Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox has been hijacked [Solved]


  • This topic is locked This topic is locked

#1
fnh

fnh

    Member

  • Member
  • PipPip
  • 20 posts

Hi, my homepage in Firefox keeps getting re-directed to this website:

It currently only affects Firefox.  I've changed to a different url but this one keeps comeback.  I've uninstalled and reinstalled Firefox, started in safemode, and scanned with Malwarebytes but it can't find anything.  Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Leng (administrator) on BATMAN-PC (24-09-2015 23:59:10)
Running from C:\Users\Leng\Desktop
Loaded Profiles: Leng (Available Profiles: Leng)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\RunOnce: [Browsersafeguard-rockettab FF:0] => C:\Users\Leng\AppData\Local\BrowserSafeguard\Resources\certutil.exe -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Leng\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users\Len (the data entry has 60 more characters).
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {5cf794c1-946e-11e4-b00e-fd240f21ce46} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {9f0c7702-c3e7-11e2-8b98-3085a90224bc} - G:\setup.exe -a
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\MountPoints2: {b4498c0f-ec38-11e4-882c-9f30e986255b} - G:\EMP_UDSe.exe /autorun
HKLM\...\AppCertDlls: [aeinHMCA] -> C:\Users\Leng\AppData\L
HKLM\...\AppCertDlls: [appigr32] -> C:\Users\Leng\AppData\Lo
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-25] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-02-03]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Leng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\San Francisco RUSH 2049 v1.002 (M6).lnk [2015-05-12]
ShortcutTarget: San Francisco RUSH 2049 v1.002 (M6).lnk -> C:\ProgramData\{be45e719-55c8-0b1d-be45-5e71955c9c65}\San Francisco RUSH 2049 v1.002 (M6).exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2207828519-3919902441-2265496074-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1C8CFA22-85C2-40AF-BAF5-2A67A92EA4C0}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{1C8CFA22-85C2-40AF-BAF5-2A67A92EA4C0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{37E1C822-FC62-4779-A8BE-77B30AF106FC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A8962299-8CE7-4FC5-8F6B-FE16B717AF1E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A8962299-8CE7-4FC5-8F6B-FE16B717AF1E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B3D89FFF-0119-4D01-BE0F-808BA93125C9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2207828519-3919902441-2265496074-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2011-02-03] (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-01] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYaJQtbWAAXDFAWcV0VVQFEFhgaJVoMTAAUFwwQdV9ZWQkXRRNBNARaB0tXUUEeGGlxR1dMa0BNJ1VdL1wF
FF DefaultSearchEngine.US: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAeVwKAgBIRxhGdQhcTA1JFAIOeVxbVRRIRAMacwxeAAFBR1EFIk0FA18DB0VXfWFoKB8fHH9WLl5UBHcUVQ==
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-04-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-04-20] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2207828519-3919902441-2265496074-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Leng\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-29] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js [2015-07-03]
FF SearchPlugin: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml [2015-09-24]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\Extensions\[email protected] [2014-10-11]
FF Extension: Jungle Net - C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\Extensions\{3e8886f6-f016-4156-9dd3-b952b2c70645}.xpi [2015-07-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-04] <==== ATTENTION
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-26]
CHR Extension: (RealDownloader) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-12] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 cpyzutoy; \??\C:\Windows\system32\drivers\cpyzutoy.sys [X]
S1 dcvssiho; \??\C:\Windows\system32\drivers\dcvssiho.sys [X]
S1 druhdshf; \??\C:\Windows\system32\drivers\druhdshf.sys [X]
S1 dvrzsyes; \??\C:\Windows\system32\drivers\dvrzsyes.sys [X]
S1 effkmzua; \??\C:\Windows\system32\drivers\effkmzua.sys [X]
S1 egptrfps; \??\C:\Windows\system32\drivers\egptrfps.sys [X]
