What to do now?

[aznfoo]

I ran the malware bytes home free version, and the scan found 19 threats in my computer. What course of action should I take now? If I fix and remove those files, will it affect my computer processes? I have included a copy of the log that was saved. 

 

Here is a clipboard version:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/9/2015

Scan Time: 9:59 PM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.10.10.01

Rootkit Database: v2015.10.06.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Alarick Le

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 469964

Time Elapsed: 30 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 7

PUP.Optional.Trovi, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [f158d0850f7cf640371556a9eb17fe02], 

PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [f158d0850f7cf640371556a9eb17fe02], 

PUP.Optional.Taplika, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lfkjojacgdjkninepeghaamnapdjmlfn, , [b693163fa5e6979f58a65d787490c33d], 

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [e1686ee7c1ca67cff9077561af55ec14], 

PUP.Optional.Taplika, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lfkjojacgdjkninepeghaamnapdjmlfn, , [d673f65fc6c50a2c01fd2fa605ff5ca4], 

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lfkjojacgdjkninepeghaamnapdjmlfn, , [cc7da9ac4d3e24121fd7597c659fad53], 

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [ef5a5df82c5fb5816f89b4219d67a957], 

 

Registry Values: 11

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=,, [e1686ee7c1ca67cff9077561af55ec14]

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=,, [0841dd786625b185e0209343d62e9a66]

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, , [98b1c88df8931d19bd439d3946be5da3]

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Taplika, , [4900ce871378221455ab6274a65e30d0]

PUP.Optional.Taplika, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Taplika, , [1d2ccb8adfac989ebc44ebeba064a15f]

PUP.Optional.Taplika, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Taplika\\, , [e960074e76151026d02fa82d27ddf40c]

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=,, [ef5a5df82c5fb5816f89b4219d67a957]

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=,, [5bee83d26328023486728c4911f3f010]

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, , [fd4cfd58c9c2f3438a6e686d3ec68d73]

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Taplika, , [4009c78eb1da9f976395399c06fe44bc]

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Taplika, , [b4957dd8bad12c0ae90ff3e2659f21df]

 

Registry Data: 1

PUP.Optional.Taplika, HKU\S-1-5-21-2918447335-1727158776-3589145654-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://taplika.com/?f=1&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=, Good: (www.google.com), Bad: (http://taplika.com/?f=1&a=tpl_tight2_15_05&cd=2XzuyEtN2Y1L1QzutAzzyCtA0B0BzyyE0AzytA0F0EtA0AtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDzzyB0FyBtA0EtGtDtDtAzztG0E0Fzz0FtG0CtCzyyDtGtAyEtDtB0F0DtC0C0B0E0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0FyBtBzytDtGyB0Bzz0FtGyE0AtC0DtGzzyE0DyCtG0FyDzy0FyDzzyBzyyCyByCyE2Q&cr=1625904639&ir=),,[0049282dd7b4a6904bdf028fb451748c]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Scan Log.txt

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Yes, you can remove all found items, they are malware related.

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[aznfoo]

Here are both of the logs.

Addition.txt

FRST.txt

[aznfoo]

So should i select the option to remove them and then run the Farbar tool?

[aznfoo]

Here is a new FRST log

FRST.txt

[TwinHeadedEagle]

PC seems pretty clean, but let's perform some maintenance:

 

 

Scan with ZOEK

 

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[aznfoo]

I don't think I added in the lines that you told me to copy and paste to.

[aznfoo]

 

Zoek.exe v5.0.0.1 Updated 08-October-2015

Tool run by Alarick Le on Sat 10/10/2015 at 13:04:48.72.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Alarick Le\Downloads\zoek.exe    [scan all users]   [Deep Scan] 

 

==== System Restore Info ======================

 

10/10/2015 1:06:46 PM Zoek.exe System Restore Point Created Successfully.

