Dunno Posted July 14, 2015 ID:976176 Share Posted July 14, 2015 Hello,I have a problem with globasearch . When I open up firefox or open a new tab I get sent to webswitch.tk, bettersearch.tk, or fast-search.tk, and now see-hub.tk. When it first started happening I ran malwarebytes but it wasnt detecting anything. I refreshed firefox and that seemed to temperarally get rid of it but when my computer goes into sleep mode or I shut down/restart my laptop it comes back. I ran malwarebytes again and it detected 6 threats. I removed them (or I thought I did) but it comes back everytime. I also ran a scan withthe malwarebytes anti rootkit but it only detected two threats. I then used them both at the same time and removed/cleanedup my laptop. That didn't work. If anyone can help me with this that'd be awesome. Thanks,Dunno (Sorry for any errors in spelling/grammar) Link to post Share on other sites More sharing options...
Maniac Posted July 14, 2015 ID:976180 Share Posted July 14, 2015 Hello Dunno and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Dunno Posted July 14, 2015 Author ID:976191 Share Posted July 14, 2015 Heres the FRST log:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015Ran by sparky (administrator) on SHADOW on 14-07-2015 10:24:59Running from C:\Users\sparky\DownloadsLoaded Profiles: sparky & (Available Profiles: sparky)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files\CyberLink\Shared files\RichVideo64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe(Google Inc.) C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Malwarebytes Corp.) C:\Users\sparky\Downloads\mbar-1.09.1.1004.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-23] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-23] (Realtek Semiconductor)HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-05-05] (Synaptics Incorporated)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [Google Update] => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-23] (Google Inc.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-23] (Google Inc.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-21]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMdHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00033BB0&OHP=http%3A%2F%2Fg.msn.com%2FHPNOT14%2F1&OSP=HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMdHKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=3209&b=3&installkey=1JlDkLTTkmS7RSCYqgMdSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}SearchScopes: HKLM-x32 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001 -> URL http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL http://www.globasearch.com/?serie=3209&installkey=1JlDkLTTkmS7RSCYqgMd&b=3&q={searchTerms}SearchScopes: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4A88313E-1D40-47D4-A5A9-34B3D1C28313} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-29] (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-29] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{765302ED-448E-4180-973E-654433E7CDD6}: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\sparky\AppData\Roaming\Mozilla\Firefox\Profiles\1ky69mvk.default-1436744931227FF NewTab: hxxp://www.globasearch.com/?serie=3209&b=2&installkey=1JlDkLTTkmS7RSCYqgMd&newtabFF DefaultSearchEngine.US: GoogleFF Homepage: hxxp://www.globasearch.com/?serie=3209&b=2&installkey=1JlDkLTTkmS7RSCYqgMdFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-29] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-29] (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @talk.google.com/O1DPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @tools.google.com/Google Update;version=3 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001: @tools.google.com/Google Update;version=9 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\sparky\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\sparky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\sparky\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-04]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-23]FF HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]FF HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiChrome:=======CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx==================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-23] (Realtek Semiconductor)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-05-05] (Synaptics Incorporated)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-07-13] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-20] (Realtek Semiconductor Corporation )R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-05] (Synaptics Incorporated)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-14 10:24 - 2015-07-14 