Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy keeps re-enabling. Messes up connection. Likely infected.


  • This topic is locked This topic is locked
14 replies to this topic

#1 redslime

redslime

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 04 February 2015 - 05:35 PM

The proxy settings on my laptop keep changing. If I open the connections tab in IE (or just search proxy in start menu) and open LAN settings I can see that "Use a proxy server for your LAN" is checked in. I uncheck it and it works for a few minutes, but then I notice a cmd window opens up for half a second, and this messes up the internet, and enables the proxy setting once again.

 

This also affected the hosts file in \system32\drivers\etc with a ton of junk. I found that and erased it, and it has since not returned/changed.

 

Another thing it did, when I first discovered the issue, is that my wireless connection was set to shared. I unshared it and it has remained fine ever since.

 

I have attempted scanning with malwarebytes antimalware and it did find some issues that I did quarantine, but the problem persists.

 

Thanks for helping.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Nufo (administrator) on CHANGO on 04-02-2015 16:23:45
Running from C:\Users\Nufo\Desktop
Loaded Profiles: Nufo & katfish (Available profiles: Nufo & katfish & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\Nufo\AppData\Local\DesktopTemperature\DTM_Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Users\Nufo\AppData\Local\DesktopTemperature\DTM_2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Run: [GoogleChromeAutoLaunch_2CA32B6DCD77C47CE73F8BB3D47E2EDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-22] (Google Inc.)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\MountPoints2: {9b1532c1-b651-11e2-a5b6-c86000420419} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => "c:\progra~2\citrix\icacli~1\rshook.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4265083419-2309017597-1040466406-1000] => http=127.0.0.1:57249;https=127.0.0.1:57249
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M55A0D5CA-26CE-4368-B741-ED32185EE524&SearchSource=58&CUI=&UM=8&UP=SP3E0F2031-CD84-4D24-B95F-0E63B6452F46&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2E5E5FEA-5591-4D70-9C7F-6A220AD1C832&q={searchTerms}&SSPV=SE1HB1_sp_ie
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M55A0D5CA-26CE-4368-B741-ED32185EE524&SearchSource=58&CUI=&UM=8&UP=SP3E0F2031-CD84-4D24-B95F-0E63B6452F46&q={searchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Cast) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-27]
CHR Extension: (Google Search) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (AdBlock) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-27]
CHR Extension: (Google Wallet) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Gmail) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 Util Mega Browse; "C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe" [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 CH341SER; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
U0 ukyy; C:\Windows\System32\drivers\ntqht.sys [79064 2015-02-04] (Malwarebytes Corporation)
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 16:23 - 2015-02-04 16:24 - 00019895 _____ () C:\Users\Nufo\Desktop\FRST.txt
2015-02-04 16:22 - 2015-02-04 16:23 - 00000000 ____D () C:\FRST
2015-02-04 16:22 - 2015-02-04 16:22 - 02131968 _____ (Farbar) C:\Users\Nufo\Desktop\FRST64.exe
2015-02-04 14:12 - 2015-02-04 14:12 - 00880784 _____ (Google Inc.) C:\Users\Nufo\Downloads\ChromeSetup.exe
2015-02-04 11:32 - 2015-02-04 11:32 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ntqht.sys
2015-02-04 10:53 - 2015-02-04 10:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 10:19 - 2015-02-04 10:20 - 00002261 _____ () C:\Users\katfish.Chango\Desktop\Google Chrome.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00001379 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Roaming\Adobe
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Google
2015-02-04 10:18 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango
2015-02-04 10:18 - 2015-02-04 10:18 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 10:18 - 2015-02-04 10:18 - 00000020 ___SH () C:\Users\katfish.Chango\ntuser.ini
2015-02-04 10:18 - 2015-02-04 10:18 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\VirtualStore
2015-02-04 10:18 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-04 10:18 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Power2Go
2015-02-04 10:18 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 10:18 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-31 13:06 - 2015-01-31 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-31 13:05 - 2015-01-31 13:05 - 00000000 ____D () C:\Program Files\Java
2015-01-31 13:04 - 2015-01-31 13:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-31 13:04 - 2015-01-31 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 13:03 - 2015-01-31 13:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 10:28 - 2015-02-04 11:32 - 00000000 ____D () C:\Users\Nufo\AppData\Local\browser extensions
2015-01-31 10:28 - 2015-01-31 10:28 - 00004522 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-31 10:28 - 2015-01-31 10:28 - 00004314 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-31 10:28 - 2015-01-31 10:28 - 00003886 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-31 10:28 - 2015-01-31 10:28 - 00000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2015-01-31 10:27 - 2015-02-04 11:32 - 00000000 ____D () C:\Users\Nufo\AppData\Local\DesktopTemperature
2015-01-31 10:27 - 2015-01-31 10:30 - 00000000 ____D () C:\Users\Nufo\Documents\ProPCCleaner
2015-01-31 10:27 - 2015-01-31 10:29 - 00003454 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-31 10:27 - 2015-01-31 10:27 - 00003190 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-01-31 10:27 - 2015-01-31 10:27 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Pro_PC_Cleaner
2015-01-31 10:23 - 2015-01-31 10:24 - 00002261 _____ () C:\Users\Katfish\Desktop\Google Chrome.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00001379 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00000020 ___SH () C:\Users\Katfish\ntuser.ini
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Roaming\Adobe
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\VirtualStore
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Google
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish
2015-01-31 10:23 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-31 10:23 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Power2Go
2015-01-31 10:23 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-31 10:23 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-30 11:03 - 2015-01-30 11:04 - 00000000 ____D () C:\Users\Nufo\Desktop\New folder (2)
2015-01-28 21:40 - 2015-01-28 21:40 - 00261192 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2015-01-28 17:30 - 2015-01-28 17:30 - 00000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-01-28 15:21 - 2015-01-28 15:22 - 00001719 _____ () C:\AdwCleaner[S2].txt
2015-01-28 15:21 - 2015-01-28 15:21 - 00001645 _____ () C:\AdwCleaner[R3].txt
2015-01-28 15:19 - 2015-01-28 15:19 - 00001166 _____ () C:\Users\Public\Desktop\Free CDL Practice Test.lnk
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free CDL Practice Test
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Free CDL Practice Test
2015-01-28 15:17 - 2015-01-28 15:17 - 01318151 _____ () C:\Users\Nufo\Desktop\cdl.rar
2015-01-27 20:15 - 2015-01-28 15:17 - 00000000 ____D () C:\Users\Nufo\Desktop\Roberto
2015-01-27 12:25 - 2015-01-27 12:26 - 00000000 ____D () C:\Users\Nufo\Desktop\nero
2015-01-24 15:00 - 2014-10-12 23:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-24 15:00 - 2014-10-12 23:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-01-24 14:57 - 2015-01-24 15:00 - 00001975 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\Users\Nufo\Documents\SelfMV
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-15 09:10 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 09:10 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:56 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:56 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:56 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:56 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:56 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:56 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 16:23 - 2012-03-21 19:58 - 01522914 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 16:17 - 2012-11-29 21:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 16:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 15:45 - 2012-12-11 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 15:31 - 2013-10-15 14:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA.job
2015-02-04 15:25 - 2014-03-11 20:51 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-04 14:29 - 2012-11-29 21:46 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 14:12 - 2012-11-29 21:46 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:12 - 2012-11-29 21:46 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:32 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\Options
2015-02-04 10:56 - 2014-05-29 19:54 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 10:54 - 2014-04-08 12:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 10:53 - 2014-04-08 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 10:27 - 2012-03-21 20:14 - 00002610 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-02-04 10:25 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:25 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:23 - 2009-07-13 23:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 10:19 - 2012-03-21 20:14 - 00001397 _____ () C:\Windows\system32\ServiceFilter.ini
2015-02-04 10:18 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 10:18 - 2009-07-13 22:51 - 00117176 _____ () C:\Windows\setupact.log
2015-02-04 10:17 - 2011-10-17 21:58 - 01282106 _____ () C:\Windows\PFRO.log
2015-02-03 22:59 - 2013-10-15 14:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core.job
2015-02-02 16:44 - 2014-03-16 14:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 13:11 - 2014-03-16 14:51 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-31 13:05 - 2013-12-01 15:06 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-31 12:58 - 2014-04-01 17:08 - 00000000 ____D () C:\Nexon
2015-01-31 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-31 10:33 - 2009-07-13 20:34 - 00000603 _____ () C:\Windows\win.ini
2015-01-30 11:02 - 2012-11-30 09:55 - 00000000 ____D () C:\Users\Nufo\Desktop\New folder
2015-01-30 11:02 - 2012-11-30 09:54 - 00000000 ____D () C:\Users\Nufo\Desktop\Van Norman
2015-01-28 15:21 - 2014-08-23 08:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\tixati
2015-01-27 13:08 - 2012-11-30 09:57 - 00000000 ____D () C:\Users\Nufo\Documents\hitches (3)
2015-01-27 13:07 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Nero
2015-01-27 12:29 - 2014-09-27 20:56 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-26 16:45 - 2012-12-11 16:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:45 - 2012-12-11 16:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 16:45 - 2012-12-11 16:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 14:59 - 2014-05-23 08:23 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-24 14:57 - 2014-05-23 08:26 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Samsung
2015-01-24 14:57 - 2012-03-21 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 14:55 - 2014-05-23 08:21 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Downloaded Installations
2015-01-17 08:19 - 2013-12-22 13:13 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\.minecraft
2015-01-15 09:06 - 2013-08-14 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:57 - 2012-12-06 07:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 10:59 - 2012-03-21 20:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-01-11 22:45 - 2013-02-06 13:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\SoftGrid Client
2015-01-11 12:07 - 2014-10-11 08:58 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-07 16:18 - 2014-09-17 21:25 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Battle.net
2015-01-07 16:17 - 2014-09-17 21:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-07 16:12 - 2014-09-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2014-03-11 20:51 - 2014-03-13 07:25 - 0000079 _____ () C:\Users\Nufo\AppData\Roaming\WB.CFG
2015-01-31 10:28 - 2015-01-31 10:28 - 0000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2013-10-01 16:32 - 2013-10-01 16:32 - 0000017 _____ () C:\Users\Nufo\AppData\Local\resmon.resmoncfg
2015-01-28 17:30 - 2015-01-28 17:30 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-03-21 20:18 - 2012-03-21 20:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-21 20:17 - 2012-03-21 20:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-21 20:17 - 2012-03-21 20:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Nufo\Minecraft Launcher.exe
C:\Users\Nufo\Minecraft.exe

Some content of TEMP:
====================
C:\Users\Nufo\AppData\Local\Temp\NGM.exe
C:\Users\Nufo\AppData\Local\Temp\NGMDll.dll
C:\Users\Nufo\AppData\Local\Temp\NGMResource.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 09:50

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 04 February 2015 - 05:37 PM

Forgot to attach the addition file. Doing so now.

Attached Files



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 05 February 2015 - 06:47 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 2

Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif


Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 05 February 2015 - 06:47 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 05 February 2015 - 09:27 PM

ADW log:

 

Folder Deleted : C:\ProgramData\726a9a91e9097b86
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files (x86)\Mega Browse
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Users\Nufo\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Nufo\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Nufo\Documents\ProPCCleaner
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : UpdaterEX
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DesktopTemperature
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\DesktopTemperature
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:52509;hxxps=127.0.0.1:52509
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.94
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.uscellular.com/websearch/searchresults.html?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=SHD-V7&o=APN10115&pf=&p2=%5EAYE%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.1.0.343&doi=2013-07-08&apn_uid=F6F8717C-C17C-4259-8349-987073C86EA3&apn_ptnrs=%5EAYE&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_27.0.1453.116&psv=&trgb=CR&tbv=&crxv=&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=&apn_ptnrs=TV&apn_sauid=&apn_dtid=OSJ000YYUS&psv=&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=&apn_ptnrs=TV&apn_sauid=&apn_dtid=OSJ000YYUS&psv=&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyEtBtDyEtCzy0D0B0BtDtN0D0Tzu0SzztDtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0D0A0A0ByC0FtG0CtDyDyDtG0C0E0BtDtGyB0CzyyBtGtByCzzyD0Bzz0B0D0DtAzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyC0EyC0F0CzytDtGtCtBzz0BtG0CtByB0CtGyDyB0F0EtGtB0F0AtAzy0AyE0EtBzzyByD2Q&cr=17377116&ir=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
[C:\Users\Katfish\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Katfish\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\katfish.Chango\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\katfish.Chango\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[S0].txt - [9154 octets] - [05/02/2015 09:00:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9214 octets] ##########
 
 
MBAM log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/5/2015
Scan Time: 9:04:55 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.05.06
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nufo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469556
Time Elapsed: 38 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent, C:\Users\Nufo\AppData\Local\Temp\Quarantine.exe, Quarantined, [32e0f22803874fe7a1b8c952cf3350b0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Nufo (administrator) on CHANGO on 05-02-2015 20:23:27
Running from C:\Users\Nufo\Desktop
Loaded Profiles: Nufo (Available profiles: Nufo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\MountPoints2: {9b1532c1-b651-11e2-a5b6-c86000420419} - G:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => "c:\progra~2\citrix\icacli~1\rshook.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Cast) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-27]
CHR Extension: (Google Search) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (AdBlock) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-27]
CHR Extension: (Google Wallet) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Gmail) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 CH341SER; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
U0 kvbwdoqp; C:\Windows\System32\drivers\layikaha.sys [79064 2015-02-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 20:23 - 2015-02-05 20:23 - 00017756 _____ () C:\Users\Nufo\Desktop\FRST.txt
2015-02-05 20:21 - 2015-02-05 20:21 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\layikaha.sys
2015-02-05 09:31 - 2015-02-05 09:33 - 00000000 ____D () C:\Users\Nufo\Desktop\storage
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 ____D () C:\AdwCleaner
2015-02-05 08:56 - 2015-02-05 08:56 - 02194432 _____ () C:\Users\Nufo\Downloads\AdwCleaner.exe
2015-02-04 16:22 - 2015-02-05 20:23 - 00000000 ____D () C:\FRST
2015-02-04 16:22 - 2015-02-04 16:22 - 02131968 _____ (Farbar) C:\Users\Nufo\Desktop\FRST64.exe
2015-02-04 14:12 - 2015-02-04 14:12 - 00880784 _____ (Google Inc.) C:\Users\Nufo\Downloads\ChromeSetup.exe
2015-02-04 10:19 - 2015-02-04 10:20 - 00002261 _____ () C:\Users\katfish.Chango\Desktop\Google Chrome.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00001379 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Roaming\Adobe
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Google
2015-02-04 10:18 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango
2015-02-04 10:18 - 2015-02-04 10:18 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 10:18 - 2015-02-04 10:18 - 00000020 ___SH () C:\Users\katfish.Chango\ntuser.ini
2015-02-04 10:18 - 2015-02-04 10:18 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\VirtualStore
2015-02-04 10:18 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-04 10:18 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Power2Go
2015-02-04 10:18 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 10:18 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-31 13:06 - 2015-01-31 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-31 13:05 - 2015-01-31 13:05 - 00000000 ____D () C:\Program Files\Java
2015-01-31 13:04 - 2015-01-31 13:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-31 13:04 - 2015-01-31 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 13:03 - 2015-01-31 13:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 10:28 - 2015-01-31 10:28 - 00004522 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-31 10:28 - 2015-01-31 10:28 - 00004314 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-31 10:28 - 2015-01-31 10:28 - 00003886 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-31 10:28 - 2015-01-31 10:28 - 00000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2015-01-31 10:23 - 2015-01-31 10:24 - 00002261 _____ () C:\Users\Katfish\Desktop\Google Chrome.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00001379 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00000020 ___SH () C:\Users\Katfish\ntuser.ini
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Roaming\Adobe
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\VirtualStore
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Google
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish
2015-01-31 10:23 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-31 10:23 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Power2Go
2015-01-31 10:23 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-31 10:23 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-28 21:40 - 2015-01-28 21:40 - 00261192 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2015-01-28 17:30 - 2015-01-28 17:30 - 00000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-01-28 15:19 - 2015-01-28 15:19 - 00001166 _____ () C:\Users\Public\Desktop\Free CDL Practice Test.lnk
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free CDL Practice Test
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Free CDL Practice Test
2015-01-27 12:25 - 2015-02-05 09:29 - 00000000 ____D () C:\Users\Nufo\Desktop\nero
2015-01-24 15:00 - 2014-10-12 23:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-24 15:00 - 2014-10-12 23:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-01-24 14:57 - 2015-01-24 15:00 - 00001975 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\Users\Nufo\Documents\SelfMV
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-15 09:10 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 09:10 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:56 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:56 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:56 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:56 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:56 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:56 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 20:21 - 2013-10-15 14:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA.job
2015-02-05 20:21 - 2012-11-29 21:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 20:21 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2015-02-05 20:20 - 2012-12-11 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 20:20 - 2012-03-21 19:58 - 01578957 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 18:31 - 2013-10-15 14:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core.job
2015-02-05 14:17 - 2012-11-29 21:46 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 09:09 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 09:09 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 09:08 - 2009-07-13 23:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 09:04 - 2014-04-08 12:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 09:01 - 2011-10-17 21:58 - 01301876 _____ () C:\Windows\PFRO.log
2015-02-05 09:01 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 09:01 - 2009-07-13 22:51 - 00117288 _____ () C:\Windows\setupact.log
2015-02-05 08:35 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\Options
2015-02-04 16:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:12 - 2012-11-29 21:46 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:12 - 2012-11-29 21:46 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:56 - 2014-05-29 19:54 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 10:53 - 2014-04-08 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 10:27 - 2012-03-21 20:14 - 00002610 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-02-04 10:19 - 2012-03-21 20:14 - 00001397 _____ () C:\Windows\system32\ServiceFilter.ini
2015-02-02 16:44 - 2014-03-16 14:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 13:11 - 2014-03-16 14:51 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-31 13:05 - 2013-12-01 15:06 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-31 12:58 - 2014-04-01 17:08 - 00000000 ____D () C:\Nexon
2015-01-31 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-31 10:33 - 2009-07-13 20:34 - 00000603 _____ () C:\Windows\win.ini
2015-01-28 15:21 - 2014-08-23 08:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\tixati
2015-01-27 13:08 - 2012-11-30 09:57 - 00000000 ____D () C:\Users\Nufo\Documents\hitches (3)
2015-01-27 13:07 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Nero
2015-01-27 12:29 - 2014-09-27 20:56 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-26 16:45 - 2012-12-11 16:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:45 - 2012-12-11 16:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 16:45 - 2012-12-11 16:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 14:59 - 2014-05-23 08:23 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-24 14:57 - 2014-05-23 08:26 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Samsung
2015-01-24 14:57 - 2012-03-21 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 14:55 - 2014-05-23 08:21 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Downloaded Installations
2015-01-17 08:19 - 2013-12-22 13:13 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\.minecraft
2015-01-15 09:06 - 2013-08-14 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:57 - 2012-12-06 07:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 10:59 - 2012-03-21 20:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-01-11 22:45 - 2013-02-06 13:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\SoftGrid Client
2015-01-11 12:07 - 2014-10-11 08:58 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-07 16:18 - 2014-09-17 21:25 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Battle.net
2015-01-07 16:17 - 2014-09-17 21:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-07 16:12 - 2014-09-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
 