 

==== Running Processes ======================

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Users\Alarick Le\AppData\Roaming\Spotify\SpotifyWebHelper.exe

C:\Users\Alarick Le\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\plugin-nm-server.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Alarick Le\AppData\Roaming\Spotify\Spotify.exe

C:\Users\Alarick Le\AppData\Roaming\Spotify\SpotifyCrashService.exe

C:\Users\Alarick Le\AppData\Roaming\Spotify\Spotify.exe

C:\Users\Alarick Le\AppData\Roaming\Spotify\Spotify.exe

C:\Users\Alarick Le\Downloads\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==== System Specs ======================

 

Windows: Windows Version 6.2 (Build 9200)

Memory (RAM): 12219 MB

CPU Info: Intel® Core i5-4210U CPU @ 1.70GHz

CPU Speed: 2399.3 MHz

Sound Card: Speaker/HP (Realtek High Defini | 

Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | Intel® HD Graphics Family

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Intel® Dual Band Wireless-AC 3160 | Realtek PCIe FE Family Controller

CD / DVD Drives: 1x (E: | ) E: hp      DVDRW  GUB0N

Ports: COM4 | COM5 LPT Port NOT Present. 

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C:  907.0GB | D:  23.5GB

Hard Disks - Free: C:  684.7GB | D:  2.6GB

Manufacturer *: Insyde

BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1

Time Zone: Pacific Standard Time

Motherboard *: Hewlett-Packard 227E

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky PURE 3.0 *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}

SP: Kaspersky PURE 3.0 *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky PURE 3.0 *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

Default Browser: Google Chrome 45.0.2454.101

Internet Explorer Version: 11.0.9600.18036 

Mozilla Firefox version: 41.0.1 (x86 en-US)

Google Chrome version: 45.0.2454.101

Adobe Reader version: 11.0.12.18

Sun Java version: 1.8.0_45 (32-bit) 

Sun Java version: 1.8.0_45 (64-bit) 

Flash Player version: 19.0.0.185

Shockwave Player version: 12.1.8r158

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\ALARIC~2\AppData\Local\Temp ====

2015-10-07 20:44:54 E08963774FD3A9403BD8BE34C05E6F0E 30208 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\imageformats\qgif.dll

2015-10-07 20:44:54 C7B5B9314AFE9FB50076D49BD44D4460 5626368 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\Qt5Core.dll

2015-10-07 20:44:54 BBA429E6087B652FAFE6D6C673AB50B7 1092608 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\Qt5Network.dll

2015-10-07 20:44:54 9C861C079DD81762B6C54E37597B7712 963232 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\msvcr120.dll

2015-10-07 20:44:54 9818BB0BCFDD55A31EB52E9C52B50C21 3937280 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\Qt5Gui.dll

2015-10-07 20:44:54 46060C35F697281BC5E7337AEE3722B1 660128 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\msvcp120.dll

2015-10-07 20:44:54 3B5AA8BF764882791C4ABD5EB8331206 236544 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\imageformats\qjpeg.dll

2015-10-07 20:44:54 3A59536B9461CE1C955658DF973130FB 1166336 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\platforms\qwindows.dll

2015-10-07 20:44:54 341091E72F4937C321944E0ED49D035D 1514984 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\update.exe

2015-10-07 20:44:54 0CF36C778EB3E5C0C27F6C37A4B2279C 5424128 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\teamspeak_temp_0\Qt5Widgets.dll

2015-10-03 21:59:01 2630730D9C02459358B38A5CE1EB46DE 394974 ----a-w- C:\Users\Alarick Le\AppData\Local\Temp\BF2SP\Install.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2015-10-10 07:18:07 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\788942C3.sys

2015-10-10 05:49:05 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\57867E9F.sys

2015-10-10 05:48:13 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\50417DF5.sys

2015-10-10 04:57:57 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2015-10-10 04:57:26 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2015-10-10 04:57:26 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2015-10-10 04:57:26 85CFE7AB85B43B6B7AC7961AA3983A9F 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2015-10-01 00:06:55 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01007.Wdf