S1 ensuopzc; \??\C:\Windows\system32\drivers\ensuopzc.sys [X]
S1 ffvvzrlc; \??\C:\Windows\system32\drivers\ffvvzrlc.sys [X]
S1 fhbbjggz; \??\C:\Windows\system32\drivers\fhbbjggz.sys [X]
S1 fjthueeb; \??\C:\Windows\system32\drivers\fjthueeb.sys [X]
S1 hqeslbfk; \??\C:\Windows\system32\drivers\hqeslbfk.sys [X]
S1 hxgbdanv; \??\C:\Windows\system32\drivers\hxgbdanv.sys [X]
S1 iggmcigt; \??\C:\Windows\system32\drivers\iggmcigt.sys [X]
S1 iyffaqtd; \??\C:\Windows\system32\drivers\iyffaqtd.sys [X]
S1 janddtky; \??\C:\Windows\system32\drivers\janddtky.sys [X]
S1 jrgjsocs; \??\C:\Windows\system32\drivers\jrgjsocs.sys [X]
S1 kmbwhaxn; \??\C:\Windows\system32\drivers\kmbwhaxn.sys [X]
S1 koxwroig; \??\C:\Windows\system32\drivers\koxwroig.sys [X]
S1 kwrnwjii; \??\C:\Windows\system32\drivers\kwrnwjii.sys [X]
S1 mzvqqlwh; \??\C:\Windows\system32\drivers\mzvqqlwh.sys [X]
S1 neogppqk; \??\C:\Windows\system32\drivers\neogppqk.sys [X]
S1 nicxcbbr; \??\C:\Windows\system32\drivers\nicxcbbr.sys [X]
S1 npecygjc; \??\C:\Windows\system32\drivers\npecygjc.sys [X]
S1 npfejnxt; \??\C:\Windows\system32\drivers\npfejnxt.sys [X]
S1 nubnfgsm; \??\C:\Windows\system32\drivers\nubnfgsm.sys [X]
S1 obpoqbaq; \??\C:\Windows\system32\drivers\obpoqbaq.sys [X]
S1 ohrbuect; \??\C:\Windows\system32\drivers\ohrbuect.sys [X]
S1 puvirvtk; \??\C:\Windows\system32\drivers\puvirvtk.sys [X]
S1 pzwlreic; \??\C:\Windows\system32\drivers\pzwlreic.sys [X]
S1 qwlsmkzz; \??\C:\Windows\system32\drivers\qwlsmkzz.sys [X]
S1 qxmddyji; \??\C:\Windows\system32\drivers\qxmddyji.sys [X]
S1 rwrhebxb; \??\C:\Windows\system32\drivers\rwrhebxb.sys [X]
S1 rxpwmado; \??\C:\Windows\system32\drivers\rxpwmado.sys [X]
S1 smgdufff; \??\C:\Windows\system32\drivers\smgdufff.sys [X]
S1 svmbwkcg; \??\C:\Windows\system32\drivers\svmbwkcg.sys [X]
S1 swrqoleu; \??\C:\Windows\system32\drivers\swrqoleu.sys [X]
S1 tacydwtl; \??\C:\Windows\system32\drivers\tacydwtl.sys [X]
S1 udjmjekc; \??\C:\Windows\system32\drivers\udjmjekc.sys [X]
S1 ulfdtusz; \??\C:\Windows\system32\drivers\ulfdtusz.sys [X]
S1 umtfgwuo; \??\C:\Windows\system32\drivers\umtfgwuo.sys [X]
S1 vjsmxhxi; \??\C:\Windows\system32\drivers\vjsmxhxi.sys [X]
S1 vtidzqdb; \??\C:\Windows\system32\drivers\vtidzqdb.sys [X]
S1 vznoqxgj; \??\C:\Windows\system32\drivers\vznoqxgj.sys [X]
S1 wfasrzts; \??\C:\Windows\system32\drivers\wfasrzts.sys [X]
S1 wmvucwrc; \??\C:\Windows\system32\drivers\wmvucwrc.sys [X]
S1 wurfyvca; \??\C:\Windows\system32\drivers\wurfyvca.sys [X]
S1 xgmpkplj; \??\C:\Windows\system32\drivers\xgmpkplj.sys [X]
S1 ycnvwkgi; \??\C:\Windows\system32\drivers\ycnvwkgi.sys [X]
S1 ymsfoezj; \??\C:\Windows\system32\drivers\ymsfoezj.sys [X]
S1 yoawqmlg; \??\C:\Windows\system32\drivers\yoawqmlg.sys [X]
S1 yrsyarno; \??\C:\Windows\system32\drivers\yrsyarno.sys [X]
S1 yxakxbpx; \??\C:\Windows\system32\drivers\yxakxbpx.sys [X]
S1 zllirvpa; \??\C:\Windows\system32\drivers\zllirvpa.sys [X]
S1 zxgmiquh; \??\C:\Windows\system32\drivers\zxgmiquh.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-24 23:59 - 2015-09-24 23:59 - 00026482 _____ C:\Users\Leng\Desktop\FRST.txt
2015-09-24 23:58 - 2015-09-24 23:59 - 00000000 ____D C:\FRST
2015-09-24 23:57 - 2015-09-24 23:58 - 02192384 _____ (Farbar) C:\Users\Leng\Desktop\FRST64.exe
2015-09-23 23:09 - 2015-09-23 23:09 - 00991232 _____ C:\Users\Leng\Downloads\MicrosoftFixit50267.msi
2015-09-23 23:06 - 2015-09-23 23:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Leng\Downloads\HijackThis.exe
2015-09-23 20:42 - 2015-09-23 20:42 - 00262144 _____ C:\Windows\Minidump\092315-19422-01.dmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____H C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 _____ C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2015-09-17 14:15 - 2015-09-17 15:14 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5ABC3E8D.sys
2015-09-13 11:36 - 2015-09-11 17:05 - 912843024 _____ C:\Users\Leng\Desktop\MC skit video.avi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-24 23:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 23:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-24 23:39 - 2014-08-01 21:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 23:39 - 2013-04-20 15:26 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2207828519-3919902441-2265496074-1000
