Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with safesear.ch- Hijacked Firefox and IE11


  • This topic is locked This topic is locked
10 replies to this topic

#1 redglare

redglare

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 31 May 2014 - 08:22 PM

My computer is infected with the browser hijacker - www.safesear.ch and I can’t figure out how to get rid of it.

 

I’ve tried running the Malwarebytes Anti-Malware and SuperAntiSpyware programs. I realize it requires more than this and need your help. Another reason I believe it is a virus is that the image of a gold padlock appears on the Firefox and Internet Explorer icons in the task bar at the bottom of the screen.

 

I started a thread on a different forum of this site and was directed here for help. I tried to run DDS.com, but I get an error message saying "DDS is not meant to run in Compatibility Mode”. I read a post on Bleeping computer.com that DDS.com may not be compatible with Windows 8.1 which is what I am running.

 

Please share with me how to remove this browser hijacker.

 

Thanks, RedGlare.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 05 June 2014 - 02:21 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 05 June 2014 - 08:47 PM

Thanks. I'm anxious to fix this!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by HAL 2000 (administrator) on LENOVO-PC on 05-06-2014 20:40:57
Running from C:\Users\HAL 2000\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgscanx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Lenovo) C:\Program Files\lenovo\Power Control Switch\LenovoCOMSvc.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files\lenovo\Power Control Switch\LitModeCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Lenovo) C:\Program Files\lenovo\Power Control Switch\LitModeSwitch.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-09-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKU\S-1-5-21-31387105-685410773-1798804197-1002\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\HAL 2000\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3c172ab1876e47d2a1ed95c31deaf471-c91a1909881d2b58514507d5764e5a80462b0a7e /CMPID=0214c
HKU\S-1-5-21-31387105-685410773-1798804197-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-31387105-685410773-1798804197-1002\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7681856 2014-03-17] (OrdinarySoft)
HKU\S-1-5-21-31387105-685410773-1798804197-1002\...\Run: [CloudSystemBooster] => "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe"  /hide /autorun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {85B669E3-E21A-4084-86B6-B4953D521734} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - URL http://www.safesear.ch/web/?type=20140520-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 - {85B669E3-E21A-4084-86B6-B4953D521734} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://www.safesear.ch/web/?type=20140520-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKCU - {85B669E3-E21A-4084-86B6-B4953D521734} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TidyNetwork - {E5FF64A0-17A8-3463-C3DA-85AB0CADB9DA} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll No File
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll (Check Point Software Technologies LTD)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HAL 2000\AppData\Roaming\Mozilla\Firefox\Profiles\letb45r5.default-1401599666913
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\key-find.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2014-02-13] (Autodesk)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] ()
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-07-17] (LENOVO INCORPORATED.)
R2 LenovoCOMSvc; C:\Program Files\lenovo\Power Control Switch\LenovoCOMSvc.exe [37376 2012-09-24] (Lenovo)
R3 LitModeCtrl; C:\Program Files\lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-09-24] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [84280 2013-08-19] (Maxthon)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-03-29] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 20:40 - 2014-06-05 20:41 - 00016756 _____ () C:\Users\HAL 2000\Desktop\FRST.txt
2014-06-05 20:40 - 2014-06-05 20:40 - 00000000 ____D () C:\FRST
