Jump to content

GlobaSearch

Dunno

By Dunno
in Resolved Malware Removal Logs

 Share

Recommended Posts

Dunno

Dunno

Posted
Posted

Hello,

I have a problem with globasearch :( . When I open up firefox or open a new tab I get sent to webswitch.tk, bettersearch.tk, or fast-search.tk, and now see-hub.tk. When it first started happening I ran malwarebytes but it wasnt detecting anything. I refreshed firefox and that seemed to temperarally get rid of it but when my computer goes into sleep mode or I shut down/restart my laptop it comes back. I ran malwarebytes again and it detected 6 threats. I removed them (or I thought I did) but it comes back everytime. I also ran a scan with

the malwarebytes anti rootkit but it only detected two threats. I then used them both at the same time and removed/cleanedup my laptop. That didn't work. If anyone can help me with this that'd be awesome.

 

Thanks,

Dunno

 

(Sorry for any errors in spelling/grammar)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Dunno and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites
Dunno

Dunno

Posted
  • Author
Posted

Heres the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by sparky (administrator) on SHADOW on 14-07-2015 10:24:59
Running from C:\Users\sparky\Downloads
Loaded Profiles: sparky &  (Available Profiles: sparky)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Google Inc.) C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corp.) C:\Users\sparky\Downloads\mbar-1.09.1.1004.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-05-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [Google Update] => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-23] (Google Inc.)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-23] (Google Inc.)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMd
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00033BB0&OHP=http%3A%2F%2Fg.msn.com%2FHPNOT14%2F1&OSP=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMd
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMd
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001 -> URL http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{765302ED-448E-4180-973E-654433E7CDD6}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\sparky\AppData\Roaming\Mozilla\Firefox\Profiles\1ky69mvk.default-1436744931227
FF NewTab: hxxp://www.globasearch.com/?serie=3209&b=2&installkey=1JlDkLTTkmS7RSCYqgMd&newtab
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.globasearch.com/?serie=3209&b=2&installkey=1JlDkLTTkmS7RSCYqgMd
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @talk.google.com/O1DPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @tools.google.com/Google Update;version=3 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @tools.google.com/Google Update;version=9 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sparky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sparky\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-23]
FF HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-23] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-05-05] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-07-13] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-20] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 10:24 - 2015-07-14 10:26 - 00024481 _____ C:\Users\sparky\Downloads\FRST.txt
2015-07-14 10:24 - 2015-07-14 10:25 - 00000000 ____D C:\FRST
2015-07-14 10:22 - 2015-07-14 10:22 - 02133504 _____ (Farbar) C:\Users\sparky\Downloads\FRST64.exe
2015-07-14 10:19 - 2015-07-14 10:19 - 00000000 ____D C:\Users\sparky\Desktop\Malware
2015-07-13 01:26 - 2015-07-14 10:16 - 00000000 ____D C:\Users\sparky\Desktop\mbar
2015-07-13 00:12 - 2015-07-14 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-13 00:09 - 2015-07-13 00:59 - 00000000 ____D C:\mbar
2015-07-13 00:08 - 2015-07-13 00:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sparky\Downloads\mbar-1.09.1.1004.exe
2015-07-12 09:43 - 2015-07-12 09:43 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForsparky
2015-07-12 00:27 - 2015-07-12 00:29 - 00000000 ____D C:\Users\sparky\Documents\CyberLink
2015-07-04 01:01 - 2015-07-07 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 13:17 - 2015-07-03 13:17 - 02326890 _____ C:\Users\sparky\Downloads\Prison.rar
2015-07-02 23:28 - 2015-07-02 23:28 - 00002561 _____ C:\Users\sparky\Downloads\mb.txt
2015-07-02 23:26 - 2015-07-02 23:26 - 00002566 _____ C:\malware.txt
2015-07-02 22:41 - 2015-07-12 19:48 - 00000000 ____D C:\Users\sparky\Desktop\Old Firefox Data