2015-09-24 23:39 - 2013-04-20 15:26 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2207828519-3919902441-2265496074-1000
2015-09-24 23:39 - 2011-02-03 06:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 23:39 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 23:39 - 2009-07-13 21:51 - 00152109 _____ C:\Windows\setupact.log
2015-09-24 23:18 - 2013-01-30 17:23 - 01489721 _____ C:\Windows\WindowsUpdate.log
2015-09-24 23:04 - 2013-04-20 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-24 22:53 - 2013-09-16 11:55 - 00000000 ____D C:\Users\Leng\Documents\Madden NFL 08
2015-09-24 22:28 - 2013-01-30 18:28 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-09-24 20:55 - 2013-04-21 00:55 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 22:56 - 2014-11-12 01:04 - 00000736 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-09-23 20:42 - 2013-12-03 19:32 - 520999397 _____ C:\Windows\MEMORY.DMP
2015-09-23 20:42 - 2013-12-03 19:32 - 00000000 ____D C:\Windows\Minidump
2015-09-23 08:26 - 2013-04-20 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 08:26 - 2013-01-30 17:19 - 00571766 _____ C:\Windows\PFRO.log
2015-09-22 17:01 - 2015-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 21:04 - 2013-04-20 15:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 21:04 - 2013-04-20 15:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 21:04 - 2013-04-20 15:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 11:45 - 2013-04-20 15:26 - 00000000 ____D C:\Users\Leng\AppData\Local\Google
2015-09-20 11:12 - 2009-07-13 22:13 - 00793658 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-15 16:55 - 2011-02-03 06:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 16:55 - 2011-02-03 06:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 16:55 - 2011-02-03 06:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 22:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
2015-09-14 22:17 - 2014-07-18 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 22:17 - 2013-09-16 17:56 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-13 01:09 - 2015-01-17 02:53 - 00059067 _____ C:\Users\Leng\Desktop\Praise & Worship.pptx
2015-09-05 13:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2013-04-20 15:20 - 2013-04-20 15:20 - 4126720 _____ () C:\Program Files (x86)\GUT2684.tmp
2014-05-07 20:58 - 2014-05-07 20:58 - 0068958 _____ () C:\Users\Leng\AppData\Roaming\icarus-dxdiag.xml
2015-07-03 16:34 - 2015-08-24 20:25 - 0000137 _____ () C:\Users\Leng\AppData\Roaming\WB.CFG
2014-11-12 01:03 - 2014-11-12 01:03 - 0000448 ____H () C:\Users\Leng\AppData\Roaming\麽鎒駓覜
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 ____H () C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 _____ () C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2014-11-12 01:03 - 2014-11-12 01:03 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 01:04 - 2014-11-12 01:04 - 0000256 ____H () C:\ProgramData\@system3.att
2011-02-03 06:55 - 2011-02-03 06:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-03 06:55 - 2011-02-03 06:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Leng\AppData\Local\Temp\2890779121103186096.exe
C:\Users\Leng\AppData\Local\Temp\32598uninstall.exe
C:\Users\Leng\AppData\Local\Temp\AutoRun.exe
C:\Users\Leng\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Leng\AppData\Local\Temp\bitool.dll
C:\Users\Leng\AppData\Local\Temp\CH.dll
C:\Users\Leng\AppData\Local\Temp\cw.exe
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7270007.dll
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7330011.dll
C:\Users\Leng\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Leng\AppData\Local\Temp\DSETUP.dll
C:\Users\Leng\AppData\Local\Temp\dsetup32.dll
C:\Users\Leng\AppData\Local\Temp\DXSETUP.exe
C:\Users\Leng\AppData\Local\Temp\EAInstall.dll
C:\Users\Leng\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Leng\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Leng\AppData\Local\Temp\i4jdel0.exe
C:\Users\Leng\AppData\Local\Temp\libProcessAccess64254177589836171219.dll
C:\Users\Leng\AppData\Local\Temp\lowproc.exe
C:\Users\Leng\AppData\Local\Temp\MotoCast_Installer_1.1.53.exe
C:\Users\Leng\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe
C:\Users\Leng\AppData\Local\Temp\MSNF6AF.exe
C:\Users\Leng\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leng\AppData\Local\Temp\SpOrder.dll
C:\Users\Leng\AppData\Local\Temp\Sqlite3.dll
