Jump to content

poleksiak

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. poleksiak
    Thank you, really helped me a ton!!
  2. poleksiak
    Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Firefox (36.0) Mozilla Thunderbird (31.4.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. poleksiak
    Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Firefox (36.0) Mozilla Thunderbird (31.4.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. poleksiak
    User initialised redundant data purge. ...................... Removed registry subkey tree: JavaSoft Removed registry subkey tree: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} Removed registry subkey tree: {5852F5ED-8BF4-11D4-A245-0080C6F74284} Removed registry subkey: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Removed registry subkey: {DBC80044-A445-435b-BC74-9C25C1C588A9} Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284} Removed registry subkey: application/java-deployment-toolkit Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284} Removed registry subkey: .jnlp Removed registry subkey tree: JavaWebStart.isInstalled Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0 Removed registry subkey tree: JNLPFile Removed registry subkey: {5852F5ED-8BF4-11D4-A245-0080C6F74284} Removed registry subkey tree: Browser Helper Objects Exception encountered in module [JavaRa] Message: Cannot delete a subkey tree because the subkey does not exist. at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey) at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey) at JavaRa.routines_registry.delete_key(String key) Removed registry subkey tree: JavaSoft Removal routine completed successfully. 15 items have been deleted. == Cleaning JRE temporary files == Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-12990d0a Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-12990d0a.idx Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4606dadc Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4606dadc.idx Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed == Cleaning JRE temporary files == Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-12990d0a Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-12990d0a.idx Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4606dadc Deleted file: C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4606dadc.idx Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015 Ran by Peter at 2015-02-22 15:20:16 Run:3 Running from C:\Users\Peter\Desktop Loaded Profiles: Peter (Available profiles: Peter) Boot Mode: Normal ============================================== Content of fixlist: ***************** start Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc cmd: sc config wscsvc start= auto cmd: net start wscsvc Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f end ***************** "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => Key unlocked successfully. ========= sc config wscsvc start= auto ========= [sC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= net start wscsvc ========= The requested service has already been started. More help is available by typing NET HELPMSG 2182. ========= End of CMD: ========= ========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f ========= The operation completed successfully. ========= End of Reg: ========= ==== End of Fixlog 15:20:17 ==== Farbar Service Scanner Version: 17-01-2015 Ran by Peter (administrator) on 22-02-2015 at 15:23:39 Running from "C:\Users\Peter\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  5. poleksiak
    Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 7 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Firefox (36.0) Mozilla Thunderbird (31.4.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  6. poleksiak
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01 Ran by Peter at 2015-02-20 19:57:50 Run:2 Running from C:\Users\Peter\Desktop Loaded Profiles: Peter (Available profiles: Peter) Boot Mode: Normal ============================================== Content of fixlist: ***************** start Unlock: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions Reg: reg delete "HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {2EECD738-5844-4A99-B4B6-146BF802613B} /f Reg: reg delete "HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f end ***************** "HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions" => Key unlocked successfully. ========= reg delete "HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {2EECD738-5844-4A99-B4B6-146BF802613B} /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f ========= The operation completed successfully. ========= End of Reg: ========= ==== End of Fixlog 19:57:50 ==== C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\FRST\Quarantine\C\Users\Peter\AppData\Local\{13482ADC-F2D7-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Program Files (x86)\NCH Software\Prism\prismsetup_v2.01.