10:26 - 00024481 _____ C:\Users\sparky\Downloads\FRST.txt2015-07-14 10:24 - 2015-07-14 10:25 - 00000000 ____D C:\FRST2015-07-14 10:22 - 2015-07-14 10:22 - 02133504 _____ (Farbar) C:\Users\sparky\Downloads\FRST64.exe2015-07-14 10:19 - 2015-07-14 10:19 - 00000000 ____D C:\Users\sparky\Desktop\Malware2015-07-13 01:26 - 2015-07-14 10:16 - 00000000 ____D C:\Users\sparky\Desktop\mbar2015-07-13 00:12 - 2015-07-14 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-07-13 00:09 - 2015-07-13 00:59 - 00000000 ____D C:\mbar2015-07-13 00:08 - 2015-07-13 00:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sparky\Downloads\mbar-1.09.1.1004.exe2015-07-12 09:43 - 2015-07-12 09:43 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForsparky2015-07-12 00:27 - 2015-07-12 00:29 - 00000000 ____D C:\Users\sparky\Documents\CyberLink2015-07-04 01:01 - 2015-07-07 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-07-03 13:17 - 2015-07-03 13:17 - 02326890 _____ C:\Users\sparky\Downloads\Prison.rar2015-07-02 23:28 - 2015-07-02 23:28 - 00002561 _____ C:\Users\sparky\Downloads\mb.txt2015-07-02 23:26 - 2015-07-02 23:26 - 00002566 _____ C:\malware.txt2015-07-02 22:41 - 2015-07-12 19:48 - 00000000 ____D C:\Users\sparky\Desktop\Old Firefox Data2015-06-27 16:56 - 2015-06-27 17:03 - 00000000 ____D C:\Users\sparky\Desktop\Games2015-06-27 09:23 - 2015-06-22 13:42 - 00000029 _____ C:\Users\sparky\Desktop\Builds.points2015-06-27 09:23 - 2015-05-14 17:33 - 00000141 _____ C:\Users\sparky\Desktop\mc.hypixel.net.points2015-06-16 21:55 - 2015-06-16 21:55 - 00001082 _____ C:\Users\sparky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk2015-06-16 21:55 - 2015-06-16 21:55 - 00000000 ____D C:\Users\sparky\AppData\Local\LogMeIn2015-06-16 21:55 - 2015-06-16 21:55 - 00000000 ____D C:\ProgramData\LogMeIn2015-06-16 21:18 - 2015-06-16 21:54 - 00000000 ____D C:\Users\sparky\AppData\Local\join.me2015-06-16 15:42 - 2015-07-07 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-06-16 15:42 - 2015-06-16 15:42 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-16 15:42 - 2015-06-16 15:42 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-14 10:23 - 2015-03-13 16:06 - 00000000 ____D C:\Users\sparky\AppData\Roaming\Skype2015-07-14 10:20 - 2015-06-06 17:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-07-14 10:16 - 2015-04-17 21:09 - 00000000 ____D C:\Users\sparky\AppData\Roaming\.minecraft2015-07-14 10:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru2015-07-14 09:39 - 2015-03-31 16:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-07-14 09:27 - 2015-02-21 14:08 - 01502584 _____ C:\Windows\WindowsUpdate.log2015-07-13 20:59 - 2015-02-21 14:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1684615060-197677331-2688408936-10012015-07-13 01:26 - 2015-06-06 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-07-13 01:24 - 2015-02-21 14:25 - 00000000 ____D C:\Users\sparky\Documents\Youcam2015-07-13 01:23 - 2015-02-21 14:28 - 00000000 ____D C:\Users\sparky\OneDrive2015-07-12 19:55 - 2015-03-29 09:30 - 00000000 ____D C:\Users\sparky\AppData\Roaming\TS3Client2015-07-12 09:43 - 2015-04-26 09:22 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForsparky.job2015-07-12 00:29 - 2014-11-23 06:53 - 00000000 ____D C:\ProgramData\CyberLink2015-07-12 00:27 - 2015-06-05 16:16 - 00000000 ____D C:\Users\sparky\AppData\Roaming\CyberLink2015-07-12 00:27 - 2014-11-23 07:46 - 00000000 ____D C:\Users\Public\Documents\CyberLink2015-07-12 00:21 - 2015-02-21 14:25 - 00000000 ____D C:\Users\sparky\AppData\Local\CyberLink2015-07-11 23:46 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF2015-07-11 19:29 - 2015-02-21 14:22 - 00000000 ____D C:\Users\sparky2015-07-11 19:29 - 2013-08-22 10:46 - 00034854 _____ C:\Windows\setupact.log2015-07-11 19:29 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-09 22:02 - 2015-03-13 16:06 - 00000000 ___RD C:\Program Files (x86)\Skype2015-07-09 22:02 - 2015-03-13 16:05 - 00000000 ____D C:\ProgramData\Skype2015-07-09 21:59 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM2015-07-09 21:57 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-07-09 04:39 - 2015-03-31 16:04 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-07-08 23:59 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp2015-07-07 02:17 - 2014-03-18 05:44 - 00028446 _____ C:\Windows\PFRO.log2015-07-06 17:24 - 2015-02-25 10:02 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-07-06 17:24 - 2015-02-25 10:02 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-07-05 09:46 - 2015-02-22 10:34 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2015-07-05 06:08 - 2015-05-30 18:50 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-07-02 20:32 - 2015-06-06 17:51 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-07-02 