qazma

Disinfection tools and old windows restore points were removed with no trouble. As far as I can tell, there are currently no signs of malware. Thank you for all your help.

I see, thanks. A few more questions: 1) How can I fully remove Internet Explorer 8? I tried the "Uninstall a program" and "Installed Updates" tabs at the Control Panel, but I'm not given any options to uninstall it. 2) Would you recommend keeping Microsoft Security Essentials from now on or reinstalling AVG Free? 3) I'll be taking the computer to a technician soon, to look into those hardware and firmware issues you mentioned. From what you can tell by the logs, are there any parts I should be worrying about apart from the hdd?

Hello, I did a clean install of the latest mbam. It took around 3 minutes for it to bypass the "Check for updates" part, but this time it completed a threat scan offline. Twice. Zero threats found. The Protection Log shows two "Update, bad md5 or size" akadomain & akaips errors from when the offline scan was running, I take it this was due to the disconnected modem? They weren't showing up with the previous mbam version. Also, I wanted to download the mbam clean tool on the still infected laptop (we've been troubleshooting the main computer till now) before installing the latest mbam on it as well, but I can no longer find it on your site. Could you provide a link?

Here's the MiniToolbox log. Result.txt

Hello again, I removed and reinstalled mbam as instructed and then after updating, tried to run a threat scan offline. Once again, the program got stuck in the "Checking for updates" part of the process, but the moment I re-plugged the pc online the scan run properly and found zero threats. The good news is that my computer now boots a little faster than it used to and I am able to upload files on facebook with no issues.

Hello, here's the fixlog. Fixlog.txt

Here are the new FRST logs. FRST.txt Addition.txt

MSE Microsoft Security Essentials antivirus found zero threats. Before I run FRBT again, it's default settings are set as Under "Whitelist": Registry, Services, Drivers, Processes, Internet are all selectedUnder "Optional scan": "Addition.txt" is selected"List BCD", "Drivers MD5", "Shortcut.txt", "90 Days Files" under "Optional Scan" are NOT selectedShould I change anything or leave them as they are?

Spybot was uninstalled while I run ESET and farbar, and avg was disabled. I had uninstalled Spybot from control panel uninstall programs.This is also the only way I know off to unistall avg. How do I fully remove them?