C:\Users\Leng\AppData\Local\Temp\stubhelper.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite13087.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite20230.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite24841.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite39516.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite49198.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite54800.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite62473.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite67184.dll
C:\Users\Leng\AppData\Local\Temp\System.Data.SQLite97906.dll
C:\Users\Leng\AppData\Local\Temp\uninstaller.exe
C:\Users\Leng\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Leng\AppData\Local\Temp\winzip170-64ml_wrapped.exe
C:\Users\Leng\AppData\Local\Temp\WSSetup.exe
C:\Users\Leng\AppData\Local\Temp\_is1B00.exe
C:\Users\Leng\AppData\Local\Temp\_isC0FD.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-22 15:21
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Leng (2015-09-25 00:00:03)
Running from C:\Users\Leng\Desktop
Windows 7 Home Premium (X64) (2013-04-20 21:54:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2207828519-3919902441-2265496074-500 - Administrator - Disabled)
Guest (S-1-5-21-2207828519-3919902441-2265496074-501 - Limited - Disabled)
Leng (S-1-5-21-2207828519-3919902441-2265496074-1000 - Administrator - Enabled) => C:\Users\Leng
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Always Sometimes Monsters (HKLM-x32\...\Steam App 274310) (Version:  - Vagabond Dog)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version:  - Daybreak Games)
DC Universe Online Live (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Dragons Prophet (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\SOE-Dragons Prophet) (Version:  - Sony Online Entertainment)
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
Fallout New Vegas (HKLM-x32\...\Fallout New Vegas_is1) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karate Master 2 Knock Down Blow (HKLM-x32\...\Steam App 347670) (Version:  - Crian Soft)
Madden NFL 08 (HKLM-x32\...\{4650F3BF-F9ED-45AB-00A3-C927351E177F}) (Version:  - Electronic Arts)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic: Clash of Heroes (HKLM-x32\...\Steam App 61700) (Version:  - Capybara Games)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Scribblenauts Unmasked (HKLM-x32\...\Steam App 249870) (Version:  - 5th Cell Media)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version:  - Raven Software)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TEW2005 (HKLM-x32\...\TEW2005) (Version:  - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Unity Web Player (HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
24-08-2015 20:36:48 Windows Update
30-08-2015 16:15:16 Windows Update
03-09-2015 20:18:01 Windows Update
07-09-2015 21:45:53 Windows Update
11-09-2015 16:56:58 Windows Update
15-09-2015 17:01:04 Windows Update
19-09-2015 11:14:49 Windows Update
23-09-2015 08:50:11 Windows Update
23-09-2015 23:10:32 Installed Microsoft Fix it 50267
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-11-12 01:04 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17BB6986-3B42-451A-B747-5E2FBC1345D9} - System32\Tasks\{858FDFF6-2584-4CED-83BA-A2A6AAB740A9} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {26C912DB-D7D5-479E-A70F-CAB897AE8920} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {3190F6EC-C510-4702-B3DF-C02A129194A4} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {3247FB56-0B58-4649-9122-FFCE84174C76} - \Cassiopesa lice -> No File <==== ATTENTION
Task: {324B5B30-3772-4FFB-8CE9-B876C1109DA8} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {3963CFAD-7F3C-4F65-8A14-6962175F5CF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {41187C34-C790-47C7-B357-B987971A9274} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2207828519-3919902441-2265496074-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {41D012B8-1147-4AA8-86BA-850AF5E7E9A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2207828519-3919902441-2265496074-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {696FDD5D-803C-4264-8D33-25005877E030} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {6DE381EB-861B-4586-B51B-07959622BC67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {782DD121-7BC3-4065-80A5-B8341BDD4D6B} - System32\Tasks\{F1CB862E-714D-4CAE-82BC-448F12AE518E} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {899BC25D-E924-4AAB-8604-C02428416B0F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {94F5CEC3-DB56-48A0-A2CC-4E0F25C05054} - System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => pcalua.exe -a C:\Users\Leng\Desktop\scz.exe -d C:\Users\Leng\Desktop
