Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Redirecting


  • This topic is locked This topic is locked
32 replies to this topic

#1 HijackThat

HijackThat

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 14 December 2014 - 06:34 PM

Redirecting to sites like google-analytics.com, kennyross.com, truecar.com

Firefox version: 34.0.5

Malwarebytes: finds nothing

 *some online forums I found on the topic talk about hosts file, mine was modified on 12/9/14 (not by me) and now it is a "text document" versus a "file" and has after the #s:

127.0.0.1       localhost
::1                 localhost

*other solutions included add-ons that blocked google-analytics.com, but that was only blocking the annoyance and not fixing the problom.

Thank you for your help


Edited by HijackThat, 14 December 2014 - 06:37 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 19 December 2014 - 06:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559838 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 20 December 2014 - 04:30 AM

1. Description: Firefox v.34.0.5 redirects to pages like www.google-analytics.com when I click on links within web-pages.  I noticed that my hosts file was modified on 12/9/14 (not by me) and it has "127.0.0.1 localhost" and "::1 localhost" after the ###s. 
2. DDS log below
3. No Windows CD
4. Thank you
for your help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.71.2
Run by ASUS at 1:02:24 on 2014-12-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.4040 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\ASUS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\isoburn.lnk - C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\isoburn.exe
StartupFolder: C:\Users\ASUS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SndVol.lnk - C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\SndVol.exe
StartupFolder: C:\Users\ASUS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\upnpcont.lnk - C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\upnpcont.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1 209.18.47.62
TCP: Interfaces\{1E6323ED-1954-412F-A5A4-FBDB1CEFF48A} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{266D77B7-2C62-4247-A5EA-72DB1989415E} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{6A74AFC5-8664-422A-978A-9311B42B88AE} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C} : DHCPNameServer = 192.168.1.1 209.18.47.62
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\2375942554037313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\25F647F62777163786 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\25F647F62777163786 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\6596567702342756374702C4F6467656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\8457D616E6560235F636965647970223E243 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}\8457D616E6560235F636965647970253 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F9075C88-54EF-448D-838A-D1629CFBE2D7} : NameServer = 8.8.8.8,8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 162.247.13.62 www.google-analytics.com.
Hosts: 162.247.13.62 google-analytics.com.
Hosts: 162.247.13.62 connect.facebook.net.
Hosts: 195.162.68.59 www.google-analytics.com.
Hosts: 195.162.68.59 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default\
FF - prefs.js: network.proxy.ftp - 114.34.81.46
FF - prefs.js: network.proxy.ftp_port - 8088
FF - prefs.js: network.proxy.gopher - 114.34.81.46
FF - prefs.js: network.proxy.gopher_port - 8088
FF - prefs.js: network.proxy.http - 114.34.81.46
FF - prefs.js: network.proxy.http_port - 8088
FF - prefs.js: network.proxy.socks - 114.34.81.46
FF - prefs.js: network.proxy.socks_port - 8088
FF - prefs.js: network.proxy.ssl - 114.34.81.46
FF - prefs.js: network.proxy.ssl_port - 8088
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-12-20 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R2 lxec_device;lxec_device;C:\Windows\System32\lxeccoms.exe -service --> C:\Windows\System32\lxeccoms.exe -service [?]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-5-27 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-5-27 70152]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2010-12-20 67664]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-14 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-20 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-29 289280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-22 76912]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-23 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-23 180224]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-12-20 267480]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-7-31 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-6-21 21872]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-11-7 266240]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-31 129752]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-25 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-29 20:24:46 -------- d-----w- C:\Program Files (x86)\Advanced PowerPoint To PDF 5.0
2014-11-29 05:45:26 -------- d-----w- C:\Users\ASUS\AppData\Roaming\Nitro
2014-11-29 05:45:26 -------- d-----w- C:\Users\ASUS\AppData\Roaming\FileOpen
2014-11-29 05:45:26 -------- d-----w- C:\ProgramData\FileOpen
2014-11-29 05:44:58 29704 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2014-11-29 05:44:58 17928 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2014-11-29 05:44:54 -------- d-----w- C:\ProgramData\Nitro
2014-11-29 05:44:54 -------- d-----w- C:\Program Files\Common Files\Nitro
2014-11-29 05:44:54 -------- d-----w- C:\Program Files (x86)\Nitro
2014-11-29 05:44:54 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro
2014-11-29 05:44:22 -------- d-----w- C:\Users\ASUS\AppData\Roaming\Downloaded Installations
2014-11-29 05:11:12 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2014-11-29 05:11:12 -------- d-----w- C:\ProgramData\Readiris14Pro
2014-11-29 05:10:48 -------- d-----w- C:\Program Files (x86)\Readiris Pro 14
2014-11-29 05:09:32 -------- d-----w- C:\Windows\Downloaded Installations
2014-11-28 22:00:18 -------- d-----w- C:\FRST
2014-11-28 19:02:31 -------- d-----w- C:\Users\ASUS\AppData\Roaming\Panda Security
2014-11-28 19:02:00 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-11-28 18:59:22 -------- d-----w- C:\ProgramData\Panda Security
2014-11-28 07:53:59 -------- d-----w- C:\Users\ASUS\AppData\Local\{0d3f3368-d05c-4a45-9e71-75852046d1c8}
2014-11-26 07:48:03 -------- d-----w- C:\Users\ASUS\AppData\Local\{D469264E-9882-9E28-A2EE-F4EA82C047F3}
2014-11-20 15:33:35 -------- d-----w- C:\Users\ASUS\AppData\Local\{59e48054-0e1b-63d5-a280-ae31d0062c78}
.
==================== Find3M  ====================
.
2014-12-18 15:44:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-13 09:03:13 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-13 09:03:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-14 23:28:40 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-03 07:57:23 129752 ----a-w- C:\Windows\System32\drivers\6B5C4D78.sys
.
============= FINISH:  1:02:50.46 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 20 December 2014 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 20 December 2014 - 02:04 PM