2014-06-05 20:39 - 2014-06-05 20:37 - 02068992 _____ (Farbar) C:\Users\HAL 2000\Desktop\FRST64.exe
2014-06-05 20:37 - 2014-06-05 20:37 - 02068992 _____ (Farbar) C:\Users\HAL 2000\Downloads\FRST64.exe
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 14:51 - 2014-06-03 15:08 - 00000000 ____D () C:\Users\HAL 2000\Desktop\24Gear setup
2014-06-01 23:10 - 2014-06-01 23:10 - 00000427 _____ () C:\Users\HAL 2000\Desktop\D-day landings scenes in 1944 and now – interactive  Art and design  theguardian.com.url
2014-06-01 23:10 - 2014-06-01 23:10 - 00000323 _____ () C:\Users\HAL 2000\Desktop\Blitz ghosts. - an album on Flickr.url
2014-06-01 21:37 - 2014-06-01 21:43 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Foster Fulshear Cemetery
2014-06-01 21:36 - 2014-06-01 21:36 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 30 2014
2014-06-01 21:35 - 2014-06-01 21:35 - 00000000 ____D () C:\Users\HAL 2000\Desktop\DCIM
2014-06-01 15:32 - 2014-06-01 15:32 - 00000084 _____ () C:\Users\HAL 2000\Desktop\New Text Document.txt
2014-06-01 15:03 - 2014-06-05 19:12 - 00001490 _____ () C:\windows\setupact.log
2014-06-01 15:03 - 2014-06-01 15:03 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-06-01 15:03 - 2014-06-01 15:03 - 00000000 _____ () C:\windows\setuperr.log
2014-06-01 13:18 - 2014-06-01 13:18 - 00011529 _____ () C:\Users\HAL 2000\Downloads\hijackthis.log
2014-06-01 13:14 - 2014-06-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\HAL 2000\Downloads\hijackthis.exe
2014-06-01 10:23 - 2014-06-05 20:37 - 00257289 _____ () C:\windows\WindowsUpdate.log
2014-05-31 20:26 - 2014-05-31 20:50 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Bleeping Old Stuff
2014-05-31 20:24 - 2014-05-31 20:24 - 00000259 _____ () C:\Users\HAL 2000\Desktop\Infected with safesear.ch- Hijacked Firefox and IE11 - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-05-31 15:36 - 2014-05-31 15:37 - 01016261 _____ (Thisisu) C:\Users\HAL 2000\Downloads\JRT(1).exe
2014-05-31 15:27 - 2014-05-31 15:27 - 04748896 _____ (Piriform Ltd) C:\Users\HAL 2000\Downloads\ccsetup414.exe
2014-05-29 20:30 - 2014-05-30 22:33 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth T660 v2
2014-05-29 20:30 - 2014-05-29 20:36 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth K100 v2
2014-05-29 20:30 - 2014-05-29 20:35 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth 900B Long Version
2014-05-29 20:29 - 2014-05-29 20:36 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth W900aRC
2014-05-29 20:29 - 2014-05-29 20:36 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth T800
2014-05-27 22:43 - 2014-05-27 22:43 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv(1).bat
2014-05-27 21:20 - 2013-12-08 16:14 - 01299617 _____ () C:\Users\HAL 2000\Desktop\Chris Spana Genre Project.pptx
2014-05-26 22:17 - 2014-05-26 22:20 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Echo Canyon
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 25 2014 E Rock
2014-05-26 20:39 - 2014-05-26 20:43 - 00000000 ____D () C:\Users\HAL 2000\Desktop\ring
2014-05-26 20:21 - 2014-05-26 20:45 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 26 2014
2014-05-26 18:48 - 2014-05-26 18:48 - 27769568 _____ (Microsoft Corporation) C:\Users\HAL 2000\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-26 18:32 - 2014-05-26 18:32 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\HAL 2000\Downloads\rkill64.com
2014-05-26 18:31 - 2014-05-26 18:32 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\HAL 2000\Downloads\rkill.com
2014-05-26 17:24 - 2014-06-01 00:14 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Old Firefox Data
2014-05-26 13:44 - 2014-05-26 13:44 - 00000000 ____D () C:\windows\pss
2014-05-23 22:19 - 2014-05-23 22:19 - 00000246 _____ () C:\Users\HAL 2000\Desktop\How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI).url
2014-05-23 22:19 - 2014-05-23 22:19 - 00000233 _____ () C:\Users\HAL 2000\Desktop\Simple and easy ways to keep your computer safe and secure on the Internet.url
2014-05-22 19:50 - 2014-05-22 19:50 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv (2).bat
2014-05-22 19:28 - 2014-05-22 19:28 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv (1).bat
2014-05-22 19:26 - 2014-05-22 19:27 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv.bat