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Users\Peter\Downloads\Brothersoft_downloader_For_GifSplitter.exe a variant of Win32/BSDownloader potentially unwanted application C:\Users\Peter\Downloads\cbsidlm-tr1_8-GifSplitter-ORG2-10387995.exe Win32/DownloadAdmin.E potentially unwanted application C:\Users\Peter\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Peter\Downloads\CR_Downloader_for_street-fighter-iii-3rd-strike--fight-for-the-future-(usa-990512).exe a variant of Win32/InstallCore.WX potentially unwanted application C:\Users\Peter\Downloads\dfsetup213.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\Peter\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Users\Peter\Downloads\setup(2).exe a variant of Win32/AirAdInstaller.A potentially unwanted application C:\Users\Peter\Downloads\spsetup120.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\Peter\Downloads\xfire_installer_45682.exe Win32/Toolbar.Conduit potentially unwanted application The security check says my operating system is unsupported
  7. poleksiak
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/20/2015 Scan Time: 3:44:46 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.20.07 Rootkit Database: v2015.02.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Peter Scan Type: Threat Scan Result: Completed Objects Scanned: 389943 Time Elapsed: 20 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : PETER-HP Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : Peter-HP\Peter UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-02-20 16:11:03 Scan mode . . . . . . : Normal Scan duration . . . . : 9m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 9 Objects scanned . . . : 1,820,800 Files scanned . . . . : 81,473 Remnants scanned . . : 716,990 files / 1,022,337 keys Suspicious files ____________________________________________________________ C:\Users\Peter\Desktop\FRST64.exe Size . . . . . . . : 2,086,912 bytes Age . . . . . . . : 1.8 days (2015-02-18 21:22:19) Entropy . . . . . : 7.5 SHA-256 . . . . . : CF3043EEDAACEDF33C72A84670D8C24560054CEC81AB37FA58B3A4E1965A74F5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Peter\Documents\BFBC2\pb\pbcl.dll Size . . . . . . . : 891,962 bytes Age . . . . . . . : 683.8 days (2013-04-07 20:42:34) Entropy . . . . . : 7.6 SHA-256 . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ ask.com C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) Cookies _____________________________________________________________________ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\OZKRAESL.txt C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\cookies.sqlite:doubleclick.net C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\cookies.sqlite:pornhub.com C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\cookies.sqlite:stats.complex.com
  8. poleksiak
    # AdwCleaner v4.111 - Logfile created 20/02/2015 at 14:04:44 # Updated 18/02/2015 by Xplode # Database : 2015-02-18.3 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Peter - PETER-HP # Running from : C:\Users\Peter\Downloads\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** Service Deleted : hola_updater Service Deleted : hola_svc ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon [#] Folder Deleted : C:\Program Files\Hola Folder Deleted : C:\Users\Peter\AppData\Local\Babylon Folder Deleted : C:\Users\Peter\AppData\Local\CrashRpt File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\SOFTWARE\Conduit Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v36.0 (x86 en-US) [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114022"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "8ab4d0c3000000000000c0c1c05cf5ed"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "8ab4d0c3000000000000c0c1c05cf5ed"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15534"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.173:56:53"); [4xpvr53k.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [4100 bytes] - [20/02/2015 14:01:09] AdwCleaner[s0].txt - [4189 bytes] - [20/02/2015 14:04:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4248 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by Peter on Fri 02/20/2015 at 14:12:44.70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{137E4D16-D68F-4FE7-89FB-BFE433A3E3CC} Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{24584B0F-487C-40F4-8D85-449F67B5634B} Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{96EACDB3-4095-4CFC-BF40-D6D9A4429302} ~~~ FireFox Successfully deleted: [File] C:\user.js Emptied folder: C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\4xpvr53k.default\minidumps [122 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 02/20/2015 at 14:16:35.47 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. poleksiak
    Everything seems to be normal now, thank you. Fixlog.txt
  10. poleksiak
