Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware disabled Windows Update: Not sure if I correctly removed it.


  • This topic is locked This topic is locked
2 replies to this topic

#1 sinkopate

sinkopate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 20 October 2015 - 02:21 PM

Hello everyone,

 

I've recently been infected with various trojans/malware that I removed with MalwareBytes and Spybot. I noticed that my Windows Update has been "disabled by a System Administrator". As this is my home computer, there is no system administrator, so I suspected that it was disabled by a previous virus. I've tried to re-enable it by running Windows Update Troubleshooter and by re-scanning my PC using Malwarebytes but nothing worked. I'm starting to suspect that the virus was not completely removed. 

 

I've run FRST, and I'll past the log down below. I've also attached the addition.txt to this post. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by Nathan_2 (administrator) on NATHAN-PC (20-10-2015 15:08:35)
Running from C:\Users\Nathan_2\Downloads
Loaded Profiles: Nathan_2 (Available Profiles: Nathan & Nathan_2 & Caleb & Joshua & Daddy & Work Desktop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Oki Data Corporation) C:\Windows\System32\spool\drivers\x64\3\OPHCLDCS.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Users\Nathan\Desktop\st\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Nathan_2\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Nathan_2\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Nathan_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Users\Nathan\Desktop\st\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2013-03-14] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [208952 2013-03-14] (Bluebeam Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [621384 2013-12-04] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [Steam] => C:\Users\Nathan\Desktop\st\Steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Nathan_2\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [Dropbox Update] => C:\Users\Nathan_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [GoogleChromeAutoLaunch_4D6A3F5C8CC05DE7E2D99B77D307CD09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-04-10]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-07-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-15]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-03-23]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Nathan_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-03-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Nathan_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-06-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nathan_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{26F5816F-CDD4-4409-A038-1DC28B5AB9E6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{298E71B6-7422-4475-8B6B-1870E7CF7064}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
URLSearchHook: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3EA9D624-941C-4C86-8924-06696CB5E549} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {9FB53B66-8962-41B8-AC8F-327788120C56} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> DefaultScope {A07C168E-A83B-4E20-BC42-234DF2D01E7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {3EA9D624-941C-4C86-8924-06696CB5E549} URL = 
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {743245C6-31E7-4B97-A2CC-30AF98C45492} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {9FB53B66-8962-41B8-AC8F-327788120C56} URL = 
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {A07C168E-A83B-4E20-BC42-234DF2D01E7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {B24BA06E-FB7B-4757-95C2-DC01125F750E} -  No File
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler-x32: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll [2010-01-06] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll [2010-12-01] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Nathan_2\AppData\Roaming\Mozilla\Firefox\Profiles\frjvotr9.default
FF DefaultSearchEngine.US: Yahoo!
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @BluebeamPDF/PDF viewer -> C:\Program Files (x86)\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll [2013-03-14] (Bluebeam Software, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-11-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-01-25] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-07-27]