2014-05-21 21:22 - 2014-05-21 21:22 - 01326389 _____ () C:\Users\HAL 2000\Downloads\adwcleaner_3.210.exe
2014-05-20 23:26 - 2014-05-20 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-05-20 23:26 - 2014-05-20 23:31 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-05-20 23:25 - 2014-05-20 23:25 - 15843784 _____ (Anvisoft) C:\Users\HAL 2000\Downloads\csbsetup.exe
2014-05-20 18:52 - 2014-05-20 18:52 - 00000452 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\Users\HAL 2000\AppData\Roaming\StartMenuX
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\ProgramData\StartMenuX
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\Program Files\Start Menu X
2014-05-20 17:11 - 2014-05-21 21:25 - 00000000 ____D () C:\SUPERDelete
2014-05-20 16:54 - 2014-05-20 16:54 - 00002268 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-05-20 16:54 - 2014-05-20 16:54 - 00000000 ____D () C:\Program Files (x86)\Fast Browser
2014-05-20 16:53 - 2014-06-01 12:09 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-05-20 16:53 - 2014-06-01 12:09 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-05-20 16:53 - 2014-05-20 16:53 - 00000258 __RSH () C:\Users\HAL 2000\ntuser.pol
2014-05-20 16:49 - 2014-05-20 18:51 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (6).php
2014-05-20 16:44 - 2014-05-20 16:44 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (5).php
2014-05-20 16:43 - 2014-05-20 16:43 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (3).php
2014-05-20 16:43 - 2014-05-20 16:43 - 00000176 _____ () C:\Users\HAL 2000\Downloads\attachment (4).php
2014-05-20 16:42 - 2014-05-20 16:42 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (2).php
2014-05-20 16:42 - 2014-05-20 16:42 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (1).php
2014-05-18 23:53 - 2014-05-18 23:53 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Maps 2014
2014-05-18 23:51 - 2014-05-18 23:54 - 00000000 ____D () C:\Users\HAL 2000\Desktop\pARADE
2014-05-18 20:30 - 2014-06-03 07:23 - 00000000 ____D () C:\Users\HAL 2000\Desktop\chris bermuda presentation
2014-05-14 19:17 - 2014-03-23 21:30 - 00257880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-14 19:17 - 2014-03-23 21:30 - 00123224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-05-14 19:17 - 2014-03-23 21:27 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-14 19:17 - 2014-03-13 02:42 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-05-14 19:17 - 2014-03-13 01:51 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-05-14 19:16 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-14 19:16 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-14 19:16 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 19:16 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-14 19:16 - 2014-04-11 05:03 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll
2014-05-14 19:16 - 2014-04-11 05:03 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-05-14 19:16 - 2014-04-11 03:25 - 00419928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinapi.appcore.dll
2014-05-14 19:16 - 2014-04-11 01:04 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-05-14 19:16 - 2014-04-11 00:53 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe
2014-05-14 19:16 - 2014-04-11 00:22 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-05-14 19:16 - 2014-04-10 22:54 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-05-14 19:16 - 2014-04-10 22:36 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-05-14 19:16 - 2014-04-10 22:24 - 13288960 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-05-14 19:16 - 2014-04-10 22:06 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-05-14 19:16 - 2014-04-10 22:05 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 19:16 - 2014-04-10 22:05 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-05-14 19:16 - 2014-04-10 22:02 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 19:16 - 2014-04-10 22:02 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-05-14 19:16 - 2014-04-10 22:01 - 00137728 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-05-14 19:16 - 2014-04-10 22:00 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-05-14 19:16 - 2014-04-10 21:59 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-05-14 19:16 - 2014-04-10 21:57 