====== C:\Windows\Tasks ======

2015-09-22 05:00:33 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple

2015-09-14 03:39:20 55786C32F7EB9D5B2B9EE7E2F964D5AE 3436 ----a-w- C:\Windows\Sysnative\Tasks\GyazoUpdateTaskMachineDaily

2015-09-14 03:39:18 33D322C9499EE4622C6867475D21981A 3310 ----a-w- C:\Windows\Sysnative\Tasks\GyazoUpdateTaskMachine

2015-09-12 05:08:22 FCF47B46BE10AFEE881B0998ED2A0EA2 378 ----a-w- C:\Windows\Tasks\HPCeeScheduleForAlarick Le.job

2015-09-12 05:08:22 C481F2A23B84D47012BFE05405C0FC7F 3202 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForAlarick Le

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-09-22 05:03:30 -------- d-----w- C:\Program Files\iPod

2015-09-22 05:03:29 -------- d-----w- C:\Program Files\iTunes

2015-09-22 05:01:18 -------- d-----w- C:\Program Files\Bonjour

2015-09-15 06:58:29 -------- d-----w- C:\Program Files\Common Files\Intel

======= C:\PROGRA~2 =====

2015-09-22 05:03:30 -------- d-----w- C:\PROGRA~2\iTunes

2015-09-22 05:01:18 -------- d-----w- C:\PROGRA~2\Bonjour

2015-09-22 05:00:28 -------- d-----w- C:\PROGRA~2\Apple Software Update

2015-09-15 06:58:10 -------- d-----w- C:\PROGRA~2\Cisco

2015-09-14 03:39:12 -------- d-----w- C:\PROGRA~2\Gyazo

======= C: =====

====== C:\Users\Alarick Le\AppData\Roaming ======

2015-10-07 20:47:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Alarick Le\AppData\Roaming\1.zip

2015-09-16 05:57:04 AFD1B8394DC801A2B5C655F40379EB77 7617 ----a-w- C:\Users\Alarick Le\AppData\Local\Resmon.ResmonCfg

2015-09-14 03:39:45 -------- d-----w- C:\Users\Alarick Le\AppData\Roaming\Gyazo

====== C:\Users\Alarick Le ======

2015-10-10 07:17:25 0ABA853F75358DF63CA44DB8207F53EF 2194944 ----a-w- C:\Users\Alarick Le\Downloads\FRST64.exe

2015-10-10 04:53:55 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Alarick Le\Downloads\mbam-setup-2.1.8.1057.exe

2015-10-07 21:49:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2015-10-07 21:46:15 A7CD7CFA1D2AA279E4C954795D0BA535 27864920 ----a-w- C:\Users\Alarick Le\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe

2015-10-03 21:58:47 83E99DCCEF878BB87E4C96986A3342F4 622839 ----a-w- C:\Users\Alarick Le\Downloads\bf2sp64_103.exe

2015-10-02 02:41:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

2015-09-22 05:04:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-15 06:57:58 -------- d-----w- C:\ProgramData\Intel.sav

2015-09-15 06:19:18 -------- d-----w- C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}

2015-09-14 03:39:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo

 

====== C: exe-files ==

2015-10-08 04:53:29 75ECC6852BF488A87957474808044520 838224 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe

2015-10-08 02:12:18 3A82A323CCFD46C97CF7DDF1C38FBFE1 398624 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe

2015-10-07 21:44:15 A081B7DF8CD546E020E39F47A137C7BE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2918447335-1727158776-3589145654-1004\$IAG1TO7.exe

2015-10-07 21:43:51 E89F23D9979C10D6A7EBFB73B0FA1D92 1245696 ----a-w- C:\$Recycle.Bin\S-1-5-21-2918447335-1727158776-3589145654-1004\$RAG1TO7.exe

2015-10-05 17:10:19 21673BE2C5C493349923C553EF65B6D6 118960 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

2015-10-05 17:10:13 9DDA7685386807B7D7954CE1A0908C17 207128 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\MCPP\bin\mcpp.exe

2015-10-05 16:45:26 DF0EB0306BD79C2E043935D17674B4A1 1197336 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\ImgTec\PVRTexTool.exe