How is the computer running?

Honestly, I don't feel like any of the above addressed my issues (host file change on 12/9 + firefox redirecting), and I already run MBAM daily since 2009, though the FRST + additions clearly demonstrate the problems. 

 

***Note: FRST additions file was too big to attach, it is at the end of this post.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/20/2014
Scan Time: 10:09:08 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.20.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ASUS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335282
Time Elapsed: 20 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

# AdwCleaner v4.105 - Report created 20/12/2014 at 10:36:51
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ASUS - ASUS-PC
# Running from : C:\Users\ASUS\Downloads\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\HPAppData

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\af6426edb5fc05bb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1888 octets] - [20/12/2014 10:32:43]
AdwCleaner[S0].txt - [1823 octets] - [20/12/2014 10:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1883 octets] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by ASUS (administrator) on ASUS-PC on 20-12-2014 10:42:02
Running from C:\Users\ASUS\Downloads
Loaded Profile: ASUS (Available profiles: ASUS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxeccoms.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-14] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-23] (NEC Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\MountPoints2: {d0e0b47c-0d1b-11e3-bb1f-bcaec523f3ae} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-25] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isoburn.lnk
ShortcutTarget: isoburn.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\isoburn.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SndVol.lnk
ShortcutTarget: SndVol.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\SndVol.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upnpcont.lnk
ShortcutTarget: upnpcont.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\upnpcont.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.62
Tcpip\..\Interfaces\{1E6323ED-1954-412F-A5A4-FBDB1CEFF48A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{266D77B7-2C62-4247-A5EA-72DB1989415E}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A74AFC5-8664-422A-978A-9311B42B88AE}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{87EAA230-4BC2-48F5-BEF9-D2732D4C463C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F9075C88-54EF-448D-838A-D1629CFBE2D7}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "ftp", "114.34.81.46"
FF NetworkProxy: "ftp_port", 8088
FF NetworkProxy: "gopher", "114.34.81.46"
FF NetworkProxy: "gopher_port", 8088
FF NetworkProxy: "http", "114.34.81.46"
FF NetworkProxy: "http_port", 8088
FF NetworkProxy: "socks", "114.34.81.46"
FF NetworkProxy: "socks_port", 8088
FF NetworkProxy: "ssl", "114.34.81.46"
FF NetworkProxy: "ssl_port", 8088
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ImageHost Grabber - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-22]
FF Extension: Best Proxy Switcher - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-24]
FF Extension: Hide My Ass Proxy Extension - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default\Extensions\extension@hidemyass.com.xpi [2014-06-04]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\25jznnrc.default\Extensions\firefox@mega.co.nz.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2010-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 10:42 - 2014-12-20 10:42 - 00025044 _____ () C:\Users\ASUS\Downloads\FRST.txt
2014-12-20 10:38 - 2014-12-20 10:38 - 00001971 _____ () C:\Users\ASUS\Desktop\AdwCleaner[S0].txt
2014-12-20 10:37 - 2014-12-20 10:37 - 00000318 _____ () C:\Windows\PFRO.log
2014-12-20 10:32 - 2014-12-20 10:36 - 00000000 ____D () C:\AdwCleaner