FF Extension: WOT - C:\Users\Nathan_2\AppData\Roaming\Mozilla\Firefox\Profiles\frjvotr9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Nathan_2\AppData\Roaming\Mozilla\Firefox\Profiles\frjvotr9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-09-01]
FF Extension: Facebook Phishing Protector - C:\Users\Nathan_2\AppData\Roaming\Mozilla\Firefox\Profiles\frjvotr9.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-09-01]
FF Extension: Adblock Plus - C:\Users\Nathan_2\AppData\Roaming\Mozilla\Firefox\Profiles\frjvotr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-27] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://portal.utoronto.ca/webapps/bb-auth-provider-shibboleth-bb_bb60/execute/shibbolethLogin?returnUrl=https%3A%2F%2Fportal.utoronto.ca%2Fwebapps%2Fportal%2Fframeset.jsp&authProviderId=_103_1","hxxp://onesearch.library.utoronto.ca/","hxxp://homepage-web.com/?s=lenovo&m=start"
CHR Profile: C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]
CHR Extension: (Entanglement Web App) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-09-02]
CHR Extension: (Bible) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2015-09-02]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-09-08]
CHR Extension: (Google Docs) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02]
CHR Extension: (Google Drive) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-02]
CHR Extension: (Turn Off the Lights) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-02]
CHR Extension: (YouTube) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-02]
CHR Extension: (Adblock Plus) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-02]
CHR Extension: (Bypass Surveys) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg [2015-09-08]
CHR Extension: (Google Search) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-02]
CHR Extension: (Empty New Tab Page) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-09-02]
CHR Extension: (Quabel) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\egembnpjkmkpcpnibglmmaaaioiijmnp [2015-09-02]
CHR Extension: (Gmail Offline) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-09-02]
CHR Extension: (Google Calendar) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-09-02]
CHR Extension: (Google Sheets) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-02]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2015-09-02]
CHR Extension: (Little Alchemy) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-09-02]
CHR Extension: (Twitter Widget [ANTP]) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjhjdjlohhomjjfpgpgjfgoilchmi [2015-09-08]
CHR Extension: (Steambirds: Survival) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2015-09-02]
CHR Extension: (Pillarbox) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpkiimneajkmcikgpihhiekhmeemacn [2015-09-08]
CHR Extension: (Poppit!) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-09-02]
CHR Extension: (Awesome New Tab Page) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2015-09-08]
CHR Extension: (SharePoint Fix) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2015-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02]
CHR Extension: (AdBlock Pro) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-09-02]
CHR Extension: (Thin Scroll Bar) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmmnceaidnmminjjffpndcbdibelgam [2015-09-02]
CHR Extension: (Gmail) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Nathan\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2010-04-07] (Autodesk) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-29] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 mi-raysat_3dsmax9_32; C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1289544 2013-12-04] (Cisco Systems, Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OKI OPHC DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE [20480 2007-05-29] (Oki Data Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-22] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-09-10] (Duplex Secure Ltd.)
U3 a2jjrsvy; C:\Windows\System32\Drivers\a2jjrsvy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 15:08 - 2015-10-20 15:09 - 00040268 _____ C:\Users\Nathan_2\Downloads\FRST.txt