2015-06-27 16:56 - 2015-06-27 17:03 - 00000000 ____D C:\Users\sparky\Desktop\Games
2015-06-27 09:23 - 2015-06-22 13:42 - 00000029 _____ C:\Users\sparky\Desktop\Builds.points
2015-06-27 09:23 - 2015-05-14 17:33 - 00000141 _____ C:\Users\sparky\Desktop\mc.hypixel.net.points
2015-06-16 21:55 - 2015-06-16 21:55 - 00001082 _____ C:\Users\sparky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2015-06-16 21:55 - 2015-06-16 21:55 - 00000000 ____D C:\Users\sparky\AppData\Local\LogMeIn
2015-06-16 21:55 - 2015-06-16 21:55 - 00000000 ____D C:\ProgramData\LogMeIn
2015-06-16 21:18 - 2015-06-16 21:54 - 00000000 ____D C:\Users\sparky\AppData\Local\join.me
2015-06-16 15:42 - 2015-07-07 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 15:42 - 2015-06-16 15:42 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-16 15:42 - 2015-06-16 15:42 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 10:23 - 2015-03-13 16:06 - 00000000 ____D C:\Users\sparky\AppData\Roaming\Skype
2015-07-14 10:20 - 2015-06-06 17:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 10:16 - 2015-04-17 21:09 - 00000000 ____D C:\Users\sparky\AppData\Roaming\.minecraft
2015-07-14 10:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 09:39 - 2015-03-31 16:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 09:27 - 2015-02-21 14:08 - 01502584 _____ C:\Windows\WindowsUpdate.log
2015-07-13 20:59 - 2015-02-21 14:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1684615060-197677331-2688408936-1001
2015-07-13 01:26 - 2015-06-06 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 01:24 - 2015-02-21 14:25 - 00000000 ____D C:\Users\sparky\Documents\Youcam
2015-07-13 01:23 - 2015-02-21 14:28 - 00000000 ____D C:\Users\sparky\OneDrive
2015-07-12 19:55 - 2015-03-29 09:30 - 00000000 ____D C:\Users\sparky\AppData\Roaming\TS3Client
2015-07-12 09:43 - 2015-04-26 09:22 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForsparky.job
2015-07-12 00:29 - 2014-11-23 06:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-07-12 00:27 - 2015-06-05 16:16 - 00000000 ____D C:\Users\sparky\AppData\Roaming\CyberLink
2015-07-12 00:27 - 2014-11-23 07:46 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-07-12 00:21 - 2015-02-21 14:25 - 00000000 ____D C:\Users\sparky\AppData\Local\CyberLink
2015-07-11 23:46 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-11 19:29 - 2015-02-21 14:22 - 00000000 ____D C:\Users\sparky
2015-07-11 19:29 - 2013-08-22 10:46 - 00034854 _____ C:\Windows\setupact.log
2015-07-11 19:29 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 22:02 - 2015-03-13 16:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-09 22:02 - 2015-03-13 16:05 - 00000000 ____D C:\ProgramData\Skype
2015-07-09 21:59 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-09 21:57 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-09 04:39 - 2015-03-31 16:04 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 23:59 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-07 02:17 - 2014-03-18 05:44 - 00028446 _____ C:\Windows\PFRO.log
2015-07-06 17:24 - 2015-02-25 10:02 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 17:24 - 2015-02-25 10:02 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 09:46 - 2015-02-22 10:34 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-05 06:08 - 2015-05-30 18:50 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-02 20:32 - 2015-06-06 17:51 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-02 20:32 - 2015-06-06 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-02 20:32 - 2015-06-06 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-02 19:38 - 2015-02-21 14:41 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8571A5EF-4096-4BC7-8949-AAAB2363FD19}
2015-06-27 16:58 - 2015-02-21 14:34 - 00000000 ____D C:\Users\sparky\Desktop\Random
2015-06-21 09:35 - 2014-04-04 19:55 - 00000000 ____D C:\SWSetup
2015-06-21 09:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-18 16:26 - 2014-03-18 05:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 08:42 - 2015-06-06 17:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-06-06 17:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 15:40 - 2015-03-19 18:02 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieBrowserModeList
2015-06-16 15:40 - 2015-02-21 14:41 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieUserList
2015-06-16 15:40 - 2015-02-21 14:41 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieSiteList
2015-06-16 15:38 - 2015-02-21 18:32 - 00000000 ____D C:\Users\sparky\AppData\Local\Unity
2015-06-16 08:37 - 2015-02-21 15:12 - 00000000 ____D C:\Users\sparky\AppData\Local\Adobe