2014-12-20 10:29 - 2014-12-20 10:29 - 00001053 _____ () C:\Users\ASUS\Desktop\MBAM.txt
2014-12-20 09:52 - 2014-12-20 09:52 - 02166272 _____ () C:\Users\ASUS\Downloads\adwcleaner_4.105.exe
2014-12-20 01:25 - 2014-12-20 01:25 - 00004022 _____ () C:\Users\ASUS\Desktop\attach.zip
2014-12-20 01:03 - 2014-12-20 01:03 - 00012636 _____ () C:\Users\ASUS\Desktop\attach.txt
2014-12-20 01:03 - 2014-12-20 01:02 - 00025045 _____ () C:\Users\ASUS\Desktop\dds.txt
2014-12-20 01:01 - 2014-12-20 01:01 - 00688992 ____R (Swearware) C:\Users\ASUS\Downloads\dds.com
2014-12-19 12:30 - 2014-12-20 01:32 - 00000000 ____D () C:\Users\ASUS\Desktop\ssleay32
2014-12-19 11:14 - 2014-12-19 11:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Christie Rafting 2010
2014-12-19 10:12 - 2014-12-19 10:12 - 00000325 _____ () C:\Users\ASUS\Desktop\HP Printer Diagnostic Tools.url
2014-12-18 06:31 - 2014-12-20 10:37 - 00000504 _____ () C:\Windows\setupact.log
2014-12-18 06:31 - 2014-12-18 06:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-16 06:46 - 2014-12-16 06:46 - 05162080 _____ (Piriform Ltd) C:\Users\ASUS\Downloads\ccsetup500.exe
2014-12-14 14:52 - 2014-12-14 14:52 - 00000000 ____D () C:\Users\ASUS\Desktop\Car
2014-12-13 08:34 - 2014-12-13 09:25 - 02017031 _____ () C:\Users\ASUS\Desktop\Nicaragua Cheat Sheet.psd
2014-12-13 02:23 - 2014-12-13 02:23 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\ASUS\Downloads\tdsskiller.exe
2014-12-13 02:19 - 2014-12-13 02:20 - 00041756 _____ () C:\Users\ASUS\Desktop\Result.txt
2014-12-13 00:19 - 2014-12-20 10:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 00:19 - 2014-12-13 01:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 23:49 - 2014-12-12 23:50 - 00401920 _____ (Farbar) C:\Users\ASUS\Desktop\MiniToolBox.exe
2014-12-09 22:29 - 2014-12-09 22:29 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-09 02:31 - 2014-12-09 02:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-05 10:36 - 2014-12-18 06:36 - 00001972 _____ () C:\Users\ASUS\Desktop\Replay Video Capture 7.lnk
2014-12-04 17:23 - 2014-12-20 10:41 - 00997632 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 22:32 - 2014-11-30 22:32 - 00946453 _____ () C:\Users\ASUS\Downloads\USBDiskEjector1.3.0.3.zip
2014-11-29 12:24 - 2014-12-01 19:32 - 00000000 ____D () C:\Program Files (x86)\Advanced PowerPoint To PDF 5.0
2014-11-29 12:24 - 2014-11-29 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PowerPoint To PDF 5.0
2014-11-28 21:52 - 2014-11-28 22:05 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Nitro PDF
2014-11-28 21:45 - 2014-11-28 21:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Nitro
2014-11-28 21:45 - 2014-11-28 21:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileOpen
2014-11-28 21:45 - 2014-11-28 21:45 - 00000000 ____D () C:\ProgramData\FileOpen
2014-11-28 21:44 - 2014-11-28 21:44 - 00002531 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2014-11-28 21:44 - 2014-11-28 21:44 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Downloaded Installations
2014-11-28 21:44 - 2014-11-28 21:44 - 00000000 ____D () C:\ProgramData\Nitro
2014-11-28 21:44 - 2014-11-28 21:44 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-11-28 21:44 - 2014-11-28 21:44 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-11-28 21:44 - 2013-05-27 13:54 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2014-11-28 21:44 - 2013-05-27 13:54 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2014-11-28 21:37 - 2014-11-29 12:25 - 12070308 ____T () C:\tmp.ps
2014-11-28 21:37 - 2014-11-29 12:25 - 00000495 _____ () C:\pdfmarks
2014-11-28 21:29 - 2014-11-28 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced All To PDF 5.0
2014-11-28 21:11 - 2014-11-28 21:11 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel
2014-11-28 21:11 - 2014-11-28 21:11 - 00000000 ____D () C:\ProgramData\Readiris14Pro
2014-11-28 21:10 - 2014-11-28 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IRIS