2015-10-20 15:07 - 2015-10-20 15:08 - 00000000 ____D C:\FRST
2015-10-20 15:07 - 2015-10-20 15:07 - 02196992 _____ (Farbar) C:\Users\Nathan_2\Downloads\FRST64.exe
2015-10-20 13:10 - 2015-10-20 13:10 - 00000000 ____D C:\Users\Nathan_2\Documents\SpacebaseDF9
2015-10-20 13:08 - 2015-10-20 13:10 - 00000000 ____D C:\Users\Nathan_2\Desktop\Spacebase DF9
2015-10-20 13:02 - 2015-10-20 13:02 - 00014371 _____ C:\Users\Nathan_2\Downloads\[kat.cr]spacebase.df9.v1.06.windows.viruz.torrent
2015-10-17 15:45 - 2015-10-17 15:45 - 138220816 _____ (Microsoft Corporation) C:\Users\Nathan_2\Downloads\msert.exe
2015-10-16 23:29 - 2015-10-16 23:29 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 22:28 - 2015-10-16 22:44 - 817856196 _____ C:\Users\Nathan_2\Downloads\Calradia_Imperial_Age3.1.rar
2015-10-14 23:21 - 2015-10-14 23:21 - 01687552 _____ C:\Users\Nathan_2\Downloads\Law Lec 4.ppt
2015-10-12 09:30 - 2015-10-12 09:30 - 00000000 ____D C:\Users\Work Desktop\AppData\LocalLow\uTorrent
2015-10-12 01:16 - 2015-10-12 01:16 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-12 01:16 - 2015-10-12 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-12 01:15 - 2015-10-12 01:16 - 00000000 ____D C:\Program Files\iTunes
2015-10-12 01:15 - 2015-10-12 01:15 - 00000000 ____D C:\Program Files\iPod
2015-10-12 01:15 - 2015-10-12 01:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-12 01:12 - 2015-10-12 01:12 - 00000000 ____D C:\Program Files\Bonjour
2015-10-12 01:12 - 2015-10-12 01:12 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-12 01:10 - 2015-10-12 01:10 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-12 01:10 - 2015-10-12 01:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-12 00:16 - 2015-10-12 00:16 - 00001738 _____ C:\Users\Public\Desktop\Prison Architect.lnk
2015-10-12 00:16 - 2015-10-12 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-10-12 00:16 - 2015-10-12 00:16 - 00000000 ____D C:\GOG Games
2015-10-11 23:55 - 2015-10-16 00:04 - 00000000 ____D C:\Users\Nathan_2\AppData\LocalLow\uTorrent
2015-10-11 11:14 - 2015-10-11 11:14 - 01065072 _____ C:\Windows\Minidump\101115-105753-01.dmp
2015-10-11 11:12 - 2015-10-11 11:12 - 640430675 _____ C:\Windows\MEMORY.DMP
2015-10-06 21:39 - 2015-10-06 21:39 - 00020075 _____ C:\Users\Nathan_2\Downloads\My personal response thingy D.zip
2015-10-04 15:38 - 2015-10-04 15:38 - 40253440 _____ C:\Users\Nathan_2\Downloads\GRVTSv1.4c.tar
2015-10-01 23:44 - 2015-10-02 01:30 - 00000000 ____D C:\Users\Nathan_2\Desktop\1
2015-09-29 14:10 - 2015-09-29 14:10 - 00000000 ____D C:\Users\Nathan_2\AppData\Local\Steam
2015-09-29 14:10 - 2015-09-29 14:10 - 00000000 ____D C:\Users\Nathan_2\AppData\Local\CEF
2015-09-26 20:36 - 2015-09-26 20:59 - 286742866 _____ C:\Users\Nathan_2\Downloads\zbase-v5588.zip
2015-09-26 13:33 - 2015-10-06 01:08 - 00000000 ____D C:\Users\Nathan_2\Documents\OpenTTD
2015-09-26 13:25 - 2015-09-26 13:29 - 00000000 ____D C:\Program Files\OpenTTD
2015-09-26 13:25 - 2015-09-26 13:25 - 00000798 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2015-09-26 13:25 - 2015-09-26 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2015-09-26 13:05 - 2015-09-26 13:07 - 07927336 _____ (OpenTTD Developers) C:\Users\Nathan_2\Downloads\openttd-1.5.2-windows-win64.exe
2015-09-25 12:14 - 2015-09-25 16:30 - 00000000 ____D C:\Users\Nathan_2\Documents\Simutrans
2015-09-25 12:06 - 2015-09-25 12:07 - 00000000 ____D C:\Program Files (x86)\Simutrans
2015-09-25 12:06 - 2015-09-25 12:06 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simutrans
2015-09-25 12:05 - 2015-09-25 12:05 - 00216822 _____ C:\Users\Nathan_2\Downloads\simutrans-online-install.exe
2015-09-25 02:08 - 2015-09-25 02:08 - 00105073 _____ C:\Users\Nathan_2\Downloads\[kat.cr]cities.in.motion.2.collection.plaza (2).torrent
2015-09-25 02:07 - 2015-09-25 02:07 - 00105073 _____ C:\Users\Nathan_2\Downloads\Unconfirmed 950544.crdownload
2015-09-25 02:07 - 2015-09-25 02:07 - 00105073 _____ C:\Users\Nathan_2\Downloads\Unconfirmed 893043.crdownload
2015-09-24 01:25 - 2015-09-24 01:26 - 00013873 _____ C:\Users\Nathan_2\Downloads\openau.au
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 15:08 - 2012-04-11 14:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-20 15:02 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-20 15:02 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-20 14:59 - 2012-04-26 10:56 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-10-20 14:57 - 2009-07-14 01:10 - 01961091 _____ C:\Windows\WindowsUpdate.log