Okay, continuing with the required steps. STEP 07 - COMPLETED: ESET online antivirus scanner found zero threats. STEP 08 - COMPLETED: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by 01 (administrator) on COREI7-4790K-PC on 23-06-2015 00:31:32 Running from C:\Users\01\Desktop Loaded Profiles: 01 (Available Profiles: 01) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) Startup: C:\Users\01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4510 series.lnk [2015-03-05] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4510 series.lnk -> C:\Program Files\HP\HP Deskjet 4510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-03] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/el-gr/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-15] () FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-03] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Extension: SSL Version Control - C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2014-11-08] FF Extension: Adblock Plus - C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08] Chrome: ======= CHR Profile: C:\Users\01\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-08] CHR Extension: (Google Docs) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08] CHR Extension: (Google Drive) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08] CHR Extension: (YouTube) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-08] CHR Extension: (Google Search) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-08] CHR Extension: (Google Sheets) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08] CHR Extension: (Gmail) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-21 01:11 - 2015-06-21 01:11 - 00917334 _____ C:\Users\01\Desktop\New Bitmap Image.bmp 2015-06-20 21:21 - 2015-06-20 21:36 - 00000000 ____D C:\AdwCleaner 2015-06-20 21:18 - 2015-06-20 21:18 - 02231296 _____ C:\Users\01\Desktop\AdwCleaner.exe 2015-06-20 21:15 - 2015-06-20 21:15 - 00001072 _____ C:\Users\01\Desktop\JRT.txt 2015-06-20 21:14 - 2015-06-20 21:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-COREI7-4790K-PC-Windows-7-Professional-(64-bit).dat 2015-06-20 21:14 - 2015-06-20 21:14 - 00000000 ____D C:\RegBackup 2015-06-20 21:02 - 2015-06-20 21:02 - 02950750 _____ (Thisisu) C:\Users\01\Desktop\JRT.exe 2015-06-19 12:30 - 2015-06-19 12:30 - 00015558 _____ C:\ComboFix.txt 2015-06-19 12:22 - 2015-06-19 12:30 - 00000000 ____D C:\Qoobox 2015-06-19 12:22 - 2015-06-19 12:29 - 00000000 ____D C:\Windows\erdnt 2015-06-19 12:22 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-19 12:22 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-19 12:22 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-19 12:22 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-19 12:22 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-19 12:22 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-19 12:22 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-19 12:22 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-19 11:45 - 2015-06-19 11:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\01\Desktop\spybot-2.4.exe 2015-06-19 11:37 - 2015-06-19 11:37 - 00000000 ____D C:\Users\01\Documents\ProcAlyzer Dumps 2015-06-19 11:27 - 2015-06-19 11:27 - 05628633 ____R (Swearware) C:\Users\01\Desktop\ComboFix.exe 2015-06-18 22:01 - 2015-06-18 22:01 - 00007460 _____ C:\Users\01\Desktop\CHKDSKResults.txt 2015-06-17 11:35 - 2015-06-18 19:19 - 00000000 ____D C:\Users\01\Desktop\New folder 2015-06-14 03:34 - 2015-06-14 03:34 - 00020890 _____ C:\Users\01\Desktop\CheckResults.txt 2015-06-14 03:31 - 2015-06-23 00:31 - 00014984 _____ C:\Users\01\Desktop\FRST.txt 2015-06-14 03:31 - 2015-06-14 03:31 - 00032769 _____ C:\Users\01\Desktop\Addition.txt 2015-06-14 03:30 - 2015-06-23 00:31 - 00000000 ____D C:\FRST 2015-06-14 03:11 - 2015-06-13 20:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\01\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-14 03:11 - 2014-11-01 03:04 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\01\Desktop\mbam-setup-2.0.3.1025.exe 2015-06-14 00:50 - 2015-06-14 00:50 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection9BE41FF9-2972-4C54-86CE-4E24DDD0CAB6 2015-06-14 00:00 - 2015-06-14 00:00 - 00000000 _____ C:\Users\01\Desktop\database v2015.06.12.06.txt 2015-06-13 22:19 - 2015-06-13 23:51 - 02109952 _____ (Farbar) C:\Users\01\Desktop\FRST64.exe 2015-06-13 22:19 - 2015-06-13 23:51 - 01682416 _____ (Malwarebytes Corporation) C:\Users\01\Desktop\mbam-check-2.1.1.1001.exe 2015-06-13 22:17 - 2015-06-13 22:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\01\Desktop\mbam-clean-2.1.1.1001.exe 2015-06-13 20:30 - 2015-06-21 01:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-13 20:30 - 2015-06-13 20:34 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-13 20:30 - 2015-06-13 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-13 20:30 - 2015-06-13 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-13 20:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-13 20:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-13 20:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-11 21:12 - 2015-06-11 21:12 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-02 17:01 - 2015-06-03 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-30 12:50 - 2015-05-30 12:50 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection53FCE825-235B-4F6E-A414-C87E9F949436 2015-05-28 22:44 - 2015-05-28 22:44 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection1D67BDFA-CBFC-476F-8003-184D858D88A0 2015-05-25 12:22 - 2015-05-25 12:22 - 00000000 ____D C:\Users\01\AppData\Local\Avg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 00:29 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-23 00:29 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-23 00:27 - 2009-07-14 08:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-23 00:25 - 2014-11-01 19:33 - 00006464 _____ C:\Windows\SysWOW64\Gms.log 2015-06-23 00:23 - 2014-11-04 15:44 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-23 00:23 - 2014-11-04 15:40 - 00000000 ____D C:\ProgramData\NVIDIA 2015-06-23 00:23 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-23 00:23 - 2009-07-14 07:51 - 00056834 _____ C:\Windows\setupact.log 2015-06-23 00:22 - 2014-11-01 19:21 - 01886510 _____ C:\Windows\WindowsUpdate.log 2015-06-23 00:04 - 2014-11-04 15:44 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-22 23:36 - 2014-11-08 17:25 - 00000000 ____D C:\ProgramData\MFAData 2015-06-22 23:33 - 2014-11-08 17:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-06-22 22:06 - 2014-11-04 15:44 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-19 16:26 - 2010-11-21 06:47 - 00089432 _____ C:\Windows\PFRO.log 2015-06-19 12:30 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Default 2015-06-19 12:29 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini 2015-06-19 12:00 - 2014-11-08 17:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-06-15 15:00 - 2014-11-08 18:32 - 00000000 ____D C:\Users\01\AppData\Local\Adobe 2015-06-15 14:46 - 2014-11-08 18:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-15 14:46 - 2014-11-08 18:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-14 00:11 - 2014-11-21 20:55 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-06-14 00:11 - 2014-11-08 18:35 - 00000000 ____D C:\Users\01\AppData\Roaming\Adobe 2015-06-14 00:03 - 2014-11-04 15:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-06-14 00:03 - 2014-11-04 15:48 - 00000000 ____D C:\ProgramData\Adobe 2015-06-11 21:12 - 2014-11-08 17:29 - 00000976 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-06-11 21:12 - 2014-11-08 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-06-03 12:03 - 2014-11-08 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-30 16:45 - 2014-11-21 20:28 - 00000000 ____D C:\ProgramData\Protexis 2015-05-30 16:37 - 2009-07-14 07:45 - 05084584 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-30 16:31 - 2014-11-01 19:36 - 00104440 _____ C:\Users\01\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-30 16:27 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-05-30 16:26 - 2014-11-01 19:22 - 00000000 ____D C:\ProgramData\Package Cache 2015-05-30 15:08 - 2014-11-21 20:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-05-29 22:41 - 2015-01-01 00:29 - 00000000 ____D C:\Users\01\dwhelper 2015-05-27 13:27 - 2009-07-14 08:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-24 20:16 - 2015-05-19 01:38 - 00000000 ____D C:\Users\01\Documents\The Witcher 3 ==================== Files in the root of some directories ======= 2015-03-25 19:34 - 2015-03-25 19:34 - 0001834 _____ () C:\Users\01\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\01\AppData\Local\Temp\Quarantine.exe C:\Users\01\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 15:09 ==================== End of log ============================ Addition.txt