2014-11-28 21:10 - 2014-11-28 21:10 - 00000000 ____D () C:\Program Files (x86)\Readiris Pro 14
2014-11-28 21:09 - 2014-11-28 21:09 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-28 14:00 - 2014-12-20 10:42 - 00000000 ____D () C:\FRST
2014-11-28 13:59 - 2014-12-20 09:53 - 02122240 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
2014-11-28 13:36 - 2014-11-28 13:36 - 02747488 _____ (Symantec Corporation) C:\Users\ASUS\Downloads\FixPoweliks64.exe
2014-11-28 11:02 - 2014-11-28 14:55 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-28 11:02 - 2014-11-28 11:23 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Panda Security
2014-11-28 10:59 - 2014-11-28 11:25 - 00000000 ____D () C:\ProgramData\Panda Security
2014-11-28 10:59 - 2014-11-28 10:59 - 01040816 _____ () C:\Users\ASUS\Downloads\PANDAIS15.exe
2014-11-27 23:53 - 2014-11-28 08:32 - 00000000 ____D () C:\Users\ASUS\AppData\Local\{0d3f3368-d05c-4a45-9e71-75852046d1c8}
2014-11-25 23:48 - 2014-11-27 00:04 - 00000000 ____D () C:\Users\ASUS\AppData\Local\{D469264E-9882-9E28-A2EE-F4EA82C047F3}
2014-11-23 13:26 - 2014-11-23 13:26 - 01077968 _____ (RealNetworks, Inc.) C:\Users\ASUS\Downloads\RealPlayerCloud.exe
2014-11-23 13:26 - 2014-11-23 13:26 - 00000000 ____D () C:\ProgramData\Real
2014-11-22 07:37 - 2014-12-04 18:30 - 00000000 ____D () C:\Users\ASUS\Downloads\ImageGrabber
2014-11-20 07:33 - 2014-11-20 14:36 - 00000000 ____D () C:\Users\ASUS\AppData\Local\{59e48054-0e1b-63d5-a280-ae31d0062c78}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 10:37 - 2010-12-20 16:30 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2014-12-20 10:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 10:15 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 10:15 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 10:12 - 2009-07-13 21:13 - 00729472 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 10:09 - 2014-08-31 23:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 12:02 - 2014-08-13 05:08 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-12-19 10:12 - 2014-02-19 10:54 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\HpUpdate
2014-12-18 06:36 - 2013-10-10 16:39 - 00000000 ____D () C:\Windows\Replay Video Capture 7
2014-12-18 06:36 - 2013-10-10 16:39 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2014-12-18 06:36 - 2013-10-10 16:39 - 00000000 ____D () C:\Program Files (x86)\Replay Video Capture 7
2014-12-16 06:46 - 2013-08-24 16:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-13 10:20 - 2010-12-20 16:33 - 00001315 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-13 01:03 - 2013-08-25 23:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 01:03 - 2013-08-25 23:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 00:19 - 2013-08-24 16:30 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-12-09 23:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 22:54 - 2010-12-20 16:33 - 00002278 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-12-09 22:28 - 2013-08-24 04:23 - 00000000 ____D () C:\Users\ASUS\AppData\Local\VirtualStore
2014-12-09 14:37 - 2014-01-24 04:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 23:30 - 2014-08-31 23:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-28 15:59 - 2014-05-01 02:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\avidemux
2014-11-28 14:55 - 2009-07-13 20:45 - 04940920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-28 13:36 - 2013-08-24 04:23 - 00113128 _____ () C:\Users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-27 00:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-11-23 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2014-11-21 06:14 - 2014-08-31 23:51 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-08-31 23:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-08-31 16:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 14:36 - 2010-12-20 16:18 - 00000000 ____D () C:\Windows\PCHEALTH