    I can't figure out how to edit my post and I didn't realize you wanted the FRST.txt to be pasted so here it is Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by Peter (administrator) on PETER-HP on 20-02-2015 01:15:16 Running from C:\Users\Peter\Desktop Loaded Profiles: Peter (Available profiles: Peter) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe () C:\Program Files (x86)\WhatPulse2\whatpulse.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Flux Software LLC) C:\Users\Peter\AppData\Local\FluxSoftware\Flux\flux.exe () C:\Program Files (x86)\puush\puush.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Curse) C:\Users\Peter\AppData\Local\Apps\2.0\ZXOOO5GZ.ZD5\PE6VV4Z6.8Z2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe ( ) C:\Windows\System32\lxeacoms.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Peter Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-09-14] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90015360 2014-03-02] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1409512 2014-11-06] (Hola Networks Ltd.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3126272 2013-12-11] () HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [AtiTrayTools] => C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe [929792 2011-10-29] (Ray Adams) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [LSI] => C:\Users\Peter\Documents\LSI\LSI v1.14.exe HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [spotify] => C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-25] (Spotify Ltd) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-25] (Spotify Ltd) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [f.lux] => C:\Users\Peter\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-07-19] () HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\MountPoints2: {43034c5c-842a-11e1-80e7-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\MountPoints2: {a5e92934-9ed5-11e4-8ea9-386077e4070c} - J:\HTC_Sync_Manager_PC.exe AppInit_DLLs-x32: c:\progra~3\bprote~1\21419~1.7\protec~1.dll => "c:\progra~3\bprote~1\21419~1.7\protec~1.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\Peter\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default FF NewTab: google.com FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SearchEngineOrder.1: Search the web (Babylon) FF SelectedSearchEngine: Binkiland FF Homepage: hxxp://www.google.com/ FF Keyword.URL: ^hxxp://.*\\.babylon\\.com/\\?AF=114022.* FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: @nsroblox.roblox.com/launcher -> C:\Users\Peter\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\user.js FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\searchplugins\bProtect.xml FF Extension: Battlefield Play4Free - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\battlefieldplay4free@ea.com [2012-06-22] FF Extension: ExHentai Easy - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack [2013-09-08] FF Extension: Hola Better Internet - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-02-19] FF Extension: Classic Theme Restorer - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-03-24] FF Extension: Firefox 3 theme for Firefox 4+ - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\ffe_ff3ff4@game-point.net.xpi [2012-06-19] FF Extension: ExHentai Easy 2 - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-03-09] FF Extension: FrankerFaceZ - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2015-01-08] FF Extension: Test Pilot - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-08] FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-19] FF Extension: Greasemonkey - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-08] FF Extension: ExHentai Easy 2 - C:\Program Files (x86)\Mozilla Firefox\extensions\exhentai_easy2.xpi [2015-02-11] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-11] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-06-19] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2015-02-19] FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-04-11] FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Firefox\Extensions: [{13482ADC-F2D7-11E1-8270-B8AC6F996F26}] - C:\Users\Peter\AppData\Local\{13482ADC-F2D7-11E1-8270-B8AC6F996F26} FF Extension: Mozilla Safe Browsing - C:\Users\Peter\AppData\Local\{13482ADC-F2D7-11E1-8270-B8AC6F996F26} [2012-08-30] FF HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir=" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-05] CHR Extension: (Hola Better Internet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-05] CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15] CHR Extension: (Spicy Battle) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnbdgenkkgnkbooiipikaoepojfingl [2015-01-18] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-04-11] StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-16] (altPUG LLC) S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-12] (EasyAntiCheat Ltd) S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed] R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8147432 2014-11-06] (Hola Networks Ltd.) R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5794280 2014-10-30] (Hola Networks Ltd.