2015-10-20 14:55 - 2012-03-21 20:33 - 00000000 ___RD C:\Users\Nathan_2\Dropbox
2015-10-20 14:55 - 2012-03-21 20:31 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\Dropbox
2015-10-20 14:53 - 2010-05-03 21:02 - 00000000 ____D C:\Users\Nathan\Desktop\st
2015-10-20 14:52 - 2015-09-02 13:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 14:52 - 2010-05-09 17:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-20 14:52 - 2010-03-22 16:50 - 00000000 ____D C:\Users\Nathan_2\AppData\Local\SoftThinks
2015-10-20 14:51 - 2015-09-02 19:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e5d8a4d8fbef.job
2015-10-20 14:50 - 2015-09-09 19:36 - 00008776 _____ C:\Windows\PFRO.log
2015-10-20 14:50 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-20 14:50 - 2009-07-14 00:51 - 00195604 _____ C:\Windows\setupact.log
2015-10-20 14:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-20 13:17 - 2015-08-02 22:54 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\qBittorrent
2015-10-20 13:16 - 2010-05-03 19:14 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-10-19 22:43 - 2010-06-14 20:12 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\Skype
2015-10-17 00:37 - 2015-09-02 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 00:37 - 2015-09-02 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 00:08 - 2012-04-11 14:44 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 00:08 - 2012-04-11 14:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-17 00:08 - 2011-05-14 16:16 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-16 23:26 - 2015-08-05 15:04 - 00000000 ____D C:\Users\Nathan_2\Documents\Mount&Blade Warband Savegames
2015-10-16 22:43 - 2015-08-05 15:02 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\Mount&Blade Warband
2015-10-16 11:00 - 2014-04-16 16:18 - 00002282 ____H C:\Users\Nathan\Documents\Default.rdp
2015-10-16 08:33 - 2010-03-22 14:45 - 00000000 ____D C:\Users\Nathan\AppData\Local\SoftThinks
2015-10-16 08:18 - 2012-01-28 00:43 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\uTorrent
2015-10-16 08:17 - 2015-09-17 22:50 - 00000000 ____D C:\Users\Nathan_2\AppData\Local\Popcorn-Time
2015-10-15 23:04 - 2010-05-19 22:36 - 00000000 ____D C:\Users\Nathan_2\AppData\Roaming\vlc
2015-10-15 15:00 - 2012-04-26 10:56 - 00003536 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-10-15 15:00 - 2012-04-26 10:56 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-10-15 14:10 - 2009-07-14 01:13 - 00801002 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-15 13:46 - 2015-09-02 19:40 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-14 08:22 - 2012-04-26 10:56 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-10-14 08:16 - 2012-04-26 10:56 - 00004270 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-10-12 09:41 - 2015-07-05 00:06 - 00000000 ____D C:\Users\Work Desktop\AppData\Local\Popcorn-Time
2015-10-12 09:41 - 2013-01-19 13:11 - 00000000 ____D C:\Users\Work Desktop\AppData\Roaming\uTorrent
2015-10-12 09:31 - 2012-11-17 19:04 - 00000000 ___RD C:\Users\Work Desktop\Google Drive
2015-10-12 09:27 - 2012-10-09 20:24 - 00001246 __RSH C:\Users\Work Desktop\ntuser.pol
2015-10-12 01:15 - 2010-06-14 01:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-12 01:10 - 2010-05-05 22:22 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-12 00:59 - 2015-09-08 17:51 - 00000000 ____D C:\Users\Nathan_2\Desktop\LANOIRE
2015-10-12 00:53 - 2012-10-09 20:24 - 00000000 ____D C:\Users\Work Desktop\AppData\Local\Google
2015-10-12 00:16 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-11 11:14 - 2011-04-01 23:35 - 00000000 ____D C:\Windows\Minidump
2015-10-05 09:50 - 2015-09-02 13:04 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-09-02 13:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-09-02 13:04 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-03 13:53 - 2012-06-14 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-02 12:31 - 2010-03-14 21:12 - 00000000 ____D C:\Windows\Panther
2015-09-26 01:09 - 2015-05-21 19:39 - 00135680 _____ C:\Users\Work Desktop\Desktop\resumerevamped.pub
2015-09-23 20:12 - 2011-11-03 20:43 - 00000000 ____D C:\Users\Nathan_2\AppData\Local\Akamai
2015-09-20 14:44 - 2015-09-15 15:30 - 00000000 ____D C:\Users\Nathan_2\Desktop\Um
 