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 00:14

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by ASUS at 2014-12-20 10:43:25
Running from C:\Users\ASUS\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.2) (Version: 2.2 - Applian Technologies Inc.)
ASUS FancyStart (HKLM-x32\...\{60D6618B-153F-4353-8185-908E676E5888}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS U Series Bamboo ScreenSaver (HKLM-x32\...\ASUS U Series Bamboo ScreenSaver) (Version: 1.0.0001 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.29 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free QuizMaker 6 (HKLM-x32\...\{829BBFCB-DC13-4C3A-8681-F44E54BBD2F5}) (Version: 6.2.0 - iSpring Solutions Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{ECA5CA8B-CCB0-4611-A9EF-CC796AFE805D}) (Version: 8.5.4.11 - Nitro)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Readiris Pro 14 (HKLM-x32\...\{64A9C130-E372-48E9-B31E-E04A42382751}) (Version: 14.00.2573 - I.R.I.S.)
RealDownloader (HKLM-x32\...\{A88E1685-1986-4A86-8E88-5FE1E727D026}) (Version: 1.2.0 - RealNetworks, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.1.3) (Version: 7.1.3 - Applian Technologies Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.50.0 - SRS Labs, Inc.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.206 - Sonix)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
What's Running 2.2 (HKLM-x32\...\What's Running_is1) (Version: 2.2 - WhatsRunning.net)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1246377405-144990350-4159689615-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path