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-05-14 19:16 - 2014-04-10 21:56 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-05-14 19:16 - 2014-04-10 21:55 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-05-14 19:16 - 2014-04-10 21:53 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-05-14 19:16 - 2014-04-10 21:52 - 03464192 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-05-14 19:16 - 2014-04-10 21:46 - 01705472 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-05-14 19:16 - 2014-04-10 21:36 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2014-05-14 19:16 - 2014-04-10 21:34 - 00754688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-14 19:16 - 2014-04-10 21:29 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2014-05-14 19:16 - 2014-04-10 21:25 - 00921088 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-14 19:16 - 2014-04-08 17:46 - 00086688 _____ (Microsoft Corporation) C:\windows\system32\mrt_map.dll
2014-05-14 19:16 - 2014-04-08 17:46 - 00028320 _____ (Microsoft Corporation) C:\windows\system32\mrt100.dll
2014-05-14 19:16 - 2014-04-08 13:54 - 00080032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mrt_map.dll
2014-05-14 19:16 - 2014-04-08 13:54 - 00026784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mrt100.dll
2014-05-14 19:16 - 2014-03-27 04:12 - 21225584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 19:16 - 2014-03-27 02:48 - 18679728 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-06-05 20:41 - 2014-06-05 20:40 - 00016756 _____ () C:\Users\HAL 2000\Desktop\FRST.txt
2014-06-05 20:41 - 2014-02-09 15:01 - 00000212 _____ () C:\Users\HAL 2000\Documents\pms.xml
2014-06-05 20:41 - 2014-02-09 15:01 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\Temp
2014-06-05 20:40 - 2014-06-05 20:40 - 00000000 ____D () C:\FRST
2014-06-05 20:38 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2014-06-05 20:37 - 2014-06-05 20:39 - 02068992 _____ (Farbar) C:\Users\HAL 2000\Desktop\FRST64.exe
2014-06-05 20:37 - 2014-06-05 20:37 - 02068992 _____ (Farbar) C:\Users\HAL 2000\Downloads\FRST64.exe
2014-06-05 20:37 - 2014-06-01 10:23 - 00257289 _____ () C:\windows\WindowsUpdate.log
2014-06-05 20:35 - 2014-02-09 01:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-05 20:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-05 20:34 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\Lexanom
2014-06-05 20:33 - 2014-02-09 15:10 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{33C81E36-B029-4E0A-A471-B42FCB1EE730}
2014-06-05 20:33 - 2014-02-09 01:03 - 00000000 ____D () C:\LFS
2014-06-05 20:26 - 2014-02-10 00:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2014-06-05 19:56 - 2014-02-09 01:34 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 19:12 - 2014-06-01 15:03 - 00001490 _____ () C:\windows\setupact.log
2014-06-05 17:20 - 2013-12-23 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-06-05 07:56 - 2014-02-09 01:34 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 07:02 - 2014-02-09 15:01 - 00000280 _____ () C:\Users\HAL 2000\AppData\Local\RegisteredPackageInformation.xml
2014-06-05 07:02 - 2014-02-09 00:01 - 02611200 ___SH () C:\Users\HAL 2000\Desktop\Thumbs.db
2014-06-04 23:40 - 2014-02-09 00:08 - 00000008 _____ () C:\Users\HAL 2000\Documents\lmscfg
2014-06-04 23:30 - 2014-04-05 14:39 - 00732160 ___SH () C:\Users\HAL 2000\Downloads\Thumbs.db
2014-06-04 22:25 - 2014-02-09 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-04 08:08 - 2014-02-09 15:01 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\Packages
2014-06-03 21:42 - 2014-02-09 13:57 - 00204110 _____ () C:\Users\HAL 2000\Desktop\Phone Numbers.xlsx
2014-06-03 17:02 - 2014-03-10 12:38 - 00000000 ____D () C:\Users\HAL 2000\Documents\Euro Truck Simulator 2
2014-06-03 15:08 - 2014-06-03 14:51 - 00000000 ____D () C:\Users\HAL 2000\Desktop\24Gear setup
2014-06-03 07:23 - 2014-05-18 20:30 - 00000000 ____D () C:\Users\HAL 2000\Desktop\chris bermuda presentation
2014-06-03 06:56 - 2013-08-31 10:40 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-01 23:10 - 2014-06-01 23:10 - 00000427 _____ () C:\Users\HAL 2000\Desktop\D-day landings scenes in 1944 and now – interactive  Art and design  theguardian.com.url
2014-06-01 23:10 - 2014-06-01 23:10 - 00000323 _____ () C:\Users\HAL 2000\Desktop\Blitz ghosts. - an album on Flickr.url