Task: {A61F402C-945A-4F9F-BB90-C596FD4F239A} - System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => pcalua.exe -a "C:\Games\Madden 08\Madden NFL 08 (Download)\Setup.exe" -d "C:\Games\Madden 08\Madden NFL 08 (Download)"
Task: {B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B7A7E237-2124-4125-86DB-7C02D60F8596} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B965A0FF-0714-4881-BC09-779D2BDCCC73} - \Updater26278.exe -> No File <==== ATTENTION
Task: {C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9} - System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => pcalua.exe -a F:\Setup.now.exe -d F:\
Task: {C716FC81-195D-4251-BDA0-C4DDBF93BD4D} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {C9198085-70E1-4BA5-9D4B-6EA153F55DE6} - System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => pcalua.exe -a C:\Users\Leng\Desktop\setup.exe -d C:\Users\Leng\Desktop
Task: {E27ACC1B-DD3E-40E7-99F9-94F09E693853} - \IE_ERR4WDR -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-15 18:48 - 2010-03-15 18:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-02-03 07:18 - 2011-02-03 07:18 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-02-03 07:18 - 2011-02-03 07:18 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-03-15 18:48 - 2010-03-15 18:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2012-03-28 19:46 - 2011-05-05 05:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-03-28 19:45 - 2011-07-26 00:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-06 17:21 - 2011-12-06 17:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2007-07-12 12:11 - 2007-07-12 12:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2011-08-17 16:37 - 2011-08-17 16:37 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-09-24 20:55 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-24 20:55 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-09-24 20:55 - 2015-09-23 19:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leng\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Amsp => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: TiMiniService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1912587-14BB-4423-8B21-69BB21D65490}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A657558-6A5D-4D1C-B185-156FCCA29D8E}] => (Allow) LPort=2869
FirewallRules: [{FDC0586C-F63A-4633-A65D-E0B86B6908E4}] => (Allow) LPort=1900
FirewallRules: [{FB33CC14-169E-4969-BF02-CC9C5D45D74A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{635B9FEA-35BA-4EB3-BFF4-0F4AD639AE93}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F5F92506-4554-4AB7-9780-48BB97389725}] => (Allow) LPort=5353
FirewallRules: [{1FDC9F3F-D562-4815-9566-9934B652CB40}] => (Allow) LPort=8182
FirewallRules: [{60B9B9E8-5945-4A71-8FE8-7513D0F6851D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3AF113F6-D3F1-4286-8D8D-C58A6D53B4B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CD934E48-AF6C-4145-AD9B-48207BA58D5F}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{9754E194-A38E-4F9D-AE80-13BBC2AAAD8A}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{68BFD7B2-E0E3-449C-99A9-4A99123DAEA0}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{25C00805-BD5E-4354-BA89-EAC577698B5C}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{DD4239A2-69EF-4873-8A33-D51718E87FF3}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{BAE71BD6-DA7B-4D94-B7F1-932FA38837BB}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B4517A79-B8AC-4932-A0B9-C599CC3C1FB6}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{59054B09-58C9-4E08-9766-6C12F84B051F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{108CD31D-5B29-4800-8A92-89666D64E6E6}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{24EF0570-E1CB-4222-B03E-CD8883266CF8}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{69FCF538-84DA-4C54-9196-785E894B5624}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A42AFA12-F307-4A73-A38C-E66CE6AB5EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8314A211-45BB-4B31-AF2C-319B264BC6FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D9A5F807-D085-4412-A393-67D4C4577CBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{770F9E71-E2E0-4F7D-9860-21A220AC0F42}C:\games\madden 08\game\updater.exe] => (Allow) C:\games\madden 08\game\updater.exe