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-09] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] () R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1843712 2011-06-02] (Hauppauge Computer Works, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-04-06] (REALiX) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-02-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-07-03] (Nicomsoft Ltd.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-05] (CACE Technologies) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-11] () S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-04-06] () R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-04-11] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S1 cxuxipny; \??\C:\Windows\system32\drivers\cxuxipny.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ESEADriver2; \??\C:\Users\Peter\AppData\Local\Temp\ESEADriver2.sys [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 01:15 - 2015-02-20 01:15 - 00037936 _____ () C:\Users\Peter\Desktop\FRST.txt 2015-02-19 12:13 - 2015-02-19 12:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\Steam 2015-02-18 21:23 - 2015-02-19 14:14 - 00048518 _____ () C:\Users\Peter\Downloads\FRST.txt 2015-02-18 21:23 - 2015-02-18 21:31 - 00054210 _____ () C:\Users\Peter\Downloads\Addition.txt 2015-02-18 21:22 - 2015-02-20 01:15 - 00000000 ____D () C:\FRST 2015-02-18 21:22 - 2015-02-18 21:22 - 02086912 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe 2015-02-18 20:49 - 2015-02-18 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-18 20:48 - 2015-02-18 21:12 - 00000000 ____D () C:\Users\Peter\Desktop\mbar 2015-02-18 20:48 - 2015-02-18 20:48 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Peter\Downloads\mbar-1.08.3.1004.exe 2015-02-18 19:59 - 2015-02-18 19:59 - 00000033 _____ () C:\Users\Peter\ggpo-ng.ini 2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 _____ () C:\Users\Peter\fightcade-debug.log 2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 _____ () C:\Users\Peter\fightcade.log 2015-02-18 19:56 - 2015-02-18 19:56 - 00752136 _____ (Software ) C:\Users\Peter\Downloads\CR_Downloader_for_street-fighter-iii-3rd-strike--fight-for-the-future-(usa-990512).exe 2015-02-18 19:54 - 2015-02-18 19:54 - 22154292 _____ () C:\Users\Peter\Downloads\fightcade-win32-v039.zip 2015-02-18 19:54 - 2014-12-30 23:47 - 00000000 ____D () C:\Users\Peter\Desktop\FightCade 2015-02-16 12:56 - 2015-02-16 12:56 - 05367023 _____ () C:\Users\Peter\Downloads\lewa+skin+(1).zip 2015-02-15 21:24 - 2015-02-15 21:24 - 11443560 _____ (MPC-HC Team ) C:\Users\Peter\Downloads\MPC-HC.1.7.8.x86.exe 2015-02-15 21:24 - 2015-02-15 21:24 - 00001087 _____ () C:\Users\Peter\Desktop\MPC-HC.lnk 2015-02-15 21:24 - 2015-02-15 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2015-02-15 21:24 - 2015-02-15 21:24 - 00000000 ____D () C:\Program Files (x86)\MPC-HC 2015-02-15 21:10 - 2015-02-15 21:10 - 12240456 _____ (MPC-HC Team ) C:\Users\Peter\Downloads\MPC-HC.1.7.8.x64.exe 2015-02-15 20:59 - 2015-02-15 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP 2015-02-15 20:59 - 2015-02-15 21:13 - 00000000 ____D () C:\Program Files (x86)\KCP 2015-02-15 20:57 - 2015-02-15 20:57 - 16969953 _____ (Haruhichan.com ) C:\Users\Peter\Downloads\KCP-0.5.9.0_[08D7200B].exe 2015-02-11 11:37 - 2015-02-11 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-06 22:07 - 2015-02-06 22:07 - 00003387 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2015-02-03 13:26 - 2015-02-03 13:26 - 00022760 _____ () C:\Users\Peter\Documents\clickerHeroSavebest.txt 2015-01-24 13:34 - 2015-01-24 13:36 - 00000000 ____D () C:\Users\Peter\Documents\musicforphone ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 01:15 - 2014-01-03 15:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\WhatPulse 2015-02-20 01:08 - 2012-12-16 18:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-20 01:00 - 2013-02-07 17:21 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype 2015-02-20 00:31 - 2013-05-27 22:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-20 00:29 - 2012-06-20 17:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deployment 2015-02-19 23:46 - 2012-06-19 17:09 - 01776889 _____ () C:\Windows\WindowsUpdate.log 2015-02-19 22:25 - 2012-06-19 18:31 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-19 21:08 - 2012-06-19 17:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4AAD321-2539-4CD1-BE5C-4D8D5BBE7FC7} 2015-02-19 19:14 - 2013-02-01 01:46 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\foobar2000 2015-02-19 14:08 - 2012-12-16 18:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-19 13:06 - 2012-06-27 12:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPeter 2015-02-19 13:06 - 2012-06-27 12:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForPeter.job 2015-02-19 12:24 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-19 12:24 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-19 12:17 - 2009-07-14 00:13 - 00781390 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-19 12:12 - 2013-07-23 23:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Spotify 2015-02-19 12:12 - 2013-07-23 23:45 - 00000000 ____D () C:\Users\Peter\AppData\Local\Spotify 2015-02-19 12:12 - 2012-06-26 01:26 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-02-19 12:12 - 2012-04-11 17:22 - 00000000 ____D () C:\ProgramData\PDFC 2015-02-19 12:10 - 2014-10-22 14:21 - 00529554 _____ () C:\Windows\PFRO.log 2015-02-19 12:10 - 2014-07-27 00:37 - 00014593 _____ () C:\Windows\setupact.log 2015-02-19 12:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-19 03:09 - 2015-01-17 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-18 23:16 - 2012-07-21 19:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Mumble 2015-02-18 20:49 - 2015-01-17 13:05 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-18 20:40 - 2013-07-31 18:03 - 00000000 ___RD () C:\Users\Peter\Dropbox 2015-02-18 20:40 - 2013-07-31 18:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox 2015-02-18 20:37 - 2012-06-19 17:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-18 20:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2015-02-18 20:21 - 2012-06-20 14:58 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps 2015-02-18 19:59 - 2012-06-19 17:09 - 00000000 ____D () C:\Users\Peter 2015-02-18 19:58 - 2012-12-16 18:41 - 00002261 _____ () C:\Users\Peter\Desktop\Google Chrome.lnk 2015-02-18 19:58 - 2012-10-22 14:33 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-18 19:58 - 2012-09-08 20:09 - 00001345 _____ () C:\Users\Peter\Desktop\Sony Vegas Pro 12.0 (64-bit).lnk 2015-02-18 13:49 - 2012-06-20 12:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-17 18:38 - 2014-11-09 14:08 - 00023296 _____ () C:\Users\Peter\Documents\clickerHeroSave.txt 2015-02-15 21:23 - 2013-12-28 21:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\mpc-hc 2015-02-15 21:23 - 2013-08-01 03:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Media Player Classic 2015-02-14 00:01 - 2013-08-01 03:04 - 00085504 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-12 12:26 - 2014-02-24 02:14 - 00000792 _____ () C:\Users\Peter\d3d_antilag.log 2015-02-12 12:26 - 2012-09-01 20:01 - 00000000 ____D () C:\Program Files (x86)\osu! 2015-02-09 11:46 - 2009-07-14 00:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-06 22:03 - 2012-08-08 20:00 - 00000000 ____D () C:\Users\Peter\.gimp-2.8 2015-02-05 14:03 - 2012-12-16 18:41 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 14:03 - 2012-12-16 18:41 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 09:31 - 2013-05-27 22:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 09:31 - 2012-06-19 23:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 09:31 - 2012-04-11 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 13:06 - 2012-07-18 13:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-27 08:04 - 2013-05-27 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-24 14:20 - 2012-07-24 02:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2013-08-01 03:04 - 2015-02-14 00:01 - 0085504 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-06 22:07 - 2015-02-06 22:07 - 0003387 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2012-07-17 16:17 - 2014-11-18 00:33 - 0007662 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg 2012-08-30 14:15 - 2014-04-05 20:20 - 0000000 _____ () C:\Users\Peter\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ 2012-06-19 17:51 - 2012-06-19 17:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-01-11 21:40 - 2014-01-11 21:40 - 0000462 _____ () C:\ProgramData\HirezPipeError.txt 2014-09-24 10:37 - 2014-12-16 07:22 - 0011696 _____ () C:\ProgramData\lxeaJSW.log 2014-09-24 10:35 - 2014-12-09 17:05 - 0000672 _____ () C:\ProgramData\lxeascan.log Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpysdcya.dll C:\Users\Peter\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe C:\Users\Peter\AppData\Local\Temp\HiRezLauncherControls.dll C:\Users\Peter\AppData\Local\Temp\la6uikuv.dll C:\Users\Peter\AppData\Local\Temp\NGMDll.dll C:\Users\Peter\AppData\Local\Temp\NGMResource.dll C:\Users\Peter\AppData\Local\Temp\NGMSetup.exe C:\Users\Peter\AppData\Local\Temp\unicows.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 00:43 ==================== End Of Log ============================
  11. poleksiak
    here they are Addition.txt FRST.txt
  12. poleksiak
    Please help me remove this. Thank you in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.