2014-06-01 21:43 - 2014-06-01 21:37 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Foster Fulshear Cemetery
2014-06-01 21:36 - 2014-06-01 21:36 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 30 2014
2014-06-01 21:35 - 2014-06-01 21:35 - 00000000 ____D () C:\Users\HAL 2000\Desktop\DCIM
2014-06-01 15:32 - 2014-06-01 15:32 - 00000084 _____ () C:\Users\HAL 2000\Desktop\New Text Document.txt
2014-06-01 15:03 - 2014-06-01 15:03 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-06-01 15:03 - 2014-06-01 15:03 - 00000000 _____ () C:\windows\setuperr.log
2014-06-01 13:55 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-01 13:28 - 2014-02-09 15:06 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-31387105-685410773-1798804197-1002
2014-06-01 13:18 - 2014-06-01 13:18 - 00011529 _____ () C:\Users\HAL 2000\Downloads\hijackthis.log
2014-06-01 13:15 - 2014-02-09 15:01 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\VirtualStore
2014-06-01 13:14 - 2014-06-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\HAL 2000\Downloads\hijackthis.exe
2014-06-01 12:09 - 2014-05-20 16:53 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-06-01 12:09 - 2014-05-20 16:53 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-06-01 00:14 - 2014-05-26 17:24 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Old Firefox Data
2014-05-31 20:50 - 2014-05-31 20:26 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Bleeping Old Stuff
2014-05-31 20:24 - 2014-05-31 20:24 - 00000259 _____ () C:\Users\HAL 2000\Desktop\Infected with safesear.ch- Hijacked Firefox and IE11 - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-05-31 16:42 - 2013-08-31 11:36 - 00000000 ____D () C:\windows\Panther
2014-05-31 16:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-31 15:37 - 2014-05-31 15:36 - 01016261 _____ (Thisisu) C:\Users\HAL 2000\Downloads\JRT(1).exe
2014-05-31 15:27 - 2014-05-31 15:27 - 04748896 _____ (Piriform Ltd) C:\Users\HAL 2000\Downloads\ccsetup414.exe
2014-05-31 15:27 - 2014-03-23 22:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-30 22:33 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth T660 v2
2014-05-29 20:36 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth K100 v2
2014-05-29 20:36 - 2014-05-29 20:29 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth W900aRC
2014-05-29 20:36 - 2014-05-29 20:29 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth T800
2014-05-29 20:35 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Kenworth 900B Long Version
2014-05-29 19:45 - 2014-03-10 12:35 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2
2014-05-27 22:55 - 2014-02-09 15:13 - 00000000 ____D () C:\Users\HAL 2000\AppData\Roaming\LSC
2014-05-27 22:55 - 2014-02-09 15:13 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\LSC
2014-05-27 22:55 - 2013-12-23 14:17 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-05-27 22:55 - 2013-12-23 14:17 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-27 22:55 - 2013-12-23 14:17 - 00000000 ____D () C:\Program Files\lenovo
2014-05-27 22:54 - 2013-12-23 14:32 - 00000000 ____D () C:\windows\Downloaded Installations
2014-05-27 22:43 - 2014-05-27 22:43 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv(1).bat
2014-05-26 22:20 - 2014-05-26 22:17 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Echo Canyon
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 25 2014 E Rock
2014-05-26 20:45 - 2014-05-26 20:21 - 00000000 ____D () C:\Users\HAL 2000\Desktop\May 26 2014
2014-05-26 20:43 - 2014-05-26 20:39 - 00000000 ____D () C:\Users\HAL 2000\Desktop\ring
2014-05-26 18:48 - 2014-05-26 18:48 - 27769568 _____ (Microsoft Corporation) C:\Users\HAL 2000\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-26 18:32 - 2014-05-26 18:32 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\HAL 2000\Downloads\rkill64.com
2014-05-26 18:32 - 2014-05-26 18:31 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\HAL 2000\Downloads\rkill.com
2014-05-26 13:44 - 2014-05-26 13:44 - 00000000 ____D () C:\windows\pss
2014-05-23 22:19 - 2014-05-23 22:19 - 00000246 _____ () C:\Users\HAL 2000\Desktop\How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI).url