Some files in TEMP:
====================
C:\Users\sparky\AppData\Local\Temp\COMAP.EXE
C:\Users\sparky\AppData\Local\Temp\Extract.exe
C:\Users\sparky\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\sparky\AppData\Local\Temp\SP70781.exe
C:\Users\sparky\AppData\Local\Temp\SP70818.exe
C:\Users\sparky\AppData\Local\Temp\SP70819.exe
C:\Users\sparky\AppData\Local\Temp\SP70821.exe
C:\Users\sparky\AppData\Local\Temp\SP71487.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-07 22:06

==================== End of log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Heres the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by sparky at 2015-07-14 10:27:39
Running from C:\Users\sparky\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1684615060-197677331-2688408936-500 - Administrator - Disabled)
Guest (S-1-5-21-1684615060-197677331-2688408936-501 - Limited - Disabled)
sparky (S-1-5-21-1684615060-197677331-2688408936-1001 - Administrator - Enabled) => C:\Users\sparky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.4.6303 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\JoinMe) (Version: 1.20.0.503 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.20.0.503 - LogMeIn, Inc.)
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.9 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

24-06-2015 19:40:23 Windows Update
02-07-2015 14:06:54 Scheduled Checkpoint
08-07-2015 23:56:45 Windows Update
13-07-2015 00:58:17 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0478E096-F81B-4EE4-923D-1D37D8AFBFEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {0E5CE2FE-B28F-4902-92A3-AB6E15BBBE63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {2138AD6A-C691-49E3-B0AC-09A44FF2BAFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {235E663E-5D96-4758-A590-23A54A1FD9C6} - System32\Tasks\HPCeeScheduleForsparky => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2CB477FB-2EEA-4D18-B111-18FA0530A6F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {2ECBD0D3-D7C1-42AA-9F5C-F664FF4B5281} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {55AE7DEE-B192-46BD-AE67-EB593DF5942E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {CD03D041-EE7A-4DD9-873E-4ACA3FAF84CF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {DF836AC7-E4E0-429F-89CA-C1FDD9C44975} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {E0FD43D4-115C-42E5-9130-22C9CB1DB0E1} - System32\Tasks\PaintTool SAI => C:\Users\sparky\AppData\Local\Temp\is-69HBJ.tmp\prsetup.exe [2015-05-06] (SystemaxJP, Inc.                                            ) <==== ATTENTION
Task: {FA015D31-FFE3-453F-A49B-1A8DF34EE140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN45VC41ZM => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core1d04fd1704cf483.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core1d090fad6fdf7dd.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsparky.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-31 09:25 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-07-13 01:56 - 2015-07-13 01:56 - 00310272 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\lwjgl64.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00653832 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\avutil-ttv-51.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00361103 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\swresample-ttv-0.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00688161 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\libmp3lame-ttv.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 01384960 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\twitchsdk.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00382464 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\OpenAL64.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00065024 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\jinput-dx8_64.dll
2015-07-13 01:56 - 2015-07-13 01:56 - 00062464 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\jinput-raw_64.dll
2015-05-31 09:02 - 2015-02-08 22:48 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-05-31 09:02 - 2014-04-17 02:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-05-31 09:02 - 2015-02-08 22:48 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\sparky\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sparky\Downloads\skype backround.jpg
HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sparky\Downloads\skype backround.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4D970A5A-09B1-4B7C-A4EA-63390C4E4A7B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72CA8BDF-6825-4BF2-B2FC-15E56C1864E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44E17DE4-CDC9-4907-8C80-4AED027E860E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{26C5131B-D1E1-4356-9C3C-8863F98D4CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACD4B618-3E74-46AF-94BC-C50C7D8F19D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{56283B14-E3D3-49AC-84C4-495839B0108E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{092EBEAF-0AEF-412B-92B7-93083E3B6E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{8BACECE4-12C0-464B-B4FF-FD86EFBD9A1B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{44186729-03D2-439D-96A3-9DC7DA6F7DC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{926D5514-75EC-4C28-BDCC-B3856645C36D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{913A0C39-4FEB-4028-942B-B2C361A39F80}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6E6CB8A5-3B40-4A2B-BB8E-9E97F46C7399}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{D7A987AB-58F1-43CE-9E12-4CB50F4C59AA}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{7616CADE-6F53-45C5-8787-9CF7F904404B}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{0A683185-AFCC-45FD-867A-85B0F65F9BC6}] => (Allow) C:\Users\sparky\Desktop\Steam.exe
FirewallRules: [{538BED1F-A16D-4477-AD24-60BC0CBE231C}] => (Allow) C:\Users\sparky\Desktop\Steam.exe
FirewallRules: [{C3614A0B-D78D-4D0F-BA6A-F9649744D9C3}] => (Allow) C:\Users\sparky\Desktop\bin\steamwebhelper.exe
FirewallRules: [{2D9AE2A3-C459-4C27-ABDA-54BB3C5142F9}] => (Allow) C:\Users\sparky\Desktop\bin\steamwebhelper.exe
FirewallRules: [{5EAF6EB5-0FC6-4B85-8002-E5A20804B61F}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\Elsword\ESSTEAM.exe
FirewallRules: [{91FF831E-C6D2-453C-9A1D-653950675CED}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\Elsword\ESSTEAM.exe
FirewallRules: [{9546FBC9-0886-4113-ABEF-88AC71D0B6FD}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5ED2C5AD-5AFB-4260-8AFE-1F42F1B2DA3B}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{B811A0AA-2EC6-4758-8655-10A1F59BAFFC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{B0E43B1F-D3E3-4C76-BB28-A7874BA2DF54}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1DDAA689-B5E5-4776-874C-59F8D1EA0267}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{38E0F454-FB9C-4154-89B6-71E0C5E6FBC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1895BB9D-3263-47CB-BD90-950D5A2F5192}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 10:18:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.1.1004 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4c8