*sigh* okay, false alarm this one, I just borked my screen settings and the usual green looked... weirdly neon-like.

Aaaaand now google search urls are suddenly green for whatever reason. Great! :/ Is it like this on your end as well, or is it just me and my wonky computer? New Bitmap Image.bmp

Should I run esetsmartinstaller_enu.exe and farbar now?

I just tried it out, it still won't work offline.

STEP 04 - COMPLETED: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 7.0.3 (06.19.2015:1) OS: Windows 7 Professional x64 Ran by 01 on ‘™ 20/06/2015 at 21:14:10,80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox ~~~ Chrome [C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ‘™ 20/06/2015 at 21:15:44,90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ STEP 05 - COMPLETED: # AdwCleaner v4.206 - Logfile created 20/06/2015 at 21:36:54 # Updated 01/06/2015 by Xplode # Database : 2015-05-31.5 [Local] # Operating system : Windows 7 Professional Service Pack 1 (x64) # Username : 01 - COREI7-4790K-PC # Running from : C:\Users\01\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Avg Secure Update Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7601.18631 -\\ Mozilla Firefox v38.0.5 (x86 el) -\\ Google Chrome v43.0.2357.124 ************************* AdwCleaner[R0].txt - [936 bytes] - [20/06/2015 21:21:50] AdwCleaner[s0].txt - [815 bytes] - [20/06/2015 21:36:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [873 bytes] ########## STEP 06 - COMPLETED: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 20/6/2015 Scan Time: 9:46:10 μμ Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.06.20.03 Rootkit Database: v2015.06.15.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: 01 Scan Type: Threat Scan Result: Completed Objects Scanned: 364687 Time Elapsed: 6 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) STEP 07 - PENDING: The link you provided redirects me to http://www.eset.com/int/home//products/online-scanner/. There I click on a button saying "Run ESET Online Scanner", which opens a new small window (http://www.eset.com/int/online-scanner-popup/) that asks me to download " esetsmartinstaller_enu.exe". Is this the way it's supposed to go, or did I somehow end up at a bogus site? I'm also told that at the end of the scan I'll have the option to uninstal the program, should I do that or keep it around until further instruction? NOTES: I run adwcleaner with avg free ENABLED since there were no instructions to disable it. The program found 3 registry keys form avg secure update and quarantined 2 of them. Why only 2 though? The one not quarantined is "[x64] HKCU\Software\Avg Secure Update" according to the [R0] log. I run the TRIAL edition of malwarebytes antimalware. Also, I took a look at the protection log from today and it showed 2 "IsLicensed, 13" errors - if that's in any way relevant.