2014-05-23 22:19 - 2014-05-23 22:19 - 00000233 _____ () C:\Users\HAL 2000\Desktop\Simple and easy ways to keep your computer safe and secure on the Internet.url
2014-05-23 17:02 - 2014-02-08 23:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-22 19:50 - 2014-05-22 19:50 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv (2).bat
2014-05-22 19:28 - 2014-05-22 19:28 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv (1).bat
2014-05-22 19:27 - 2014-05-22 19:26 - 00000104 _____ () C:\Users\HAL 2000\Downloads\getserv.bat
2014-05-21 21:25 - 2014-05-20 17:11 - 00000000 ____D () C:\SUPERDelete
2014-05-21 21:22 - 2014-05-21 21:22 - 01326389 _____ () C:\Users\HAL 2000\Downloads\adwcleaner_3.210.exe
2014-05-21 16:32 - 2014-04-11 16:47 - 00208396 _____ () C:\Users\HAL 2000\Desktop\BindSignalError.log
2014-05-20 23:31 - 2014-05-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-05-20 23:31 - 2014-05-20 23:26 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-05-20 23:25 - 2014-05-20 23:25 - 15843784 _____ (Anvisoft) C:\Users\HAL 2000\Downloads\csbsetup.exe
2014-05-20 18:52 - 2014-05-20 18:52 - 00000452 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-05-20 18:51 - 2014-05-20 16:49 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (6).php
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\Users\HAL 2000\AppData\Roaming\StartMenuX
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\ProgramData\StartMenuX
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\Program Files\Start Menu X
2014-05-20 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\LiveKernelReports
2014-05-20 16:58 - 2014-03-21 19:21 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\Fast Browser
2014-05-20 16:55 - 2014-03-21 18:11 - 00000000 ____D () C:\ProgramData\Norton
2014-05-20 16:54 - 2014-05-20 16:54 - 00002268 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-05-20 16:54 - 2014-05-20 16:54 - 00000000 ____D () C:\Program Files (x86)\Fast Browser
2014-05-20 16:54 - 2014-03-21 19:21 - 00002234 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-05-20 16:53 - 2014-05-20 16:53 - 00000258 __RSH () C:\Users\HAL 2000\ntuser.pol
2014-05-20 16:53 - 2014-02-09 15:01 - 00000000 ____D () C:\Users\HAL 2000
2014-05-20 16:44 - 2014-05-20 16:44 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (5).php
2014-05-20 16:43 - 2014-05-20 16:43 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (3).php
2014-05-20 16:43 - 2014-05-20 16:43 - 00000176 _____ () C:\Users\HAL 2000\Downloads\attachment (4).php
2014-05-20 16:42 - 2014-05-20 16:42 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (2).php
2014-05-20 16:42 - 2014-05-20 16:42 - 00007527 _____ () C:\Users\HAL 2000\Downloads\attachment (1).php
2014-05-19 17:45 - 2014-03-31 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-18 23:54 - 2014-05-18 23:51 - 00000000 ____D () C:\Users\HAL 2000\Desktop\pARADE
2014-05-18 23:53 - 2014-05-18 23:53 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Maps 2014
2014-05-18 11:33 - 2014-02-09 16:36 - 00000000 ____D () C:\Computer
2014-05-15 16:51 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2014-05-15 16:31 - 2014-03-23 23:43 - 00000000 ___RD () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:31 - 2014-03-23 23:43 - 00000000 ___RD () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ToastData
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\WinStore
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 23:51 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 19:30 - 2014-02-09 01:54 - 00000000 ____D () C:\windows\system32\MRT
2014-05-14 19:30 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-14 19:30 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2014-05-13 22:38 - 2014-02-09 16:16 - 00000000 ____D () C:\Users\HAL 2000\Desktop\Sarah
2014-05-13 20:32 - 2014-02-10 23:30 - 00000000 ____D () C:\Users\HAL 2000\AppData\Roaming\Nitro PDF
2014-05-13 20:27 - 2014-02-10 00:51 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:04 - 2014-02-09 01:44 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-05-08 07:51 - 2014-02-09 01:34 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:51 - 2014-02-09 01:34 - 00003658 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:24 - 2014-04-27 12:49 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\YXPack