20:32 - 2015-06-06 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-02 20:32 - 2015-06-06 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-07-02 19:38 - 2015-02-21 14:41 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8571A5EF-4096-4BC7-8949-AAAB2363FD19}2015-06-27 16:58 - 2015-02-21 14:34 - 00000000 ____D C:\Users\sparky\Desktop\Random2015-06-21 09:35 - 2014-04-04 19:55 - 00000000 ____D C:\SWSetup2015-06-21 09:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports2015-06-18 16:26 - 2014-03-18 05:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-18 08:42 - 2015-06-06 17:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-18 08:41 - 2015-06-06 17:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-16 15:40 - 2015-03-19 18:02 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieBrowserModeList2015-06-16 15:40 - 2015-02-21 14:41 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieUserList2015-06-16 15:40 - 2015-02-21 14:41 - 00000000 __SHD C:\Users\sparky\AppData\Local\EmieSiteList2015-06-16 15:38 - 2015-02-21 18:32 - 00000000 ____D C:\Users\sparky\AppData\Local\Unity2015-06-16 08:37 - 2015-02-21 15:12 - 00000000 ____D C:\Users\sparky\AppData\Local\AdobeSome files in TEMP:====================C:\Users\sparky\AppData\Local\Temp\COMAP.EXEC:\Users\sparky\AppData\Local\Temp\Extract.exeC:\Users\sparky\AppData\Local\Temp\jre-8u45-windows-au.exeC:\Users\sparky\AppData\Local\Temp\SP70781.exeC:\Users\sparky\AppData\Local\Temp\SP70818.exeC:\Users\sparky\AppData\Local\Temp\SP70819.exeC:\Users\sparky\AppData\Local\Temp\SP70821.exeC:\Users\sparky\AppData\Local\Temp\SP71487.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-07-07 22:06==================== End of log ============================ Heres the Addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015Ran by sparky at 2015-07-14 10:27:39Running from C:\Users\sparky\DownloadsBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1684615060-197677331-2688408936-500 - Administrator - Disabled)Guest (S-1-5-21-1684615060-197677331-2688408936-501 - Limited - Disabled)sparky (S-1-5-21-1684615060-197677331-2688408936-1001 - Administrator - Enabled) => C:\Users\sparky==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) HiddenBarn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) HiddenBejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.)Cyberlink PhotoDirector (Version: 5.0.4.6303 - CyberLink Corp.) HiddenCyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)CyberLink PowerDirector 12 (Version: 12.0.3.3812 - CyberLink Corp.) HiddenCyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenEnergy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) HiddenFarmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) HiddenFishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) HiddenFort Defense (x32 Version: 3.0.2.51 - WildTangent) HiddenFoxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)Inst5675 (Version: 8.01.11 - Softex Inc.) HiddenInst5676 (Version: 8.01.11 - Softex Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hiddenjoin.me (HKU\S-1-5-21-1684615060-197677331-2688408936-1001\...\JoinMe) (Version: 1.20.0.503 - LogMeIn, Inc.)join.me (HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.20.0.503 - LogMeIn, Inc.)Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) HiddenJo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) HiddenLost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) HiddenLUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) HiddenPeggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 3.0.2.59 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) HiddenPolar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.9 - Synaptics Incorporated)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenViking Saga (x32 Version: 3.0.2.48 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) HiddenYouda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1684615060-197677331-2688408936-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sparky\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)==================== Restore Points =========================24-06-2015 19:40:23 Windows Update02-07-2015 14:06:54 Scheduled Checkpoint08-07-2015 23:56:45 Windows Update13-07-2015 00:58:17 Malwarebytes Anti-Rootkit Restore Point==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0478E096-F81B-4EE4-923D-1D37D8AFBFEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)Task: {0E5CE2FE-B28F-4902-92A3-AB6E15BBBE63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)Task: {2138AD6A-C691-49E3-B0AC-09A44FF2BAFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {235E663E-5D96-4758-A590-23A54A1FD9C6} - System32\Tasks\HPCeeScheduleForsparky => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {2CB477FB-2EEA-4D18-B111-18FA0530A6F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)Task: {2ECBD0D3-D7C1-42AA-9F5C-F664FF4B5281} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)Task: {55AE7DEE-B192-46BD-AE67-EB593DF5942E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)Task: {CD03D041-EE7A-4DD9-873E-4ACA3FAF84CF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)Task: {DF836AC7-E4E0-429F-89CA-C1FDD9C44975} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)Task: {E0FD43D4-115C-42E5-9130-22C9CB1DB0E1} - System32\Tasks\PaintTool SAI => C:\Users\sparky\AppData\Local\Temp\is-69HBJ.tmp\prsetup.exe [2015-05-06] (SystemaxJP, Inc. ) <==== ATTENTIONTask: {FA015D31-FFE3-453F-A49B-1A8DF34EE140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN45VC41ZM => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core1d04fd1704cf483.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684615060-197677331-2688408936-1001Core1d090fad6fdf7dd.job => C:\Users\sparky\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForsparky.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe==================== Loaded Modules (Whitelisted) ==============2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2015-05-31 09:25 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2015-07-13 01:56 - 2015-07-13 01:56 - 00310272 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\lwjgl64.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00653832 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\avutil-ttv-51.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00361103 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\swresample-ttv-0.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00688161 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\libmp3lame-ttv.dll2015-07-13 01:56 - 2015-07-13 01:56 - 01384960 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\twitchsdk.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00382464 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\OpenAL64.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00065024 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\jinput-dx8_64.dll2015-07-13 01:56 - 2015-07-13 01:56 - 00062464 _____ () C:\Users\sparky\AppData\Roaming\.minecraft\versions\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3\1.8-LiteLoader1.8-1.8-OptiFine_HD_U_D3-natives-109694914503738\jinput-raw_64.dll2015-05-31 09:02 - 2015-02-08 22:48 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll2015-05-31 09:02 - 2014-04-17 02:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll2015-05-31 09:02 - 2015-02-08 22:48 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\sparky\OneDrive:ms-properties==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1684615060-197677331-2688408936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sparky\Downloads\skype backround.jpgHKU\S-1-5-21-1684615060-197677331-2688408936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sparky\Downloads\skype backround.jpgDNS Servers: 192.168.1.1==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{4D970A5A-09B1-4B7C-A4EA-63390C4E4A7B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{72CA8BDF-6825-4BF2-B2FC-15E56C1864E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{44E17DE4-CDC9-4907-8C80-4AED027E860E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{26C5131B-D1E1-4356-9C3C-8863F98D4CE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{ACD4B618-3E74-46AF-94BC-C50C7D8F19D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{56283B14-E3D3-49AC-84C4-495839B0108E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{092EBEAF-0AEF-412B-92B7-93083E3B6E13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{8BACECE4-12C0-464B-B4FF-FD86EFBD9A1B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{44186729-03D2-439D-96A3-9DC7DA6F7DC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{926D5514-75EC-4C28-BDCC-B3856645C36D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{913A0C39-4FEB-4028-942B-B2C361A39F80}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{6E6CB8A5-3B40-4A2B-BB8E-9E97F46C7399}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [TCP Query User{D7A987AB-58F1-43CE-9E12-4CB50F4C59AA}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exeFirewallRules: [uDP Query User{7616CADE-6F53-45C5-8787-9CF7F904404B}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exeFirewallRules: [{0A683185-AFCC-45FD-867A-85B0F65F9BC6}] => (Allow) C:\Users\sparky\Desktop\Steam.exeFirewallRules: [{538BED1F-A16D-4477-AD24-60BC0CBE231C}] => (Allow) C:\Users\sparky\Desktop\Steam.exeFirewallRules: [{C3614A0B-D78D-4D0F-BA6A-F9649744D9C3}] => (Allow) C:\Users\sparky\Desktop\bin\steamwebhelper.exeFirewallRules: [{2D9AE2A3-C459-4C27-ABDA-54BB3C5142F9}] => (Allow) C:\Users\sparky\Desktop\bin\steamwebhelper.exeFirewallRules: [{5EAF6EB5-0FC6-4B85-8002-E5A20804B61F}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\Elsword\ESSTEAM.exeFirewallRules: [{91FF831E-C6D2-453C-9A1D-653950675CED}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\Elsword\ESSTEAM.exeFirewallRules: [{9546FBC9-0886-4113-ABEF-88AC71D0B6FD}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\GarrysMod\hl2.exeFirewallRules: [{5ED2C5AD-5AFB-4260-8AFE-1F42F1B2DA3B}] => (Allow) C:\Users\sparky\Desktop\steamapps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{B811A0AA-2EC6-4758-8655-10A1F59BAFFC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{B0E43B1F-D3E3-4C76-BB28-A7874BA2DF54}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{1DDAA689-B5E5-4776-874C-59F8D1EA0267}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXEFirewallRules: [{38E0F454-FB9C-4154-89B6-71E0C5E6FBC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{1895BB9D-3263-47CB-BD90-950D5A2F5192}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/14/2015 10:18:06 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program mbar.exe version 1.9.1.1004 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 4c8Start Time: 01d0bd2c7c323fa3Termination Time: 60000Application Path: C:\Users\sparky\Desktop\mbar\mbar.exeReport Id: f053b7f7-2a32-11e5-8280-ecb1d7da2142Faulting package full name:Faulting package-relative application ID:Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15578Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15578Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/12/2015 09:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Skype.exe, version: 7.6.64.105, time stamp: 0x55916aecFaulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99Exception code: 0xc0000005Fault offset: 0x0021f3d4Faulting process id: 0x2d38Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Faulting package full name: Skype.exe4Faulting package-relative application ID: Skype.exe5Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10765235Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10765235Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1063Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1063System errors:=============Error: (07/13/2015 03:48:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.Error: (07/13/2015 01:07:50 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/13/2015 01:07:50 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/13/2015 01:00:19 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/13/2015 01:00:19 AM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/12/2015 07:32:41 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/12/2015 07:32:41 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/12/2015 07:32:36 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/12/2015 07:32:36 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (07/12/2015 07:32:29 PM) (Source: DCOM) (EventID: 10010) (User: SHADOW)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Microsoft Office:=========================Error: (07/14/2015 10:18:06 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: mbar.exe1.9.1.10044c801d0bd2c7c323fa360000C:\Users\sparky\Desktop\mbar\mbar.exef053b7f7-2a32-11e5-8280-ecb1d7da2142Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15578Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15578Error: (07/13/2015 01:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/12/2015 09:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Skype.exe7.6.64.10555916aecmshtml.dll11.0.9600.178425565cf99c00000050021f3d42d3801d0bcfb4d5cefffC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\mshtml.dll3a6262db-2900-11e5-8280-ecb1d7da2142Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10765235Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10765235Error: (07/12/2015 12:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1063Error: (07/12/2015 09:55:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1063==================== Memory info ===========================Processor: Intel® Pentium® CPU N3540 @ 2.16GHzPercentage of memory in use: 75%Total physical RAM: 3982.27 MBAvailable physical RAM: 995.34 MBTotal Virtual: 6749.2 MBAvailable Virtual: 1291.29 MB==================== Drives ================================Drive c: (Windows) (Fixed) (Total:441.69 GB) (Free:395.35 GB) NTFSDrive d: (RECOVERY) (Fixed) (Total:23.05 GB) (Free:2.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 0254E1A1)Partition: GPT Partition Type.==================== End of log ============================ Thanks in advance for helping . Link to post Share on other sites More sharing options...