==================== Restore Points  =========================

18-12-2014 03:12:11 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-12-09 22:29 - 00001506 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
162.247.13.62 www.google-analytics.com.
162.247.13.62 google-analytics.com.
162.247.13.62 connect.facebook.net.
195.162.68.59 www.google-analytics.com.
195.162.68.59 google-analytics.com.
195.162.68.59 connect.facebook.net.
162.247.13.78 www.google-analytics.com.
162.247.13.78 google-analytics.com.
162.247.13.78 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A6C6A1-E607-4AFC-87CC-C0BC5934804C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {1D66C389-7133-4CC0-923A-E86349DDA27F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1246377405-144990350-4159689615-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.)
Task: {3B707620-F68D-4CF6-BB56-2D46A163D36F} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-05-17] (asus)
Task: {40322A8C-732F-4F3E-A3E1-65A99CD8C462} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {461F384E-9BA2-4C20-97B2-CDE498DDCF35} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {55C68868-894B-4642-907D-4A7A8817EECB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {6A6FF672-2B1C-439D-86F4-78109B65D197} - System32\Tasks\{0E727D6B-4E91-4D66-9079-44895BAD1EA4} => pcalua.exe -a "C:\Program Files (x86)\4Media\PDF to PowerPoint Converter\Uninstall.exe"
Task: {A0B2A09C-0E3F-4426-9E20-9B41A5E08F43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {B9602042-2690-4AAD-B008-44B7CCA28BFD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {C392B74C-F3E1-437D-B952-1C8D157CBA99} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1246377405-144990350-4159689615-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09] (RealNetworks, Inc.)
Task: {C8DF0BD8-818A-437A-A548-AFFA435D2820} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-PC-ASUS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {E170BCBB-9A31-4A9B-B526-B897A9BD8DE5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1246377405-144990350-4159689615-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-08-13 20:36 - 2009-11-04 12:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2012-08-09 12:02 - 2012-08-09 12:02 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-11-07 05:14 - 2005-04-21 20:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2010-12-20 16:21 - 2010-09-17 00:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2010-12-20 16:21 - 2010-09-17 00:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2008-09-30 23:02 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-12-20 16:33 - 2007-11-30 11:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-04 17:43 - 2010-01-04 17:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-12-30 17:33 - 2009-12-30 17:33 - 00059904 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-07 05:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-02-23 15:14 - 2010-02-23 15:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-23 15:11 - 2010-02-23 15:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-23 15:12 - 2010-02-23 15:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-23 15:14 - 2010-02-23 15:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-1246377405-144990350-4159689615-500 - Administrator - Disabled)
ASUS (S-1-5-21-1246377405-144990350-4159689615-1000 - Administrator - Enabled) => C:\Users\ASUS
Fix (S-1-5-21-1246377405-144990350-4159689615-1001 - Administrator - Enabled)
Guest (S-1-5-21-1246377405-144990350-4159689615-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 03:49:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2014 03:48:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2014 03:48:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2014 03:48:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/19/2014 01:27:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/19/2014 01:27:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/19/2014 01:27:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/18/2014 08:40:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 1.2.0.144, time stamp: 0x502417c6
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x11f8
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (12/18/2014 07:22:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/18/2014 07:22:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (12/20/2014 10:08:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:05:43 AM on ?12/?20/?2014 was unexpected.

Error: (12/20/2014 01:45:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:43:35 AM on ?12/?20/?2014 was unexpected.

Error: (12/20/2014 01:43:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:42:10 AM on ?12/?20/?2014 was unexpected.

Error: (12/19/2014 11:09:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:22:59 AM on ?12/?19/?2014 was unexpected.

Error: (12/18/2014 02:41:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:37:12 PM on ?12/?18/?2014 was unexpected.

Error: (12/18/2014 09:36:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:35:43 AM on ?12/?18/?2014 was unexpected.

Error: (12/18/2014 07:09:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:08:36 AM on ?12/?18/?2014 was unexpected.

Error: (12/18/2014 06:32:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/18/2014 06:32:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/18/2014 06:31:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:14:58 AM on ?12/?18/?2014 was unexpected.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 38%
Total physical RAM: 5941.2 MB
Available physical RAM: 3676.09 MB
Total Pagefile: 11880.58 MB
Available Pagefile: 9647.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:84.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:425.64 GB) (Free:181.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=425.6 GB) - (Type=OF Extended)

==================== End Of Log ============================


Edited by HijackThat, 20 December 2014 - 02:20 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 20 December 2014 - 02:30 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isoburn.lnk
ShortcutTarget: isoburn.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\isoburn.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SndVol.lnk
ShortcutTarget: SndVol.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\SndVol.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upnpcont.lnk
ShortcutTarget: upnpcont.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\upnpcont.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

p.s. Your Host file is the default for your operating system.