2015-10-05 16:45:26 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_x86_vs2010sp1.exe

2015-10-05 16:45:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\DXRedistCutdown\DXSETUP.exe

2015-10-05 16:45:26 B936F0F378B9A35489353E878154E899 1821192 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_x86.exe

2015-10-05 16:45:26 B936F0F378B9A35489353E878154E899 1821192 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_2008_x86.exe

2015-10-05 16:45:26 6402438591B548121F54B0706A2C6423 2745256 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_2005_atl_x86.exe

2015-10-05 16:45:26 5DADED5D81DBE995F90A1563D689B59E 35984664 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

2015-10-05 16:45:26 5663C13A59817AD3B1B30B2D5EFDF484 2966160 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\AMD\amdcpusetup.exe

2015-10-05 16:45:26 4E33C98627EA50D3E44CD62D323345D6 2686232 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_2005_x86.exe

2015-10-05 16:45:26 1CF262F35322D6C9C7A27FCA513FC269 43000680 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\dotNetFx40_Client_x86_x64.exe

=== C: other files ==

2015-10-10 07:18:07 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\788942C3.sys

2015-10-10 05:49:05 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\57867E9F.sys

2015-10-10 05:48:13 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\50417DF5.sys

2015-10-10 04:57:57 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-10-10 04:57:26 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-10-10 04:57:26 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-10-10 04:57:26 85CFE7AB85B43B6B7AC7961AA3983A9F 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-10-07 20:47:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Alarick Le\AppData\Roaming\1.zip

2015-10-05 19:13:23 166FA79FA32E0FA0452751751AD42429 15901 ----a-w- C:\Users\Alarick Le\Downloads\Essay #1 attached files Oct 5, 2015 1213 PM.zip

2015-10-03 22:02:34 8D9284B8CB9BCAB9B7791BBB5B7A795E 51331352 ----a-w- C:\Users\Alarick Le\Desktop\Huy Transfer Files\New folder\Objects_server.zip

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-2918447335-1727158776-3589145654-1004\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"="C:\Users\Alarick Le\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"Spotify Web Helper"="C:\Users\Alarick Le\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"

"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"HPMessageService"="C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"="C:\Users\Alarick Le\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"Spotify Web Helper"="C:\Users\Alarick Le\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

 

==== Startup Folders ======================

 

2014-12-01 07:31:22 1122 ----a-w- C:\Users\Alarick Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

2014-08-26 09:57:04 2077 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/21/2015 10:00 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/27/2015 07:15 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [undetermined Task]

C:\Windows\tasks\HPCeeScheduleForAlarick Le.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [06/16/2015 09:51 AM]

C:\Windows\tasks\update-S-1-5-21-2918447335-1727158776-3589145654-1004.job --a-------- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [11/28/2014 02:29 PM]

C:\Windows\tasks\update-sys.job --a-------- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [11/28/2014 02:29 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]

"C:\Windows\SysNative\tasks\GyazoUpdateTaskMachineDaily" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]

"C:\Windows\SysNative\tasks\HPCeeScheduleForAlarick Le" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\Windows\SysNative\tasks\HPCheckDropBoxStatus" ["c:\HP\HPQWare\DropBox\HPAppDetector.exe"]

"C:\Windows\SysNative\tasks\HPGenoobeReminder" ["C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe"]

"C:\Windows\SysNative\tasks\Start OPBHOBroker" ["C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"]

"C:\Windows\SysNative\tasks\Start OPBHOBrokerDesktop" ["C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"]

"C:\Windows\SysNative\tasks\Start SimplePass" ["C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe"]

"C:\Windows\SysNative\tasks\update-S-1-5-21-2918447335-1727158776-3589145654-1004" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]

"C:\Windows\SysNative\tasks\update-sys" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]

"C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\First Boot" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\ALARIC~2\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

user_pref("browser.startup.homepage", "https://www.kixeye.com/game/vegaconflict");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.defaultenginename.US", "Google");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [06/06/2015 11:59 AM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\ALARIC~2\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Alarick Le\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll - Microsoft Office 2013