Maniac Posted July 14, 2015 ID:976197 Share Posted July 14, 2015 Step 1 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Step 2 Please uninstall this program: DisableMSDefender Step 3 Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file. In your next reply, post the following log files:FRST logMalwarebytes' Anti-Malware logfixlist.txt Link to post Share on other sites More sharing options...
Dunno Posted July 14, 2015 Author ID:976205 Share Posted July 14, 2015 Well...I was trying to figure out how to uninstall theDisableMSDefender and I opened Windows Defender. It quarantined something. Detected item: BrowserModifier:Win32/AskToolbarNotifier Alert Level: High Date: 6/6/2015 5:46 PM Should I remove it using Windows Defender or just follow the rest of your instructions? Link to post Share on other sites More sharing options...
Maniac Posted July 15, 2015 ID:976378 Share Posted July 15, 2015 You said that is quarantined already, so don't worry about it for now. Please proceed further. Link to post Share on other sites More sharing options...
Dunno Posted July 15, 2015 Author ID:976490 Share Posted July 15, 2015 Please forgive any errors that I make or made I followed your instructions the best I could.Fixlog.txtFRST.txtmbam.txt Link to post Share on other sites More sharing options...
Maniac Posted July 16, 2015 ID:976716 Share Posted July 16, 2015 Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
Dunno Posted July 16, 2015 Author ID:976787 Share Posted July 16, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.0 (07.15.2015:1)OS: Windows 8.1 x64Ran by sparky on Thu 07/16/2015 at 11:31:02.52~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Tasks~~~ Registry Values~~~ Registry Keys~~~ Files~~~ FoldersSuccessfully deleted: [Folder] C:\ProgramData\apn~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 07/16/2015 at 11:36:02.13End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.208 - Logfile created 16/07/2015 at 11:41:51# Updated 09/07/2015 by Xplode# Database : 2015-07-15.1 [server]# Operating system : Windows 8.1 (x64)# Username : sparky - SHADOW# Running from : C:\Users\sparky\Desktop\AdwCleaner.exe# Option : Cleaning***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17840-\\ Mozilla Firefox v39.0 (x86 en-US)*************************AdwCleaner[R0].txt - [726 bytes] - [16/07/2015 11:40:07]AdwCleaner[s0].txt - [652 bytes] - [16/07/2015 11:41:51]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [710 bytes] ########## Link to post Share on other sites More sharing options...
Maniac Posted July 17, 2015 ID:976929 Share Posted July 17, 2015 How are things there now? Link to post Share on other sites More sharing options...
Dunno Posted July 17, 2015 Author ID:977005 Share Posted July 17, 2015 Things seem to be fine now. Thanks for helping ^-^. Link to post Share on other sites More sharing options...
Maniac Posted July 17, 2015 ID:977012 Share Posted July 17, 2015 Glad I could help! Last steps: Step 1Please download Delfix.exe by Xplode and save it to your desktop.Please start it and check the box next to "Remove disinfection tools" and click on the Run button.The tool will delete itself once it finishes.Step 2 Some malware prevention tips: https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/ Safe surfing! Link to post Share on other sites More sharing options...
Dunno Posted July 18, 2015 Author ID:977177 Share Posted July 18, 2015 Thanks again for your help . Link to post Share on other sites More sharing options...
Maniac Posted July 20, 2015 ID:977577 Share Posted July 20, 2015 You're welcome! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2015 Root Admin ID:980417 Share Posted July 31, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts