Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 likely infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 Tim55253

Tim55253

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 18 July 2015 - 02:06 PM

Hello,

 

I am currently on my girlfriends laptop and she has been experiencing extreme slowness. Often times it would take up to a minute to fully boot up. Additionally, it could take up to several minutes to connect to the internet and bootup chrome.

 

Please see below and attached for the relevant logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Owner (administrator) on UX31A-DH51 on 18-07-2015 15:01:47
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-15]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-05-04]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013-10-20]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{383E3C6C-FD92-4F76-A69C-EA65C89899BF}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{7A265AC6-5AC9-4E71-B0A2-343F0B5CF459}: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default
FF SelectedSearchEngine: Speedial
FF Homepage: hxxp://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default\user.js [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2012-11-10]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-06-07]
CHR Extension: (Balloono) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf [2012-11-10]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-12]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-20]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-08]
CHR Extension: (Cosmopolise) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm [2012-11-10]
CHR Extension: (Momentum) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2014-02-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-11-10]
CHR Extension: (Messenger (Unofficial)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-28] (ASUS Corporation) [File not signed]
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-23] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-07-29] (Echobit, LLC)
S3 hxsyol; C:\WINDOWS\system32\hxsy64.sys [86352 2014-11-15] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 15:01 - 2015-07-18 15:02 - 00027133 _____ C:\Users\Owner\Downloads\FRST.txt
2015-07-18 15:01 - 2015-07-18 15:01 - 02134528 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-07-18 15:01 - 2015-07-18 15:01 - 00000000 ____D C:\FRST
2015-07-18 14:51 - 2015-07-18 14:51 - 00000222 _____ C:\Users\Owner\Desktop\Rocket League.url
2015-07-18 14:51 - 2015-07-18 14:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-18 11:26 - 2015-07-18 11:26 - 00001167 _____ C:\Users\Owner\Downloads\unnamed
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-07-16 12:58 - 2015-07-16 12:58 - 00038581 _____ C:\Users\Owner\Downloads\Tax Assignment #1answer.xlsx
2015-07-15 11:47 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:47 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:46 - 2015-07-03 09:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 11:46 - 2015-07-03 09:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 11:46 - 2015-07-03 09:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 11:46 - 2015-07-03 09:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 11:46 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:46 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:46 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:46 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 11:46 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 11:46 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:46 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 11:46 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:46 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 11:46 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 11:46 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:46 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 11:46 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 11:46 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:46 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 11:46 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 11:46 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 11:46 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:46 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 11:46 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 11:46 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 11:46 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 11:46 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 11:46 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 11:46 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 11:46 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 11:46 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 11:46 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 11:46 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 11:46 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 11:46 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 11:46 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 11:46 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 11:46 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 11:46 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 11:46 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 11:46 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 11:46 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 11:46 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 11:46 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 11:46 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 11:46 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 11:46 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 11:46 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 11:46 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 11:46 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 11:46 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 11:46 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 11:46 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 11:46 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 11:46 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 11:46 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 11:46 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 11:46 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 11:46 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-15 11:45 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 11:45 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 11:45 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:45 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 11:44 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 11:44 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 11:44 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 11:44 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 11:44 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 11:44 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 11:44 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 11:44 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 11:44 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 11:44 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 11:44 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 11:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-15 11:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-09 01:18 - 2015-07-09 01:20 - 00000000 ____D C:\ProgramData\HP
2015-07-09 00:51 - 2015-07-09 01:44 - 00053025 _____ C:\Users\Owner\Downloads\AFM 363 X.xlsx
2015-07-09 00:33 - 2015-07-09 00:33 - 00032813 _____ C:\Users\Owner\Downloads\AFM 363 .xlsx
2015-07-08 12:48 - 2015-07-08 12:48 - 00032858 _____ C:\Users\Owner\Downloads\AFM 363 - Midterm #1Answers.xlsx
2015-07-08 11:39 - 2015-07-08 11:39 - 00000000 ____D C:\ProgramData\CCH
2015-07-08 11:39 - 2015-07-08 11:39 - 00000000 ____D C:\Program Files (x86)\CCH
2015-07-08 11:38 - 2015-07-08 11:39 - 00000000 ____D C:\Users\Owner\Documents\CCH
2015-07-07 22:47 - 2015-07-07 22:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-07-07 22:47 - 2015-07-07 22:47 - 00000000 ____D C:\Users\Owner\AppData\Local\FluxSoftware
2015-07-07 22:46 - 2015-07-07 22:46 - 00597304 _____ C:\Users\Owner\Downloads\flux-setup.exe
2015-07-02 15:45 - 2015-07-02 15:45 - 00000000 ____D C:\Users\Owner\Desktop\Intelli-studio
2015-07-01 12:57 - 2015-07-01 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
2015-07-01 12:56 - 2015-07-01 13:29 - 00000000 ____D C:\Foldit
2015-07-01 12:54 - 2015-07-01 12:55 - 147857392 _____ C:\Users\Owner\Downloads\Foldit-win_x86.exe
2015-07-01 11:02 - 2015-07-01 11:02 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-01 11:02 - 2015-07-01 11:02 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-07-01 11:02 - 2015-07-01 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-25 13:10 - 2015-06-25 13:10 - 00000224 _____ C:\Users\Owner\Downloads\Re_ OTPP - Offer Details.zip
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL
2015-06-23 22:58 - 2015-06-23 22:58 - 00089872 _____ C:\Users\Owner\Downloads\w2011midterm.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 14:59 - 2015-05-07 23:51 - 00000000 ____D C:\Users\Owner\Documents\My Games
2015-07-18 14:58 - 2013-04-24 16:20 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-07-18 14:54 - 2013-11-14 03:28 - 01554018 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-18 14:54 - 2012-11-07 16:11 - 00538996 _____ C:\WINDOWS\system32\prfh0804.dat
2015-07-18 14:54 - 2012-11-07 16:11 - 00169044 _____ C:\WINDOWS\system32\prfc0804.dat
2015-07-18 14:52 - 2015-03-08 19:02 - 01953843 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 14:48 - 2015-06-10 20:05 - 00098321 _____ C:\WINDOWS\setupact.log
2015-07-18 14:48 - 2014-06-01 22:36 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-18 14:48 - 2012-11-10 14:43 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 14:48 - 2012-11-07 15:35 - 00000416 _____ C:\Users\Owner\AppData\Roaming\sp_data.sys
2015-07-18 14:47 - 2013-12-29 17:02 - 00000000 __RDO C:\Users\Owner\SkyDrive
2015-07-18 14:47 - 2012-10-15 21:25 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-18 13:13 - 2014-07-29 14:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-18 13:03 - 2012-11-10 14:43 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 11:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 10:57 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-18 10:57 - 2013-08-22 10:44 - 00418224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-18 02:17 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-17 23:35 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-15 17:58 - 2012-11-10 14:43 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 17:58 - 2012-11-10 14:43 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 17:39 - 2012-11-07 15:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 17:34 - 2013-07-15 11:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 23:11 - 2012-11-07 15:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2022917722-434284411-3768163980-1001
2015-07-14 13:13 - 2014-07-29 14:13 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:18 - 2014-05-20 13:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-13 19:56 - 2013-04-24 16:20 - 00000000 ____D C:\ProgramData\Skype
2015-07-13 19:55 - 2014-10-06 10:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-13 17:10 - 2014-05-15 10:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-05-15 10:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 14:33 - 2012-10-15 21:25 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-12 22:05 - 2013-01-16 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-07-11 21:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-09 01:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-09 01:21 - 2012-11-07 15:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2015-07-08 11:39 - 2013-12-29 16:28 - 00000000 ____D C:\Users\Owner
2015-07-08 11:39 - 2013-09-11 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCH
2015-07-03 15:28 - 2015-06-11 12:58 - 00028516 _____ C:\WINDOWS\PFRO.log
2015-07-03 08:43 - 2012-12-12 13:27 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 12:16 - 2014-05-20 13:13 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-01 11:02 - 2014-05-20 13:13 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-01 11:01 - 2014-05-20 13:13 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
 
==================== Files in the root of some directories =======
 
2014-07-28 21:48 - 2014-07-28 21:48 - 0000272 _____ () C:\Users\Owner\AppData\Roaming\.backup.dm
2012-11-10 18:52 - 2012-11-10 18:52 - 0000021 _____ () C:\Users\Owner\AppData\Roaming\my_intel.sys
2012-11-07 15:35 - 2015-07-18 14:48 - 0000416 _____ () C:\Users\Owner\AppData\Roaming\sp_data.sys
2014-10-06 23:42 - 2014-10-06 23:42 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-08 21:16 - 2015-06-08 21:24 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2012-08-04 21:42 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 21:42 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-07 16:59 - 2012-11-07 17:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-11-07 16:59 - 2012-11-07 16:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-18 11:12
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 19 July 2015 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove this program in bold using the Add/Remove programs applet.
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) <==== ATTENTION!

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [Power2GoExpress] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir=
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir=
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir=
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF SelectedSearchEngine: Speedial
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default\user.js [2014-05-20]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-20]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-11-10]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi 

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Tim55253

Tim55253
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 19 July 2015 - 02:43 PM

Hello NASDAQ,

 

Thank you for the assistance. Since running the programs you have instructed me to, bootup speed has significantly improved. However, I'm still encountering the issue where my programs takes up to a minute to run. Other than that, there seems to have been substantial improvement.

 

Additionally, I was also wondering if it was necessary to remove "Rocker League" as you had instructed in your first point. This is a game I purchased yesterday on Steam, as such, I didn't remove it in case it wasn't necessary.

 

Here is the FRST log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Owner at 2015-07-19 14:34:30 Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\...\Run: [Power2GoExpress] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2022917722-434284411-3768163980-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF SelectedSearchEngine: Speedial
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default\user.js [2014-05-20]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-20]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-11-10]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found. 
HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\wlpg" => key removed successfully
HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found. 
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default\user.js => moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => key removed successfully
"HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
MakerBot Conveyor Service => Service removed successfully
EagleX64 => Service removed successfully
"C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => File/Folder not found.
EmptyTemp: => 615 MB temporary data Removed.
 
 
Here is the MBAM log.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-07-19
Scan Time: 2:42 PM
Logfile: MBAM2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.19.02
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372334
Time Elapsed: 36 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [fea0cf142c5ef046538bb5e0e81c16ea], 
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [47571fc427636acc8d5296ff7193f010], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-2022917722-434284411-3768163980-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [a9f5d50eaddd95a17c61b5e060a4718f], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.OptimizerPro.A, C:\Users\Owner\Documents\Optimizer Pro, Quarantined, [712df3f0f3976ec84d40880bde26b749], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [8f0fd40f1b6f0432458c48bab15241bf], 
 
Files: 2
PUP.Optional.OptimizerPro.A, C:\Users\Owner\Documents\Optimizer Pro\CookiesException.txt, Quarantined, [712df3f0f3976ec84d40880bde26b749], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Finally, here is the AdwCleaner log.
 
# AdwCleaner v4.208 - Logfile created 19/07/2015 at 15:31:22
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Owner - UX31A-DH51
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&amp;o=15527&amp;prt=NIS&amp;chn=retail&amp;geo=US&amp;ver=20&amp;locale=en_US&amp;tpr=111
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1705 bytes] - [19/07/2015 15:26:31]
AdwCleaner[S0].txt - [1418 bytes] - [19/07/2015 15:31:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1477  bytes] ##########
 
 
Once again, thank you for the assistance.

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 20 July 2015 - 07:59 AM

Additionally, I was also wondering if it was necessary to remove "Rocker League" as you had instructed in your first point. This is a game I purchased yesterday on Steam, as such, I didn't remove it in case it wasn't necessary.


The program is Rocket League and is good.

The Farbar tool identified it as Rocket an other program which is considered malware.

It fooled me also.

===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#5 Tim55253

Tim55253
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 20 July 2015 - 10:46 PM

Hello NASDAQ, 

 

After running Zoek, boot up has slowed down marginally; however, the launching of boot up applications have sped up significantly. Please see below for the log:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Owner on 2015-07-20 at 23:27:03.96.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2015-07-20 11:27:41 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\FolderView deleted successfully
C:\PROGRA~3\NexonUS deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Owner\AppData\Roaming\BitTorrent deleted successfully
C:\Users\Owner\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Owner\AppData\Roaming\uTorrent deleted successfully
C:\Users\Owner\AppData\Local\Unity deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Owner\AppData\Roaming\kompozer.net\KompoZer\Profiles\g6gtlm8g.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs__1138_.backup
 
ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default
 
user.js not found
---- Lines nspdlsd removed from prefs.js ----
user_pref("extensions.nspdlsd.aflt", "spd_ir_14_21_ch");
user_pref("extensions.nspdlsd.cd", "2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1T
user_pref("extensions.nspdlsd.cr", "2071696218");
user_pref("extensions.nspdlsd.instlRef", "140305_a");
---- FireFox user.js and prefs.js backups ---- 
 
prefs__1138_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [2015-07-01 11:02 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Owner\AppData\Roaming\kompozer.net\KompoZer\Profiles\g6gtlm8g.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\712fpply.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.134
 
 
Balloono - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf
AdBlock - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Windows Media Player Extension for HTML5 - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Cosmopolise - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm
Momentum - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Chrome Hotword Shared Module - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Messenger (Unofficial) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok
 
==== Chromium Startpages ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
/[*.]learn.uwaterloo.ca:443,*":{"popups":1},"https://[*.]myhrinfo.hrms.uwaterloo.ca:443,*":{"popups":1},"https://[*.]quest.pecs.uwaterloo.ca:443,*":{"popups":1},"https://[*.]voogloo.com:443,*":{"fullscreen":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.kickstarter.com:443,*":{"fullscreen":1},"https://mail.google.com:443,*":{"last_used":{"notifications":1425483185.103891},"notifications":1},"https://mail.google.com:443,https://mail.google.com:443":{"last_used":{"notifications":1425485269.781345}},"https://secure4.marketingden.com:443,https://secure4.marketingden.com:443":{"geolocation":1,"last_used":{"geolocation":1421983673.564227}},"https://summit.uwaterloo.ca:443,*":{"media-stream-camera":2,"media-stream-mic":2}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh6.googleusercontent.com/-LEN_PcxqD-0/AAAAAAAAAAI/AAAAAAAAACA/f2qAvGrXPjI/s256-c/photo.jpg","gaia_info_update_time":"13081893445143540","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","password_manager_groups_for_domains":[9,null,null,null,9,null,3],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Owner\\Documents\\University of Waterloo\\3A Jobmine"},"selectfile":{"last_directory":"C:\\Users\\Owner\\Documents\\University of Waterloo\\3B\\AFM 351"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13033629401111761"},"settings":{"privacy":{"drm_salt":"195B937F6F32B2178D04F6C033C87EAE4A4C08083D0129332CFDCADAE76E1F6B"}},"shelf_alignment_local":"Bottom","sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","App Notifications","Encryption keys"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAeIJgJ+IhY0SQTa2MtUukHwAAAAACAAAAAAAQZgAAAAEAACAAAABrtmQ/Poo4sMWdLH9HCforAgp8S3sEgzp1F11tOLoXqwAAAAAOgAAAAAIAACAAAACFnopEe4QEDyA1BFaKrrb585Zx1vtX+iUa8Ni606qPJUAAAAAibKtVjoBcsuk9PMPIMtDOSwOVdlPdaqyaAyrUyyNWAsDSj/yISXryy2YrpeAHT/Qx/98QS+ONWrMSM8uZrrIwQAAAAD4FZHj+HtonCxxwTyOHL3bM3TN7H0FkRR6TEDkGbCqrdGw6G3rD7uiuFkChBsGL/lqxmbn+jEbF6dGYtpuQ+Oc=","extension_settings":true,"extensions":true,"favicons_syncing_enabled":true,"first_sync_time":"13054406640167886","has_auth_error":false,"has_setup_completed":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAeIJgJ+IhY0SQTa2MtUukHwAAAAACAAAAAAAQZgAAAAEAACAAAABaFj5gpS3JeNAuoVs+dfCsxote8Drs9LuMBwUVMGsNzgAAAAAOgAAAAAIAACAAAADoqPe9qPPaQRzJX23aki8pULFi1t5gUMTqUWiNXrCIRFAAAAAQqYLfaMJZgYi7weH9fKswagYzG+GsNXqollsXXcGSuWxrHtgKwwQhnpKX8ipHjJmOzvOzrol858yVSdOTKd03VMjBdsHDzzo9Zy24hms+DEAAAABoPYB2hmMvX15++B7z7v8ukTx0q9wq9QdjHwsCuZeV6Jx5gVSfCrCDWgDfxy4hgAnlyf5NDXbSbPPlnyXPNCdn","last_synced_time":"13081922773852956","passwords":true,"preferences":true,"search_engines":true,"session_sync_guid":"session_sync3SSuQKmHOTbCqTnAwNXxRA==","sessions":true,"suppress_start":false,"themes":true,"typed_urls":true},"sync_promo":{"show_ntp_bubble":false,"startup_count":1,"user_skipped":true,"view_count":1},"synced_notification":{"enabled_sending_services":["Google+"],"first_run":false,"initialized_sending_services":["Google+"]},"translate_accepted_count":{"de":0,"en":0,"es":0,"fr":0,"it":0,"ja":0,"ko":0,"nl":0,"tr":0,"und":0,"vi":0,"zh-CN":0,"zh-TW":0},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"en":6,"es":1,"fr":4,"it":5,"ja":1,"ko":7,"nl":4,"tr":1,"und":1,"vi":2,"zh-CN":16,"zh-TW":13},"translate_language_blacklist":[],"translate_last_denied_time":1.413683e+12,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
BE0F7C9F419D8B8234BC38016FF8A6346A"},"extensions":{"settings":{"aciahcmjmecflokailenpkdchphgkefd":"62C019F6DE87071C905F4BCEE0477A3226007447FEA320526B37C52DD54BE9EF","ahfgeienlihckogmohjhadlkjgocpleb":"6BEB394FC07C34658B64469DB8ACFC7F17D84CFA21C64627DBFF82990B0B46BB","apdfllckaahabafndbhieahigkjlhalf":"E2C6CC99C46980502CC0F993CA369E394EFE3914CC43693392C45A73A9AFBFC1","bakijjialdiiboeaknfpmflphhmljfkd":"119B7D25660C6859BF52AF63130DAA3919EFFD3408886516FC08DAD0682676FA","bepbmhgboaologfdajaanbcjmnhjmhfn":"79E61869A1F50A23766445B38F06C3AB8AB7E9B010E0346FC895E73D9BFC4DE3","blpcfgokakmgnkcojhhkbfbldkacnbeo":"9F9FED962A83D3B166ADBAFE1D8FBCF996F48DE1EC425B12E1AD8B114AA348C1","coobgpohoikkiipiblmjeljniedjpjpf":"7B22291014EB55C17631B2A85E46BCA78608E3B7C86C64A961E7D8DA1BC0012D","dnhpdliibojhegemfjheidglijccjfmc":"3211904C4BA6D552D1F5F62A093ED6CF9E3449F8C2A207DC403709BF3F9BED79","eemcgdkfndhakfknompkggombfjjjeno":"0CC7EE435B1E061FBA7ABF11F4AA02B17AD9D20EC9BAE58949A6A39DB55BAA63","ennkphjdgehloodpbhlhldgbnhmacadg":"887148396B2FC759FCB8833207C5801DCB34808201AACA7A5E6537517AB1612B","fdcgdnkidjaadafnichfpabhfomcebme":"6FA02E612D1387A3016D64049816F9274C447DBB3E80D95085E64A1E386841F3","fmggmlpijnjmhdekfigfbkookpdfodhf":"83763ABBAF1D4A0C55B291B50279FF1FC5E63809D52AE3328E3EFDFF8F6AC3B3","gfdkimpbcpahaombhbimeihdjnejgicl":"FAB8EAFDB3D64ACE61C26419FE8BE801BFB45F1E13FE1F4F2E5CE654C59CAFE5","gighmmpiobklfepjocnamgkkbiglidom":"F97A04BE3A3C2A5E02F90B5D7225F6CF14A81310FEE26B986C570E404B036C68","hokdglbhghcebcopdbanieangmcamaak":"23810D2357539B99EE7527DCBD116F0078D1870A2AB936FF4FC65F7BC53C8B0A","ipihgjdhjoldhpfpmiiimpnmohpfhkcm":"55106FBB3962BDB73E58D69BBEF17AB906912B2CD846C2A21B5B5E79B692CDEF","kmendfapggjehodndflmmgagdbamhnfd":"72C6CF47C02AA69584335E56A428C24040CD628DCFFC5C413414ED62147C382D","laookkfknpbbblfpciffpaejjkokdgca":"A7DF098BBE6C0DCF28D9098BAE4EA3232AF7B19D3FD5A51D84C8805A57B67C56","lccekmodgklaepjeofjdjpbminllajkg":"0D24FC9B62E040474B8CA8A34A9C455198AC74856AD5E1C4D9844D930D9453F2","mcbkbpnkkkipelfledbfocopglifcfmi":"45A526AA854C38D15FC8F024731A21D87D42C8A270B676DD0CCB32F0B67B1A06","mdapmeleikeppmfgadilffngabfpibok":"C638E4E0E2F1F3B8BDE91E060AC01C9527783A43A2FFCE124211A6541FB90A10","mfehgcgbbipciphmccgaenjidiccnmng":"FCC6C7AD244DEF7E2C57FC60E377928A826E812D46BC8A06726344F8ADF43DE6","mfffpogegjflfpflabcdkioaeobkgjik":"94C302945B19222DC390542A46E6CAA33E4B0C849A125A0E623C06B346848586","mgndgikekgjfcpckkfioiadnlibdjbkf":"15CAFC5363FACDCFC3C3D1EE7DAB7A1556F1B37F01E204F1848BDBD0044AA7A8","mhjfbmdgcfjbbpaeojofohoefgiehjai":"98D32E23F0D52901468A9BB8ED3D2A3BF67D20F896F84B0D273B86689B281E8D","nbpagnldghgfoolbancepceaanlmhfmd":"0AE74823DFE2CF29DC4AA044406615E5831C0A3B1C8ECF97BD781EA833F0DE82","neajdppkdcdipfabeoofebfddakdcjhd":"2307ED8E54F6045527C305438115E0A3BCC846348A019FD713C6E6CC4E5F03EF","nkeimhogjdpnpccoofpliimaahmaaome":"357EB8910AAA7BCA45D667C6963095F3755484F2AFEC81AF80111F05444DF09C","nmmhkkegccagdldgiimedpiccmgmieda":"F0A5D9EF589B35B4187F945C06B465B37433546A4C70D90A85F0D5027B804F95","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"544D47E890135D8FB39BC8E3DE7F8AC8083AAFC6DC1EDAEADCFED179001C9920","pjkljhegncpnkpknbcohdijeoejaedia":"0C07C3D07D50DD