==================== Files in the root of some directories =======
 
2014-03-11 20:51 - 2014-03-13 07:25 - 0000079 _____ () C:\Users\Nufo\AppData\Roaming\WB.CFG
2015-01-31 10:28 - 2015-01-31 10:28 - 0000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2013-10-01 16:32 - 2013-10-01 16:32 - 0000017 _____ () C:\Users\Nufo\AppData\Local\resmon.resmoncfg
2015-01-28 17:30 - 2015-01-28 17:30 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-03-21 20:18 - 2012-03-21 20:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-21 20:17 - 2012-03-21 20:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-21 20:17 - 2012-03-21 20:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\Users\Nufo\Minecraft Launcher.exe
C:\Users\Nufo\Minecraft.exe
 
 
Some content of TEMP:
====================
C:\Users\Nufo\AppData\Local\Temp\NGM.exe
C:\Users\Nufo\AppData\Local\Temp\NGMDll.dll
C:\Users\Nufo\AppData\Local\Temp\NGMResource.dll
C:\Users\Nufo\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 09:50
 
==================== End Of Log ============================
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Nufo at 2015-02-05 20:24:28
Running from C:\Users\Nufo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Free CDL Practice Test (HKLM-x32\...\{B4BEF476-41E8-42A0-8EE0-9A61158BCDAC}}_is1) (Version:  - Practice Test Free)
FrostWire 5.7.1 (HKLM-x32\...\FrostWire 5) (Version: 5.7.1.8 - FrostWire LLC)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Ross-Tech VCDS for Windows 7 v12.12.0 (HKLM-x32\...\Ross-Tech VCDS for Windows 7 v12.12.0) (Version:  - )
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tire Size Comparator (HKLM-x32\...\{C20CC195-3DDE-4619-9A9D-23CE341EA03A}) (Version: 4.20.0149 - Cooney Applied Tech., Inc.)
Tixati (HKLM-x32\...\tixati) (Version:  - )
VCDS Release 14.10.0 (HKLM-x32\...\VCDS Release) (Version: 14.10.0 - Ross-Tech)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nufo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nufo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nufo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nufo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-03-12 07:47 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {065967CF-7DEF-4573-A0FA-47BD1EAA1B7E} - System32\Tasks\{F9890797-530D-4F14-94E7-C931B8ABDA3A} => pcalua.exe -a "E:\usb driver.EXE" -d E:\
Task: {06D7982F-914F-465C-80AB-4525C45996F5} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {0960BA6A-021F-432C-AAD4-5976B072DD99} - System32\Tasks\{E88E1488-3BE9-4093-AFA3-B58961799900} => pcalua.exe -a C:\Users\Nufo\Desktop\VAG-COM-USB-Driver\Install.exe -d C:\Users\Nufo\Desktop\VAG-COM-USB-Driver
Task: {0BC58215-C452-4C6D-B48B-DF277DFAE574} - System32\Tasks\{BC99D9A4-EE74-40C6-BC24-9ABB48C4A830} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {0F4D48C4-D410-4195-B33A-DD0EB952FED2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-11-30] (ASUSTeK Computer Inc.)
Task: {100AD96C-EF23-473A-B444-66CB68F465F3} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {1B47C618-99B1-42A1-86DE-5388BE2373D7} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Nufo\AppData\Local\browser extensions\client.exe"
Task: {1BD589CD-CCA5-4698-B85E-8A6F4A2E7B9E} - System32\Tasks\{ABB5D4BE-8F63-402B-8277-035B2AD1B6A5} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {1D364B97-7861-4149-ACB5-01B485FC647B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA => C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {1EB289E9-D0D7-401E-A534-B9A24F9D47E6} - System32\Tasks\{DA833B88-FBFE-4BE5-87B6-C27C47C22F3D} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {233E550F-AF26-4812-83A3-75A8F0C9448F} - System32\Tasks\Validate Installation => C:\Users\Nufo\AppData\Local\browser extensions\updater.exe
Task: {23C4B0D2-056B-4996-905B-9DE7A2542EAE} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {288AB3B1-3EC2-411C-BA13-1E4B56F6220D} - System32\Tasks\{699D3592-8205-4213-81D4-FD8DFD74B5DD} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {3A768187-DBD0-4C57-BEC7-FA58F323481A} - System32\Tasks\{3B96C3B9-4A1B-4C10-83BF-A749D7E41420} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {4C837543-4125-4769-9FF1-68A05084766C} - System32\Tasks\{7183A874-4A50-42DD-9B0B-05057D4ACBA3} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {55917B99-FB35-4B9D-A13F-8B997ECCADA3} - System32\Tasks\Check Updates => C:\Users\Nufo\AppData\Local\browser extensions\updater.exe
Task: {59058789-67AE-402F-9FC7-59527290E0F3} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-04-01] (Nero AG)
Task: {598AFEBD-CC34-42D8-90C0-9A175FB70290} - System32\Tasks\{5A89101C-ED09-40E2-9598-8A3766239C6C} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {7662177B-2E78-43A0-B85D-A6C3CD15F044} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7CBD79A8-783B-4A45-AB45-0AEE13024B34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core => C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {7EE0EDF3-5BCA-4611-8FB5-D6C6A1BAF521} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {80F627B1-4E20-432E-B7B3-32BDF0F18510} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {8828FA89-A432-4DFE-94B3-E0BDDD1B2A61} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {896D1EE0-D97E-41C6-A614-EA60AAA50CD8} - System32\Tasks\{D21492FB-2C28-4DFC-B4CD-73F8690C12FD} => Chrome.exe 
Task: {8DB25505-540C-4C7D-B1CB-B8E39605E968} - System32\Tasks\{2CBAA5B1-B4A1-4895-BA7C-0001B1CF9A7C} => pcalua.exe -a "C:\Users\Nufo\Desktop\VAG-COM 409.1 + Crack\VAG-COM 409.1 release.exe" -d "C:\Users\Nufo\Desktop\VAG-COM 409.1 + Crack"
Task: {914257F6-FD14-4D27-8071-01B37669C629} - System32\Tasks\{70E9D9D0-36C4-4B86-BF28-5E366513145E} => Chrome.exe 
Task: {981F000F-926E-4223-9092-87C5AAF6548A} - System32\Tasks\{B72748D7-59E5-41CC-A66F-67F5DC1D3931} => Chrome.exe 
Task: {9D2C0D79-0F71-41D8-9563-4D0D1E083C80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: {A1DB6CCD-0529-4192-B2E0-A453638A3F8B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A8735F25-CCDD-440B-AE2C-B8BB89736C50} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {B4566C03-A554-4972-83A6-66E48CF6BD3A} - System32\Tasks\{F13EAACD-38D5-48BA-812E-BC15F40BE738} => pcalua.exe -a E:\KKL409.1.exe -d E:\
Task: {BDB64F42-E39F-4C8A-A0AA-3499D5E8CDD6} - System32\Tasks\{2DA1932D-2D45-4752-A65A-40AA433A3651} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {C6D6F270-4678-4E67-A2D0-946C87DF73F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {C937832E-D567-43D9-AFBB-64000B110D0C} - System32\Tasks\{96E651C2-1966-49D0-89AE-2F4CBF14725B} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {D02CCD42-01A7-4DC2-B77B-47766F3CDA01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: {D6399075-D7E9-4F82-A57C-E94D8581D3BA} - System32\Tasks\{20CF83FE-693A-4B58-B775-0D5566C61A34} => pcalua.exe -a C:\Ross-Tech\VCDS\VCDSA.exe -d C:\Ross-Tech\VCDS\
Task: {F2077A90-DDEF-4C04-82B3-4584AF9DE097} - System32\Tasks\{D6492852-8ADA-42A4-97DA-EF1D977E8A95} => C:\Program Files (x86)\VAG-COM\VagCom.exe [2004-11-11] (Ross-Tech, LLC)
Task: {F229261C-B84F-42A4-82F1-65DCD3CD4F26} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {F6F586D4-D63E-4A26-A274-F093B5F7D1E4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core.job => C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA.job => C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-20 08:24 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-03-18 18:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-12-20 05:55 - 2011-07-26 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-30 15:28 - 2011-11-30 15:28 - 00211456 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-06 17:21 - 2011-12-06 17:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-20 08:24 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-04 14:13 - 2015-01-26 21:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 14:13 - 2015-01-26 21:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 14:13 - 2015-01-26 21:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nufo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nufo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RT-Updater.lnk => C:\Windows\pss\RT-Updater.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_2CA32B6DCD77C47CE73F8BB3D47E2EDB => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4265083419-2309017597-1040466406-500 - Administrator - Disabled)
Guest (S-1-5-21-4265083419-2309017597-1040466406-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4265083419-2309017597-1040466406-1002 - Limited - Enabled)
Nufo (S-1-5-21-4265083419-2309017597-1040466406-1000 - Administrator - Enabled) => C:\Users\Nufo
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR9485 Wireless Network Adapter
Description: Qualcomm Atheros AR9485 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2015 09:56:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/05/2015 09:04:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (02/05/2015 09:03:43 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (02/05/2015 08:46:41 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/05/2015 08:38:13 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (02/05/2015 08:37:43 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4834518
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4834518
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/04/2015 04:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VagCom.exe, version: 409.1.0.0, time stamp: 0x4193fb13
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002df85
Faulting process id: 0x12f8
Faulting application start time: 0xVagCom.exe0
Faulting application path: VagCom.exe1
Faulting module path: VagCom.exe2
Report Id: VagCom.exe3
 