Start Time: 01d0bd2c7c323fa3

Termination Time: 60000

Application Path: C:\Users\sparky\Desktop\mbar\mbar.exe

Report Id: f053b7f7-2a32-11e5-8280-ecb1d7da2142

Faulting package full name:

Faulting package-relative application ID:

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 09:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.6.64.105, time stamp: 0x55916aec
Faulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0021f3d4
Faulting process id: 0x2d38
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10765235

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10765235

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1063

Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1063


System errors:
=============
Error: (07/13/2015 03:48:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (07/13/2015 01:07:50 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/13/2015 01:07:50 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/13/2015 01:00:19 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/13/2015 01:00:19 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/12/2015 07:32:41 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/12/2015 07:32:41 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/12/2015 07:32:36 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/12/2015 07:32:36 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/12/2015 07:32:29 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office:
=========================
Error: (07/14/2015 10:18:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.10044c801d0bd2c7c323fa360000C:\Users\sparky\Desktop\mbar\mbar.exef053b7f7-2a32-11e5-8280-ecb1d7da2142

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578

Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 09:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe7.6.64.10555916aecmshtml.dll11.0.9600.178425565cf99c00000050021f3d42d3801d0bcfb4d5cefffC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\mshtml.dll3a6262db-2900-11e5-8280-ecb1d7da2142

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10765235

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10765235

Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1063

Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1063


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 75%
Total physical RAM: 3982.27 MB
Available physical RAM: 995.34 MB
Total Virtual: 6749.2 MB
Available Virtual: 1291.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:441.69 GB) (Free:395.35 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.05 GB) (Free:2.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0254E1A1)

Partition: GPT Partition Type.

==================== End of log ============================

 

 

 

 

 

 

Thanks in advance for helping ^_^.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please uninstall this program: DisableMSDefender

Step 3

Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file.

In your next reply, post the following log files:

  • FRST log
  • Malwarebytes' Anti-Malware log

fixlist.txt

Link to post
Share on other sites
Dunno

Dunno

Posted
  • Author
Posted

Well...I was trying to figure out how to uninstall theDisableMSDefender and I opened Windows Defender. It quarantined something.

 

Detected item: BrowserModifier:Win32/AskToolbarNotifier   Alert Level: High   Date: 6/6/2015 5:46 PM

 

Should I remove it using Windows Defender or just follow the rest of your instructions?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
Dunno

Dunno

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by sparky on Thu 07/16/2015 at 11:31:02.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\apn





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/16/2015 at 11:36:02.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 11:41:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : sparky - SHADOW
# Running from : C:\Users\sparky\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [726 bytes] - [16/07/2015 11:40:07]
AdwCleaner[s0].txt - [652 bytes] - [16/07/2015 11:41:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [710  bytes] ##########
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Last steps:

Step 1

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the Run button.
  • The tool will delete itself once it finishes.
Step 2

Some malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.