virtual Network (WVN3) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/18/2014 02:04:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/18/2014 02:10:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (12/18/2014 01:21:34 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (12/18/2014 03:41:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (12/18/2014 03:35:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (12/16/2014 04:49:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (12/15/2014 09:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeCapture.exe1.0.0.052af907dKERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f7132001d017dd6bd5447bC:\Program Files (x86)\Hauppauge\Capture\HauppaugeCapture.exeC:\Windows\SYSTEM32\KERNELBASE.dll63b724a5-84de-11e4-82bd-60a44cec143f
 
Error: (12/15/2014 09:45:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HauppaugeCapture.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code eedfade, exception address 77462F71
 
Error: (12/15/2014 06:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotosApp.exe6.3.9600.17122537192fetwinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac8ec01d018c711882f0aC:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\twinapi.appcore.dll8936d9e0-84c3-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
Error: (12/15/2014 05:25:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotosApp.exe6.3.9600.17122537192feWindows.UI.Xaml.dll6.3.9600.1723853d0d45cc000027b000000000084a6f2eb401d018c6b8b5d1bfC:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dll06de6c88-84ba-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
Error: (12/15/2014 05:24:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotosApp.exe6.3.9600.17122537192feWindows.UI.Xaml.dll6.3.9600.1723853d0d45cc000027b000000000084a6f2b0001d018c6ab8b1bb3C:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dllf199c327-84b9-11e4-82bd-60a44cec143fFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-22 04:24:17.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:17.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:17.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:17.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:17.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:16.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:16.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:16.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:16.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-22 04:24:11.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8144.13 MB
Available physical RAM: 4874.21 MB
Total Pagefile: 15824.13 MB
Available Pagefile: 13172.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:339.73 GB) NTFS
Drive d: (CD-HDPVR2-V1.6-A) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF1EC154)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt
HKLM-x32\...\Run: [autoauto] => 80169954.batHKU\S-1-5-21-1042700968-1541978006-1148080477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [HKLM] => ProxyEnable is set.ProxyEnable: [HKLM-x32] => ProxyEnable is set.ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800ProxyEnable: [S-1-5-21-1042700968-1541978006-1148080477-1001] => Internet Explorer proxy is enabled.ProxyServer: [S-1-5-21-1042700968-1541978006-1148080477-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877C:\Users\AJ\AppData\Local\Temp\32E6C7e1.exeC:\Users\AJ\AppData\Local\Temp\46f3DcFbB4.exeEmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Good!  Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Link to post
Share on other sites

When I try to download ComboFix I get this message...

 

"This operating system is not supported!

ComboFix only runs on:

 

*Windows XP (32 bit)

*Windows Vista (32/64 bit)

*Windows 7 (32/64 bit)

*Windows 8 (32/64 bit)

 

Windows 2000 is no longer supported."

 

This is strange because I have Windows 8 (64 bit). What should I do?

Link to post
Share on other sites

Please do this while I look into that:
 
icon11.gif  Open Malwarebytes AntiMalware (MBAM)

 

  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
  • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
 
Please include the following in your next post:
  • MBAM log
Link to post
Share on other sites

How is your computer running now?  Please do this next:

icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version and remove any older, insecure versions.
icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is your computer running now?
  • ESET log

Link to post
Share on other sites

Computer is working a lot better. At some point during this last step chrome has become able to connect to the internet again.

Er...maybe not. Chrome is only working half of the time. I can connect to the internet on it, but some sites give me the "unable to connect to proxy" error. Very strange...

Link to post
Share on other sites

Most of those ESET detections are in your backups.  Once we are done, I'd delete any existing backups and make fresh ones.  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Users\All Users\Optimizer\program\winapp_Test002.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif Run another scan with FRST for me and post the new log

Please include the following in your next post:
  • fixlog.txt report
  • FRST log

Link to post
Share on other sites

Is that only occurring in Chrome, or are all of your browsers acting up?  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No FileCHR HKU\S-1-5-21-1042700968-1541978006-1148080477-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.


  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.
Link to post
Share on other sites

Well when this all started everything was down. After reading a bunch of information online I thought I solved the problem after diving into the registry. Chrome was working fine so I thought I got rid of the problem, but after starting some other programs I noticed I had only managed to free Chrome from the issue. As of right now all my programs are working great except for Chrome which seems to randomly decide some sites can't be reached due to the proxy error. Except for sometimes if I try to get to the site through Google, instead of just typing it in the search bar, I can reach the website. It's really weird I've never seen anything like this. 

 

Anyway, the fixlog is attached.

Fixlog.txt

Link to post
Share on other sites

I don't see anything in your logs that would account for those issues, but if you were making changes in your registry our tools would not necessarily detect those.  I'd recommend completely uninstalling and re-installing Chrome.  I have some other important housekeeping for you to take care of also, as I see no remaining malware in your logs:

 

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall


Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it

  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.


icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.


Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Er guess not...

 

The computer was working great for two days, but the problem has showed back up today...  :unsure:

 

After a restart the original issue resurfaced pretty much how we started. All programs that need to connect to the internet give me a proxy error. This time however I can click on or even completely change the settings. It's not grayed out like it was last time, but if I close the window with the settings the proxy shows back up.

 

Sorry for the false all clear. It seemed to be completely clean. I don't know what I could have done to make it reappear. I hope you can still see this, if not I can probably just make a new thread. Thanks again for all your help.

Link to post
Share on other sites

No worries.  Enjoy your trip and when you get back we will have to start from scratch.  Once you are ready to go, do this:

 

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Sorry for the delay.  Please do this:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONEmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.


  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.


  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • fixlog.txt report
  • ComboFix log
Link to post
Share on other sites

  • 2 weeks later...

Sorry for the delay again.  I’m having issues with my notifications.  Please do this:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]C:\Program Files (x86)\Windows Network Acceleraterreg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /freg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Please include the following in your next post:
  • fixlog.txt report

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.