 
System errors:
=============
Error: (02/05/2015 10:33:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/05/2015 09:00:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (02/05/2015 09:00:45 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/05/2015 09:00:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (02/05/2015 09:00:45 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/05/2015 09:00:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (02/05/2015 09:00:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (02/05/2015 09:00:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (02/05/2015 09:00:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/05/2015 09:00:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2015 09:56:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (02/05/2015 09:04:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (02/05/2015 09:03:43 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (02/05/2015 08:46:41 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/05/2015 08:38:13 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (02/05/2015 08:37:43 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4834518
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4834518
 
Error: (02/04/2015 06:46:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/04/2015 04:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VagCom.exe409.1.0.04193fb13ntdll.dll6.1.7601.18247521ea8e7c00000050002df8512f801d040c7cfc4a497C:\Program Files (x86)\VAG-COM\VagCom.exeC:\Windows\SysWOW64\ntdll.dll0dcc0aa5-acbb-11e4-8bc0-c86000420419
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 5921.14 MB
Available physical RAM: 4011.93 MB
Total Pagefile: 11840.46 MB
Available Pagefile: 9689.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:264.81 GB) (Free:188.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:393.59 GB) NTFS
Drive f: (XP) (Fixed) (Total:14.65 GB) (Free:14.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=264.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 06 February 2015 - 09:37 AM

If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now.

Crack\VAG-COM 409.1 release.exe

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 06 February 2015 - 10:32 AM

I am not sure about that. I will ask my brother who uses this laptop as well. Will get back to you.



#7 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 06 February 2015 - 10:35 AM

Ok. He says he deleted the file.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 06 February 2015 - 10:42 AM

Please uninstall the cracked program as well.

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 06 February 2015 - 01:27 PM

Ok done.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=81ae3d550ee64f49b601e9d7352239f2
# engine=22344
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-06 05:50:17
# local_time=2015-02-06 11:50:17 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11883128 94423439 0 0
# scanned=179510
# found=23
# cleaned=0
# scan_time=6791
sh=B3E2817535F8A672A13558E7ACD04A4D93683F35 ft=1 fh=c71c00115cc21876 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Nufo\.frostwire5\updates\frostwire-5.7.5.windows.coc.premium.exe"
sh=2741EF32330F68D4E1EA3904AB19914FC86AB238 ft=1 fh=c71c0011c048042e vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Nufo\.frostwire5\updates\frostwire-6.0.3.windows.coc.premium.exe"
sh=4BED951C1B5FD5563827829D1C1167627AC5C3C3 ft=1 fh=6c965acadec8ca13 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Users\Nufo\AppData\Roaming\CyberLink\Power2Go\7.0\Temp\VCDS V12.12.0 setup.exe"
sh=A254E10C10E8C0DF248599E7BE8B539FFADA615C ft=1 fh=f54278c481fa8c67 vn="a variant of Win32/Keygen.AR potentially unsafe application" ac=I fn="C:\Users\Nufo\Desktop\nero\Keygen\keygen.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Nufo\Downloads\ccsetup502 (1).exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Nufo\Downloads\ccsetup502.exe"
sh=A56A916F663C9E166F412C49FE22115FAF3C4582 ft=1 fh=70afbd9c2f3dbe29 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Nufo\Downloads\itunes-setup.exe"
sh=C70872D7B4F48D529A179C0FA54AB65FB1B982F4 ft=1 fh=f2e2b15faf5e28f3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI4150.tmp"
sh=DC3C29A963871A9FF0613FFEC4FC39AB04760924 ft=1 fh=aa8756f8c51680cf vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIF22E.tmp"
sh=BE581B9865E0E5B04D8D06E020BABA1A8AF8400F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[1].7z"
sh=B3D818A702DB1D8AED34300DB62142B05C058E2F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[2].7z"
sh=CF85442D583E12A06CF828404C4723369AEB5D1C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[3].7z"
sh=D6A9132AE26CD40FE831AD92A25513B0B97AB80E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[4].7z"
sh=7751C363036718DF5A26D2370FAFE0CE53E1F097 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[5].7z"
sh=7751C363036718DF5A26D2370FAFE0CE53E1F097 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[6].7z"
sh=A5C8F00206CAE6DF984A22D91D6DFBC7B389B663 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[7].7z"
sh=BE581B9865E0E5B04D8D06E020BABA1A8AF8400F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[1].7z"
sh=B3D818A702DB1D8AED34300DB62142B05C058E2F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[2].7z"
sh=CF85442D583E12A06CF828404C4723369AEB5D1C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[3].7z"
sh=D6A9132AE26CD40FE831AD92A25513B0B97AB80E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[4].7z"
sh=7751C363036718DF5A26D2370FAFE0CE53E1F097 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[5].7z"
sh=7751C363036718DF5A26D2370FAFE0CE53E1F097 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[6].7z"
sh=A5C8F00206CAE6DF984A22D91D6DFBC7B389B663 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-SHD-V7[7].7z"


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 06 February 2015 - 01:47 PM

No active malware or adware has been found! :thumbup2:


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.43KB   2 downloads


After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 06 February 2015 - 02:00 PM