#7 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 21 December 2014 - 02:25 PM

***on 12/9/2014 my hosts file become a "text document" versus a "file," which is what it usually is and was prior to 12/9...  That is not a problem?

 

***I am running short on time, but I will test out my system hopefully by the end of the day and reply

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by ASUS at 2014-12-21 01:44:56 Run:1
Running from C:\Users\ASUS\Downloads
Loaded Profiles: ASUS &  (Available profiles: ASUS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isoburn.lnk
ShortcutTarget: isoburn.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\isoburn.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SndVol.lnk
ShortcutTarget: SndVol.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\SndVol.exe (No File)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upnpcont.lnk
ShortcutTarget: upnpcont.lnk -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\upnpcont.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1246377405-144990350-4159689615-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-1246377405-144990350-4159689615-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1246377405-144990350-4159689615-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isoburn.lnk => Moved successfully.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\isoburn.exe not found.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SndVol.lnk => Moved successfully.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\SndVol.exe not found.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upnpcont.lnk => Moved successfully.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\IEUpdate\upnpcont.exe not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
Amsp => Service deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro Titanium Internet Security  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Adobe Flash Player 16.0.0.235 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Trend Micro Titanium TiMiniService.exe 
 Trend Micro Titanium TiResumeSrv.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 22 December 2014 - 08:06 AM


I suggest you download and install this hosts file.

Refer to this page.
http://winhelp2002.mvps.org/hosts.htm

It's a file maintained by a MVP from microsoft.
It blocks a lot of bad sites.

Or you can reset the Hosts file (no extention) to the default value.
Click the Fit It button on this page.
http://support.microsoft.com/kb/972034

===

Your security log is clean.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 22 December 2014 - 12:11 PM

My problem is still the same ---> my first several clicks on links in firefox redirect me.  Below is a sample of the pages I was redirected to:

 

http://www.rcsb.org

http://filter.adventurefeeds.com ---> http://r.twenga.com ---> http://www.target.com

http://diversityonecareers.com

http://filter.adventurefeeds.com ---> http://diversityonecareers.com

 

 

p.s. yes, my hosts file seems to have no alterations, I attempted to change it back to "file" versus "text document" and it said there was already a hosts file in the folder, I un-hid protected operating system files and saw another hosts file, but the text in that file is the same, therefore, clearly the hosts file is not the issue here.. sorry for making such a big deal about it.


Edited by HijackThat, 22 December 2014 - 12:30 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 22 December 2014 - 02:41 PM

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

#11 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 24 December 2014 - 03:35 AM

I was so hopeful..  But the very first link I clicked on after resetting and opening Firefox redirected me through multiple sites to some coldwellbanker website :wacko:



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 24 December 2014 - 08:54 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

#13 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 26 December 2014 - 05:38 AM

I plugged my computer straight into my modem (bypassing my router completely) and Firefox still has the same redirecting problem...  not explorer, which is what I've been using for the last couple weeks



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 26 December 2014 - 08:08 AM

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Read these links before proceeding.

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

#15 HijackThat

HijackThat
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:05:51 PM

Posted 27 December 2014 - 10:45 PM

I can't believe that didn't fix it:

1. I uninstalled Firefox and all Mozilla leftovers.. including the profiles under %APPDATA%

2. reinstalled

3. opened Pandora, which usually redirects me... nothing... hopeful

4. opened a random video on Break.com... clicked "next".... redirected to find-all-you-want.com ---> beesq.com ---> filter.adventurefeeds.com ---> best-deal.com






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users