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 20:40

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by HAL 2000 at 2014-06-05 20:42:07
Running from C:\Users\HAL 2000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

18 Wheels of Steel Extreme Trucker 2 (HKLM-x32\...\{A2B65355-E44A-4662-9533-AB5A4A3533ED}) (Version: 1.00.0000 - Valusoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bus & Cable Car Simulator - San Francisco (HKLM-x32\...\Bus & Cable Car Simulator - San Francisco) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
NVIDIA Control Panel 327.14 (Version: 327.14 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.14 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
rFactor (remove only) (HKLM-x32\...\rFactor) (Version:  - )
SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
Start Menu X version 5.121 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.121 - OrdinarySoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
SupremeDownloader v1.0 (HKLM-x32\...\SupremeDownloader_is1) (Version: 1.0.0.0 - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLFSDash (HKCU\...\VLFSDash) (Version:  - )

==================== Restore Points  =========================

21-05-2014 04:26:21 Anvi CSB 3.2
28-05-2014 03:54:25 Installed Lenovo Solution Center.

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0372A959-F958-4575-A02C-8CA87884DA7C} - \PCHelpers_period No Task File <==== ATTENTION
Task: {03E308F1-65AD-4923-BEE8-47326F149B1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {104E65C8-A988-4FFE-9B01-07993A690461} - \PCHelpers1st No Task File <==== ATTENTION
Task: {10CC8286-BD16-452D-ACD6-72446FE59CA5} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {12C53B24-152E-4495-A330-E9C14A94EE98} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-07-17] ()
Task: {16F11BC6-888F-43AB-9E93-18EF10FBD7E0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {1E4472A2-70C6-4359-B943-5A68FA2F9612} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21B03625-A0AA-460B-BE7A-F3510B235406} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {23F40D95-EEF7-4764-979C-BCF3C7A596B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {250BB596-5F6B-4FF1-AAC3-2E3FC8F7062C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2658ECF6-64F3-45DB-B71C-8D6E703594C3} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {26E76B52-2C12-49F3-9982-C76B06A2038F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {27E02234-C688-4B84-969E-DC2368DAC71C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A1CCFA7-132A-4E7C-BF5A-F948ACEEBC2A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {51695769-3B5C-4217-B14B-94874731D887} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-07-17] ()
Task: {5B8B815E-7373-4257-B8F3-06BBBA935092} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {5E333CFF-DA5B-40BE-A629-F663D9F04C99} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {61A77BB1-06F3-4E9C-891A-0EEAFBB066C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BEE440F-5757-44E9-A5FC-DDA11D2AA1C1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-31387105-685410773-1798804197-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7E11F59D-D4D8-40A6-804C-C0845CB40975} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-31387105-685410773-1798804197-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BFFCF64-EF13-4AB3-BD86-4BF99B3D0A41} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5247DAB-0EF9-49F6-9FFD-CB3E7D8AA246} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B7503483-BB97-409D-BFB5-3662DB539754} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {BBD73CD9-7248-4693-9651-67B21A820535} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-05-04] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF107664-C868-45B8-86BA-DD7787F7B221} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-16 20:52 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-08 23:37 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-23 14:15 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-12-23 14:28 - 2013-05-14 13:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-23 16:50 - 2014-05-23 16:50 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-23 14:15 - 2011-08-16 23:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-12-23 14:15 - 2013-09-12 04:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-12-23 14:15 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\HAL 2000:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\HAL 2000\Application Data:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\Cookies:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\Local Settings:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\Templates:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\HAL 2000\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 05:41:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program eurotrucks2.exe version 1.10.0.7 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 910

Start Time: 01cf7f6661dbf86f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe

Report Id: 37f60128-eb70-11e3-82a4-448a5b0e1d82

Faulting package full name:

Faulting package-relative application ID:

Error: (06/03/2014 02:59:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.10.0.7, time stamp: 0x53711efb
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xc0000025
Fault offset: 0x00011d4d
Faulting process id: 0x844
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5

Error: (06/03/2014 02:39:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.10.0.7, time stamp: 0x53711efb
Faulting module name: eurotrucks2.exe, version: 1.10.0.7, time stamp: 0x53711efb
Exception code: 0xc0000005
Fault offset: 0x00001590
Faulting process id: 0x23e4
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5

Error: (06/01/2014 10:39:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x101a3430
Faulting process id: 0x1c24
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5

Error: (05/31/2014 09:28:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


System errors:
=============
Error: (06/05/2014 07:02:13 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (06/05/2014 07:02:12 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (06/04/2014 11:40:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (06/04/2014 08:25:05 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/04/2014 08:24:35 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/04/2014 08:01:51 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/04/2014 08:01:21 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/04/2014 07:49:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (06/04/2014 07:49:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (06/03/2014 11:09:00 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.