F4C5E12008B713FE1B2F2A5990F00A43 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll - Shockwave for Director / Shockwave for Director

1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash

E154CF1647A8EF74278B4E976C0B0143 - C:\Users\Alarick Le\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

 

 

==== Chromium Look ======================

 

Google Chrome Version: 45.0.2454.101

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[11/11/2013 10:21 PM]

lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]

pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[11/11/2013 10:21 PM]

 

Google Slides - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

BTTV - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped

Google Docs - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

STRATEGO - Official - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpgdjbodiacocpojlgipgkphcihfbdo

Spotify - Music for every moment - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh

Google Search - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Kaspersky URL Advisor - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj

PartyCloud DJ Mixer - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko

Realm of the Mad God - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp

Dropbox for Gmail - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec

Nisekoi - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\feajbjkmgkeiipookccieahdjohgbloo

Google Sheets - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Full Screen Weather - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg

Google Docs Offline - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi

AdBlock - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Notifier for Twitter - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn

My Cloud Mixer - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\inljlgancgnjdphflkoalgpkdlchnaeh

SoundCloud - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp

Until AM Web App - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk

Chrome Hotword Shared Module - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Kaspersky Protection - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh

Google Dictionary (by Google) - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja

Until AM for Chrome - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl

drumbit - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo

My Cloud Player - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab

Chrome Web Store Payments - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Anti-Banner - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

Twitch Giveaways - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd

 

==== IE Start and Search Settings ======================

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{659D2FC1-79DF-4A0E-9B74-4CC9C046EEE3} Amazon Search Suggestions Url="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}"

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

O4 - HKCU\..\Run: [f.lux] "C:\Users\Alarick Le\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

O4 - HKCU\..\Run: [Power2GoExpress8] NA

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Alarick Le\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - c:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @oem25.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel Bluetooth Service (ibtsiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service:  HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on Sat 10/10/2015 at 13:12:15.99 ======================

 

[TwinHeadedEagle]

I don't think I added in the lines that you told me to copy and paste to.

Indeed. Please go through my Zoek instructions again.

[aznfoo]

Here is the new zoesk with your settings

 

 

Zoek.exe v5.0.0.1 Updated 08-October-2015

Tool run by Alarick Le on Sat 10/10/2015 at 13:15:11.59.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Alarick Le\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2015-10-10-201215.log 41157 bytes

 

==== System Restore Info ======================

 

10/10/2015 1:15:51 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\Naver deleted successfully

C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully

C:\Users\Alarick Le\AppData\Local\InfiniteCrisis deleted successfully

C:\Users\Alarick Le\AppData\Local\SuperText deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2918447335-1727158776-3589145654-1004\Software\Microsoft\Internet Explorer\SearchScopes\{659D2FC1-79DF-4A0E-9B74-4CC9C046EEE3} deleted successfully

HKEY_USERS\S-1-5-21-2918447335-1727158776-3589145654-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_USERS\S-1-5-21-2918447335-1727158776-3589145654-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{659D2FC1-79DF-4A0E-9B74-4CC9C046EEE3} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\Naver not found

C:\PROGRA~2\Skillbrains deleted

C:\Users\Alarick Le\AppData\Roaming\Rim.Desktop.Exception.log deleted

C:\Users\Alarick Le\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted

C:\Users\Alarick Le\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted

C:\PROGRA~3\{D6A06EDD-9203-4050-8A05-45E7F4064FEB} deleted

C:\PROGRA~3\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Alarick Le\AppData\Local\updater.log deleted

C:\Users\Alarick Le\AppData\Local\Unity deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Alarick Le\Downloads\VTBundle.zip deleted

C:\Users\Alarick Le\Downloads\ReimageRepair.exe deleted

C:\Users\Alarick Le\AppData\LocalLow\Unity deleted

C:\Windows\Reimage.ini deleted

C:\windows\SysNative\tasks\update-S-1-5-21-2918447335-1727158776-3589145654-1004 deleted