3C55F5EA1EAB24F978C6B62F34C09EEFC231D8BA625F5D5C74"}},"google":{"services":{"last_username":"1AA24919DB4694A8ABF9789F8B09ED5CACBDE165358B9FB5C1E82A3FCEC04942","username":"3621E2E1ABC69E87655AB65A073F2F43EE4BD0545F7559AA24C2CF972B305591"}},"homepage":"4AA2DFAAB5849E34EEE1D1F9BB79A1D9FBF1059452AFC359C9319E2F41B48D84","homepage_is_newtabpage":"755538C830159EBA4B894A5D9CCBC6F3EE965A85FD7D9D554824D33C2D624FF7","pinned_tabs":"B257CC002580C63279175B34BE539DE2A4A2030E8EFD7A588B4643B71CA23EC9","prefs":{"preference_reset_time":"EC4906976EACB5F0F829AD3CF905EA2EB9EDAA913A82D74CA5B4B8EF6C39C975"},"profile":{"reset_prompt_memento":"6DFBCF07F77E0FA766A39FA7583C8FD44D23E025C0932488B26FC17368372B05"},"safebrowsing":{"incidents_sent":"1056B51A1CA2AF8CD6128BB64EF9D30318EE9EE69B43D6D904C8E6B717D9AA95"},"search_provider_overrides":"D407CC3F216B2D428A6756AE17922261A83FF54E5D3A4D0DD2A7151C96F07062","session":{"restore_on_startup":"CF8B35B522AA7ECFD56C78DEA8E940B1BFFA81A624726721F40E94E152F92D61","startup_urls":"D7A87E85CA97C53CF1E90624F33BBCBCFD25AA4123D83BF06020C5DED2877C39"},"software_reporter":{"prompt_reason":"F42E96D04323491593A6BA0ED6B08E2E633C950288B6255CA712FDFF3E3223F2","prompt_seed":"FE5087C6082B5E768398D52205BC4F8110757348D964280A0A6C63C65B8660D3","prompt_version":"E38448F0516381BB7124FC8613E117427F4C6F77375EE3871437DA4FC15467B4"},"sync":{"remaining_rollback_tries":"642EF52978228245FFC95551024D8BDF49304AEA732A6B05511FD6116D6CB89A"}},"super_mac":"16C0FAD32FCC4B349D29E76999C6E7C314C1C025E4005C4B6B126B169F3CA9D2"},"session":{"restore_on_startup":5,"startup_urls":["http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir="]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Chromium Fix ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.topcondosearch.com_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.topcondosearch.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=21 folders=20 95891474 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 2015-07-20 at 23:42:08.43 ======================
 
Thank you for your assistance.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 21 July 2015 - 07:59 AM

This Speedial.com is still in your Chrome start page.

["http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzzyEyBtCyCtB0B0D0BzztAtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0ByB0DyB0B0FtG0DtA0A0BtGyB0E0D0CtG0A0C0D0FtGyB0A0C0F0EzztD0DzyyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0EyB0FyB0CyEtG0D0C0EtCtGzz0CtAyDtGzyyBtAtCtGyCtAyDyBtByEyEtBtAtB0F0C2Q&cr=2071696218&ir="]},"sync":{"remaining_rollback_tries":0}}

Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.

Select Setting.
Under the On Startup section
Open the Set Pages
If Speedial is listed remove it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 Tim55253

Tim55253
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 21 July 2015 - 01:53 PM

Hello NASDAQ,

 

I have done as instructed. It seems that opening chrome is significantly faster. Are there anymore issues? 

 

Once again, thanks for your assistance. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 21 July 2015 - 03:36 PM

Run the computer for a day or two and let me know of any issues.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 27 July 2015 - 07:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users