Microsoft Office Sessions:
=========================
Error: (06/03/2014 05:41:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: eurotrucks2.exe1.10.0.791001cf7f6661dbf86f4294967295C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe37f60128-eb70-11e3-82a4-448a5b0e1d82

Error: (06/03/2014 02:59:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.10.0.753711efbKERNELBASE.dll6.3.9600.17055532943a3c000002500011d4d84401cf7f65e4e54aacC:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exeC:\windows\SYSTEM32\KERNELBASE.dll8976dc75-eb59-11e3-82a4-448a5b0e1d82

Error: (06/03/2014 02:39:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.10.0.753711efbeurotrucks2.exe1.10.0.753711efbc00000050000159023e401cf7f5d5bc58d39C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exeC:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exec8235732-eb56-11e3-82a4-448a5b0e1d82

Error: (06/01/2014 10:39:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c000041d101a34301c2401cf7daddd568a9eC:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknowne2df1eaa-e9a2-11e3-82a1-448a5b0e1d82

Error: (05/31/2014 09:28:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


CodeIntegrity Errors:
===================================
  Date: 2014-02-12 21:18:52.201
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 21:18:51.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 20:20:43.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 19:20:59.563
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 19:11:47.232
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 18:12:14.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 18:02:38.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 18:01:07.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 17:54:19.124
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-12 17:35:22.365
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 12220.36 MB
Available physical RAM: 10567.62 MB
Total Pagefile: 14076.36 MB
Available Pagefile: 12291.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:823.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9466FAF0)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 06 June 2014 - 02:26 AM

Hi,

please run the following fix. Then tell me which problems still persist after the reboot.



Please download this attached Attached File  fixlist.txt   1.22KB   11 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 06 June 2014 - 07:48 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by HAL 2000 at 2014-06-06 07:40:39 Run:1
Running from C:\Users\HAL 2000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION7
SearchScopes: HKLM-x32 - URL http://www.safesear.ch/web/?type=20140520-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKCU - URL http://www.safesear.ch/web/?type=20140520-135-sshome-ie-df&q={searchTerms}
BHO: TidyNetwork - {E5FF64A0-17A8-3463-C3DA-85AB0CADB9DA} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
C:\Program Files (x86)\TidyNetwork
2014-05-20 16:53 - 2014-05-20 16:53 - 00000258 __RSH () C:\Users\HAL 2000\ntuser.pol
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\key-find.xml
2014-05-20 16:54 - 2014-05-20 16:54 - 00002268 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-05-20 16:54 - 2014-05-20 16:54 - 00000000 ____D () C:\Program Files (x86)\Fast Browser
2014-05-20 16:58 - 2014-03-21 19:21 - 00000000 ____D () C:\Users\HAL 2000\AppData\Local\Fast Browser
2014-05-20 16:54 - 2014-03-21 19:21 - 00002234 _____ () C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
Task: {104E65C8-A988-4FFE-9B01-07993A690461} - \PCHelpers1st No Task File <==== ATTENTION
Task: {0372A959-F958-4575-A02C-8CA87884DA7C} - \PCHelpers_period No Task File <==== ATTENTION
Reboot:
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5FF64A0-17A8-3463-C3DA-85AB0CADB9DA}' => Key deleted successfully.
'HKCR\CLSID\{E5FF64A0-17A8-3463-C3DA-85AB0CADB9DA}' => Key deleted successfully.
"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.
C:\Users\HAL 2000\ntuser.pol => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\key-find.xml => Moved successfully.
C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk => Moved successfully.
C:\Program Files (x86)\Fast Browser => Moved successfully.
C:\Users\HAL 2000\AppData\Local\Fast Browser => Moved successfully.
C:\Users\HAL 2000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{104E65C8-A988-4FFE-9B01-07993A690461}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104E65C8-A988-4FFE-9B01-07993A690461}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers1st' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0372A959-F958-4575-A02C-8CA87884DA7C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0372A959-F958-4575-A02C-8CA87884DA7C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers_period' => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 06 June 2014 - 12:59 PM

Can you please tell me which problems still persist now?

#7 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 06 June 2014 - 09:33 PM

Everything appears to working just fine. You guys are awesome - thanks!

 

RedGlare



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 07 June 2014 - 11:56 AM

That's great to here.
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 07 June 2014 - 02:56 PM

Here's the log. Thanks.

 

C:\Users\HAL 2000\Downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\HAL 2000\Downloads\CheatEngine63.exe    Win32/OpenCandy potentially unsafe application
C:\Users\HAL 2000\Downloads\CCleaner_TSV275GVY\c8f069a68d57da55102d58cfe24c0d72_ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 08 June 2014 - 03:31 PM

Very good. These are just setups that have toolbars bundled to it. But no more active malware or adware.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 03 September 2014 - 06:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users