==================== Files in the root of some directories =======
 
2014-02-20 14:21 - 2012-05-09 01:29 - 0006148 _____ () C:\Program Files (x86)\.DS_Store
2014-02-20 14:21 - 2008-10-25 20:27 - 0028672 _____ () C:\Program Files (x86)\AtsPluginProxy.dll
2014-02-20 14:21 - 2008-01-15 05:07 - 0001147 _____ () C:\Program Files (x86)\COPYING
2014-02-20 14:21 - 2012-06-09 03:21 - 0000868 _____ () C:\Program Files (x86)\Credits.txt
2014-02-20 14:21 - 2013-11-19 23:10 - 0053248 _____ () C:\Program Files (x86)\ObjectBender.exe
2014-02-20 14:21 - 2013-11-19 23:10 - 0262144 _____ () C:\Program Files (x86)\ObjectViewer.exe
2014-02-20 14:21 - 2012-02-12 17:15 - 0000101 _____ () C:\Program Files (x86)\ObjectViewer.exe.config
2014-02-20 14:21 - 2013-11-19 23:11 - 0937984 _____ () C:\Program Files (x86)\OpenBve.exe
2014-02-20 14:21 - 2012-02-12 17:15 - 0000101 _____ () C:\Program Files (x86)\OpenBve.exe.config
2014-02-20 14:21 - 2013-07-28 06:54 - 0049152 _____ () C:\Program Files (x86)\OpenBveApi.dll
2014-02-20 14:21 - 2013-07-28 06:54 - 0127543 _____ () C:\Program Files (x86)\OpenBveApi.xml
2015-05-05 22:04 - 2015-07-01 14:04 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-02-20 14:21 - 2007-07-20 03:25 - 0000438 _____ () C:\Program Files (x86)\README-SDL.txt
2014-02-20 14:21 - 2012-06-09 03:22 - 0001639 _____ () C:\Program Files (x86)\Readme.txt
2014-02-20 14:21 - 2013-11-19 23:11 - 0483328 _____ () C:\Program Files (x86)\RouteViewer.exe
2014-02-20 14:21 - 2012-02-12 17:15 - 0000101 _____ () C:\Program Files (x86)\RouteViewer.exe.config
2014-02-20 14:21 - 2012-01-15 10:49 - 0303616 _____ () C:\Program Files (x86)\SDL.dll
2014-02-20 14:21 - 2013-11-19 23:11 - 0000238 _____ () C:\Program Files (x86)\settings.sav
2010-08-31 17:08 - 2010-08-31 17:08 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2014-02-20 14:21 - 2011-05-23 11:34 - 0069632 _____ (Tao Framework -- http://www.taoframework.com) C:\Program Files (x86)\Tao.OpenAl.dll
2014-02-20 14:21 - 2010-11-17 08:09 - 0000457 _____ () C:\Program Files (x86)\Tao.OpenAl.dll.config
2014-02-20 14:21 - 2011-05-23 11:33 - 1138688 _____ (Tao Framework -- http://www.taoframework.com) C:\Program Files (x86)\Tao.OpenGl.dll
2014-02-20 14:21 - 2010-11-28 14:52 - 0000508 _____ () C:\Program Files (x86)\Tao.OpenGl.dll.config
2014-09-26 11:33 - 2011-05-23 11:32 - 0081920 _____ (Tao Framework -- http://www.taoframework.com) C:\Program Files (x86)\Tao.Sdl.dll
2014-02-20 14:21 - 2008-05-01 14:47 - 0001539 _____ () C:\Program Files (x86)\Tao.Sdl.dll.config
2014-02-20 14:21 - 2013-11-19 23:11 - 0126976 _____ () C:\Program Files (x86)\TrainEditor.exe
2014-09-26 11:33 - 2014-09-26 11:33 - 0116013 _____ () C:\Program Files (x86)\Uninstal.exe
2015-07-14 11:15 - 2015-08-11 20:11 - 0000024 _____ () C:\Users\Nathan_2\AppData\Roaming\appdataFr25.bin
2012-11-29 01:06 - 2012-11-29 01:21 - 0000077 _____ () C:\Users\Nathan_2\AppData\Roaming\Rim.Desktop.Exception.log
2010-03-28 23:43 - 2012-11-29 01:10 - 0010752 _____ () C:\Users\Nathan_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-17 19:09 - 2010-10-17 19:09 - 0004096 ____H () C:\Users\Nathan_2\AppData\Local\keyfile3.drm
2010-06-14 00:59 - 2010-06-14 00:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-11-03 15:29 - 2014-11-03 15:29 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Files to move or delete:
====================
C:\Users\Public\FFmpeg_2009_01_08_for_Audacity_on_Windows.exe
C:\Users\Public\Lame_v3.98.2_for_Audacity_on_Windows.exe
C:\Users\Work Desktop\AdvancedHook.dll
C:\Users\Work Desktop\LCPD First Response.dll
C:\Users\Work Desktop\Lidgren.Network.dll
C:\Users\Work Desktop\protobuf-net.dll
C:\Users\Work Desktop\ScriptHook.dll
C:\Windows\Tasks\{64478124-CCDD-4C03-AF49-E9C8CD5E54EF}.job
C:\Windows\Tasks\{B806DC24-FF4C-4B2E-9347-B759984F2977}.job
 