Ok. Here is the first log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Nufo at 2015-02-06 12:49:32 Run:1
Running from C:\Users\Nufo\Desktop
Loaded Profiles: Nufo (Available profiles: Nufo & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> URL http://search.conduit.com/Results.aspx?ctid=
SearchScopes: HKU\S-1-5-21-4265083419-2309017597-1040466406-1000 -> SuggestionsURL_JSON http://suggest.search.
BHO: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
BHO-x32: No Name -> {F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Task: {06D7982F-914F-465C-80AB-4525C45996F5} - \TidyNetwork Update No Task File 
Task: {1B47C618-99B1-42A1-86DE-5388BE2373D7} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Nufo\AppData\Local\browser extensions\client.exe"
Task: {233E550F-AF26-4812-83A3-75A8F0C9448F} - System32\Tasks\Validate Installation => C:\Users\Nufo\AppData\Local\browser extensions\updater.exe
Task: {55917B99-FB35-4B9D-A13F-8B997ECCADA3} - System32\Tasks\Check Updates => C:\Users\Nufo\AppData\Local\browser extensions\updater.exe
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7EE64A4-6BC3-34A7-CE31-256EBFA1014D}" => Key deleted successfully.
HKCR\CLSID\{F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7EE64A4-6BC3-34A7-CE31-256EBFA1014D}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F7EE64A4-6BC3-34A7-CE31-256EBFA1014D} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06D7982F-914F-465C-80AB-4525C45996F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D7982F-914F-465C-80AB-4525C45996F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B47C618-99B1-42A1-86DE-5388BE2373D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B47C618-99B1-42A1-86DE-5388BE2373D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{233E550F-AF26-4812-83A3-75A8F0C9448F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233E550F-AF26-4812-83A3-75A8F0C9448F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55917B99-FB35-4B9D-A13F-8B997ECCADA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55917B99-FB35-4B9D-A13F-8B997ECCADA3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
Restore point was successfully created.
EmptyTemp: => Removed 187.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:50:15 ====
 
 
 
 
 
And the 2nd one after reboot:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Nufo (administrator) on CHANGO on 06-02-2015 12:56:05
Running from C:\Users\Nufo\Desktop
Loaded Profiles: Nufo (Available profiles: Nufo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\Run: [Google Update] => C:\Users\Nufo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-15] (Google Inc.)
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\...\MountPoints2: {9b1532c1-b651-11e2-a5b6-c86000420419} - G:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => "c:\progra~2\citrix\icacli~1\rshook.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-4265083419-2309017597-1040466406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4265083419-2309017597-1040466406-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nufo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Cast) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-27]
CHR Extension: (µBlock) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-02-06]
CHR Extension: (Google Search) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Google Wallet) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Gmail) - C:\Users\Nufo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 CH341SER; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 12:51 - 2015-02-06 12:51 - 00001376 _____ () C:\Windows\PFRO.log
2015-02-06 12:51 - 2015-02-06 12:51 - 00000056 _____ () C:\Windows\setupact.log
2015-02-06 12:51 - 2015-02-06 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 10:05 - 2015-02-06 10:05 - 05325208 _____ (Piriform Ltd) C:\Users\Nufo\Downloads\ccsetup502.exe
2015-02-06 10:05 - 2015-02-06 10:05 - 05325208 _____ (Piriform Ltd) C:\Users\Nufo\Downloads\ccsetup502 (1).exe
2015-02-06 10:05 - 2015-02-06 10:05 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-06 10:05 - 2015-02-06 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-06 10:05 - 2015-02-06 10:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-06 09:54 - 2015-02-06 09:54 - 02347384 _____ (ESET) C:\Users\Nufo\Downloads\esetsmartinstaller_enu.exe
2015-02-06 09:54 - 2015-02-06 09:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-06 09:48 - 2015-02-06 10:06 - 00045194 _____ () C:\Users\Nufo\Desktop\Addition.txt
2015-02-05 20:23 - 2015-02-06 12:56 - 00016454 _____ () C:\Users\Nufo\Desktop\FRST.txt
2015-02-05 09:31 - 2015-02-06 09:44 - 00000000 ____D () C:\Users\Nufo\Desktop\storage
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 ____D () C:\AdwCleaner
2015-02-05 08:56 - 2015-02-05 08:56 - 02194432 _____ () C:\Users\Nufo\Downloads\AdwCleaner.exe
2015-02-04 16:22 - 2015-02-06 12:56 - 00000000 ____D () C:\FRST
2015-02-04 16:22 - 2015-02-04 16:22 - 02131968 _____ (Farbar) C:\Users\Nufo\Desktop\FRST64.exe
2015-02-04 14:12 - 2015-02-04 14:12 - 00880784 _____ (Google Inc.) C:\Users\Nufo\Downloads\ChromeSetup.exe
2015-02-04 10:19 - 2015-02-04 10:20 - 00002261 _____ () C:\Users\katfish.Chango\Desktop\Google Chrome.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00001379 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Roaming\Adobe
2015-02-04 10:19 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Google
2015-02-04 10:18 - 2015-02-06 12:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 10:18 - 2015-02-04 10:19 - 00000000 ____D () C:\Users\katfish.Chango
2015-02-04 10:18 - 2015-02-04 10:18 - 00000020 ___SH () C:\Users\katfish.Chango\ntuser.ini
2015-02-04 10:18 - 2015-02-04 10:18 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\VirtualStore
2015-02-04 10:18 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-04 10:18 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\katfish.Chango\AppData\Local\Power2Go
2015-02-04 10:18 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 10:18 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\katfish.Chango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-31 13:06 - 2015-01-31 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-31 13:05 - 2015-01-31 13:05 - 00000000 ____D () C:\Program Files\Java
2015-01-31 13:04 - 2015-01-31 13:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-31 13:04 - 2015-01-31 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 13:03 - 2015-01-31 13:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 10:28 - 2015-01-31 10:28 - 00000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2015-01-31 10:23 - 2015-01-31 10:24 - 00002261 _____ () C:\Users\Katfish\Desktop\Google Chrome.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00001379 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:23 - 2015-01-31 10:23 - 00000020 ___SH () C:\Users\Katfish\ntuser.ini
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Roaming\Adobe
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\VirtualStore
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Google
2015-01-31 10:23 - 2015-01-31 10:23 - 00000000 ____D () C:\Users\Katfish
2015-01-31 10:23 - 2013-11-14 19:12 - 00002106 _____ () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-31 10:23 - 2013-05-16 19:38 - 00000000 ____D () C:\Users\Katfish\AppData\Local\Power2Go
2015-01-31 10:23 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-31 10:23 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Katfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-28 17:30 - 2015-01-28 17:30 - 00000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-01-28 15:19 - 2015-01-28 15:19 - 00001166 _____ () C:\Users\Public\Desktop\Free CDL Practice Test.lnk
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free CDL Practice Test
2015-01-28 15:19 - 2015-01-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Free CDL Practice Test
2015-01-27 12:25 - 2015-02-05 09:29 - 00000000 ____D () C:\Users\Nufo\Desktop\nero
2015-01-24 15:00 - 2014-10-12 23:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-24 15:00 - 2014-10-12 23:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-01-24 14:57 - 2015-01-24 15:00 - 00001975 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\Users\Nufo\Documents\SelfMV