C:\windows\SysNative\tasks\update-sys deleted

C:\Windows\tasks\update-S-1-5-21-2918447335-1727158776-3589145654-1004.job deleted

C:\Windows\tasks\update-sys.job deleted

C:\end deleted

"C:\windows\Installer\21e69.msi" deleted

"C:\Windows\Syswow64\Windows.Media.MediaControl.dll" not deleted

"C:\Windows\Syswow64\Windows.Media.Streaming.ps.dll" not deleted

"C:\Windows\Syswow64\Windows.Networking.Connectivity.dll" not deleted

"C:\Windows\Syswow64\Windows.UI.Immersive.dll" not deleted

"C:\Windows\Syswow64\Windows.UI.Input.Inking.dll" not deleted

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\ALARIC~2\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

user_pref("browser.startup.homepage", "https://www.kixeye.com/game/vegaconflict");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.defaultenginename.US", "Google");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [06/06/2015 11:59 AM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\ALARIC~2\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Alarick Le\AppData\Roaming\Mozilla\Firefox\Profiles\rk5npb88.default

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll - Microsoft Office 2013

F4C5E12008B713FE1B2F2A5990F00A43 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll - Shockwave for Director / Shockwave for Director

1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash

 

 

==== Chromium Look ======================

 

Google Chrome Version: 45.0.2454.101

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[11/11/2013 10:21 PM]

lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]

pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[11/11/2013 10:21 PM]

 

BTTV - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped

STRATEGO - Official - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpgdjbodiacocpojlgipgkphcihfbdo

Spotify - Music for every moment - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh

PartyCloud DJ Mixer - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko

Realm of the Mad God - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp

Nisekoi - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\feajbjkmgkeiipookccieahdjohgbloo

Full Screen Weather - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg

AdBlock - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Notifier for Twitter - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn

My Cloud Mixer - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\inljlgancgnjdphflkoalgpkdlchnaeh

SoundCloud - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp

Until AM Web App - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk

Chrome Hotword Shared Module - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Google Dictionary (by Google) - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja

Until AM for Chrome - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl

drumbit - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo

My Cloud Player - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab

Twitch Giveaways - Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd

 

==== Chromium Fix ======================

 

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_csgoteamfinder.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_csgoteamfinder.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage-journal deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2i49pn6mosg0g.cloudfront.net_0.localstorage deleted successfully

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2i49pn6mosg0g.cloudfront.net_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A6F2EDADB7E5594DB660309B322D3FD deleted successfully

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A6F2EDADB7E5594DB660309B322D3FD deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Alarick Le\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Alarick Le\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Alarick Le\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Alarick Le\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Alarick Le\AppData\Local\Mozilla\Firefox\Profiles\rk5npb88.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Alarick Le\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=9095 folders=4510 4626882167 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Alarick Le\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\ALARIC~2\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Windows\Syswow64\Windows.Media.MediaControl.dll"  not deleted

"C:\Windows\Syswow64\Windows.Media.Streaming.ps.dll"  not deleted

"C:\Windows\Syswow64\Windows.Networking.Connectivity.dll"  not deleted

"C:\Windows\Syswow64\Windows.UI.Immersive.dll"  not deleted

"C:\Windows\Syswow64\Windows.UI.Input.Inking.dll"  not deleted

 

==== EOF on Sat 10/10/2015 at 15:14:13.69 ======================

[TwinHeadedEagle]

Very good. Is everything okay now?

[aznfoo]

I have yet to find out for myself. The thing that they hacked was my Steam and Gmail account, so i'll just have to wait and see if anything else has been done to them. Thanks for helping out though! I'll post a new topic if something pops back up again. What else do I do with these programs that I have downloaded now?

[aznfoo]

I also have another question, i'm not sure if it's the exact cause, but ever since running those programs, my computer and internet have been running slower than usual. Is there a direct relation to any of these?

[TwinHeadedEagle]

It could be something temporary.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!