 
Some files in TEMP:
====================
C:\Users\Nathan_2\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Nathan_2\AppData\Local\Temp\drm_dyndata_7350008.dll
C:\Users\Nathan_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmposb0zb.dll
C:\Users\Nathan_2\AppData\Local\Temp\_is1E47.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is5455.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is5F8C.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is76E1.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is9AC7.exe
C:\Users\Nathan_2\AppData\Local\Temp\_isAB1A.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 12:08
 
==================== End of FRST.txt ============================
 
Thanks in advance for all your time and effort!

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 22 October 2015 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold using the Add/Remove Programs applet.
LibrarySystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{88c3b28}) (Version: - Software Publisher) <==== ATTENTION

===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1368940634-207729537-1892670199-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1368940634-207729537-1892670199-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {3EA9D624-941C-4C86-8924-06696CB5E549} URL =
SearchScopes: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> {9FB53B66-8962-41B8-AC8F-327788120C56} URL =
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {B24BA06E-FB7B-4757-95C2-DC01125F750E} -  No File
Toolbar: HKU\S-1-5-21-1368940634-207729537-1892670199-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF SearchEngineOrder.1: Ask.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Poppit!) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-09-02]
CHR Extension: (Awesome New Tab Page) - C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2015-09-08]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Nathan\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>
S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
U3 a2jjrsvy; C:\Windows\System32\Drivers\a2jjrsvy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
AlternateDataStreams: C:\ProgramData\TEMP:196FC0A6
AlternateDataStreams: C:\ProgramData\TEMP:7D6EC5BE
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
AlternateDataStreams: C:\Users\Nathan_2\Downloads\Feb. 12, Children's Worship.eml:OECustomProperty
C:\Users\Nathan_2\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Nathan_2\AppData\Local\Temp\drm_dyndata_7350008.dll
C:\Users\Nathan_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmposb0zb.dll
C:\Users\Nathan_2\AppData\Local\Temp\_is1E47.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is5455.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is5F8C.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is76E1.exe
C:\Users\Nathan_2\AppData\Local\Temp\_is9AC7.exe
C:\Users\Nathan_2\AppData\Local\Temp\_isAB1A.exe
C:\Windows\Tasks\{64478124-CCDD-4C03-AF49-E9C8CD5E54EF}.job
C:\Windows\Tasks\{B806DC24-FF4C-4B2E-9347-B759984F2977}.job
C:\Users\Nathan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 PM

Posted 27 October 2015 - 08:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users