2015-01-24 14:57 - 2015-01-24 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-15 09:10 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 09:10 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 09:10 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:56 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:56 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:56 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:56 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:56 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:56 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:56 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:56 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 12:52 - 2012-03-21 20:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-02-06 12:51 - 2012-11-29 21:46 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 12:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 12:50 - 2012-03-21 19:58 - 01660514 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 12:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-06 12:45 - 2012-12-11 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 12:36 - 2013-10-15 14:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA.job
2015-02-06 12:17 - 2012-11-29 21:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 10:08 - 2014-03-16 14:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 10:08 - 2014-03-11 21:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-06 10:08 - 2013-09-09 15:10 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 10:08 - 2009-07-29 00:03 - 00000000 ____D () C:\Windows\Panther
2015-02-06 09:47 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 09:47 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 09:44 - 2013-10-01 12:57 - 00000000 ____D () C:\Ross-Tech
2015-02-06 09:36 - 2013-10-15 14:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core.job
2015-02-06 09:34 - 2009-07-13 23:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 09:31 - 2013-10-15 14:22 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000UA
2015-02-06 09:31 - 2013-10-15 14:22 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265083419-2309017597-1040466406-1000Core
2015-02-05 20:29 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2015-02-05 09:04 - 2014-04-08 12:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 08:35 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\Options
2015-02-04 16:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:12 - 2012-11-29 21:46 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:12 - 2012-11-29 21:46 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:56 - 2014-05-29 19:54 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 10:53 - 2014-04-08 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 10:27 - 2012-03-21 20:14 - 00002610 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-02-04 10:19 - 2012-03-21 20:14 - 00001397 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-31 13:11 - 2014-03-16 14:51 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-31 13:05 - 2013-12-01 15:06 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-31 12:58 - 2014-04-01 17:08 - 00000000 ____D () C:\Nexon
2015-01-31 10:33 - 2009-07-13 20:34 - 00000603 _____ () C:\Windows\win.ini
2015-01-28 15:21 - 2014-08-23 08:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\tixati
2015-01-27 13:08 - 2012-11-30 09:57 - 00000000 ____D () C:\Users\Nufo\Documents\hitches (3)
2015-01-27 13:07 - 2014-04-01 11:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Nero
2015-01-27 12:29 - 2014-09-27 20:56 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-26 16:45 - 2012-12-11 16:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:45 - 2012-12-11 16:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 16:45 - 2012-12-11 16:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 14:59 - 2014-05-23 08:23 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-24 14:57 - 2014-05-23 08:26 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\Samsung
2015-01-24 14:57 - 2012-03-21 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 14:55 - 2014-05-23 08:21 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Downloaded Installations
2015-01-17 08:19 - 2013-12-22 13:13 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\.minecraft
2015-01-15 09:06 - 2013-08-14 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:57 - 2012-12-06 07:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 22:45 - 2013-02-06 13:45 - 00000000 ____D () C:\Users\Nufo\AppData\Roaming\SoftGrid Client
2015-01-11 12:07 - 2014-10-11 08:58 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-07 16:18 - 2014-09-17 21:25 - 00000000 ____D () C:\Users\Nufo\AppData\Local\Battle.net
2015-01-07 16:17 - 2014-09-17 21:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-07 16:12 - 2014-09-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
 
==================== Files in the root of some directories =======
 
2014-03-11 20:51 - 2014-03-13 07:25 - 0000079 _____ () C:\Users\Nufo\AppData\Roaming\WB.CFG
2015-01-31 10:28 - 2015-01-31 10:28 - 0000064 _____ () C:\Users\Nufo\AppData\Local\2c1af0a0e9cfbad3971dd5cb08b1c653
2013-10-01 16:32 - 2013-10-01 16:32 - 0000017 _____ () C:\Users\Nufo\AppData\Local\resmon.resmoncfg
2015-01-28 17:30 - 2015-01-28 17:30 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-03-21 20:18 - 2012-03-21 20:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-21 20:17 - 2012-03-21 20:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-21 20:17 - 2012-03-21 20:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\Users\Nufo\Minecraft Launcher.exe
C:\Users\Nufo\Minecraft.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 09:50
 
==================== End Of Log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 06 February 2015 - 02:19 PM

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:24 AM

Posted 06 February 2015 - 02:20 PM

No more problems. Everything is working fine and there is no indication of any more issues. Thank you so much for your help.



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 06 February 2015 - 02:32 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free, however...
If I have helped you then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:24 AM

Posted 08 February 2015 - 05:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users