FirewallRules: [UDP Query User{374B8FE3-1E25-4ED4-BD89-08876C70B191}C:\games\madden 08\game\updater.exe] => (Allow) C:\games\madden 08\game\updater.exe
FirewallRules: [{F94525F3-F043-4575-AB27-47CC19AE239A}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD10D7E2-48D6-4412-994B-BA8FCA90D760}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E9E968E3-7101-41EA-9271-5A6866E1484A}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{ECF5019D-6EFA-41FB-86A7-3BCA09FE97B6}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{2D9FD5C4-855E-4DDC-969B-F1A56A02F218}] => (Allow) D:\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{18E74018-99D9-45FA-AEAB-8A1427742DE3}] => (Allow) D:\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{C6B8F123-4490-47C6-A406-18A05CD97B41}] => (Allow) D:\Steam\SteamApps\common\Always Sometimes Monsters\Game.exe
FirewallRules: [{0A6A47E4-9A5B-41AE-8AFC-1B1CBC434556}] => (Allow) D:\Steam\SteamApps\common\Always Sometimes Monsters\Game.exe
FirewallRules: [{235034F3-5FA2-4842-A985-68483C65FFA1}] => (Allow) D:\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{E43E4E00-9679-4C85-AABB-89475C33F836}] => (Allow) D:\Steam\SteamApps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{D04E3E82-1A51-4C2C-B6A7-61F6857145AA}] => (Allow) D:\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{4BD0D524-2A45-4A95-8D12-DE74F284B496}] => (Allow) D:\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{C49DE9FB-EF4C-4A7D-A542-1D09AE243ECF}] => (Allow) D:\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{ED3B3580-A171-43B3-93B6-BC5F007F2378}] => (Allow) D:\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [TCP Query User{460264FD-A30A-4562-8B87-4B3E84C4E129}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{5742FAAC-09D0-4AD1-BB8B-018B8198C13D}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{CA0597C6-9C76-4EC7-928B-5712C83FCAB6}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe] => (Allow) D:\steam\steamapps\common\dragon's prophet\dp_x64.exe
FirewallRules: [UDP Query User{7007F56F-DA91-4DE8-AD5E-F2CE1B9E1340}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe] => (Allow) D:\steam\steamapps\common\dragon's prophet\dp_x64.exe
FirewallRules: [TCP Query User{B99730EE-AD4C-4263-B552-E7CDF4698B17}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [UDP Query User{0BA98962-A033-4E2A-A4F5-48735C89F042}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [TCP Query User{086806FB-553C-4029-8DBB-106BA254EBE6}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [UDP Query User{745F770E-BDC7-4430-BE9B-09BF958309CA}D:\steam\steamapps\common\ageofconan_us\ageofconan.exe] => (Allow) D:\steam\steamapps\common\ageofconan_us\ageofconan.exe
FirewallRules: [{7770D775-C836-488D-ACC8-DB59A6FCAEA7}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{A4616AE1-2E39-4F27-AD56-B820241E1D61}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{DBC6EF3F-2238-4020-BB7B-41F3FC7D2109}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{1D8A537E-E94F-4FD1-BCBD-2764BA507A79}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{04884F0C-72F2-4D76-94A2-4CC18DCAB621}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{447A3D1F-AF11-4BBC-AC90-0059343E1C5A}] => (Allow) D:\Dragon Age Orgins\Game\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{E97A7433-1BD3-4460-A777-86032EA42208}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{C83AF2D8-59CA-4C7E-B840-EAC58132246F}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{79C5E4C6-6954-460E-904B-6919AAD574FE}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{8220CA1B-C8B5-4C84-9581-6E99A38A2422}] => (Allow) D:\Dragon Age II\Game\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [TCP Query User{0D646DAC-C081-473F-8FA2-468F553510B2}D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe] => (Block) D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{4196F0C6-BED4-45BB-B02B-29EC57C27705}D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe] => (Block) D:\dragon age orgins\game\dragon age\bin_ship\daorigins.exe
FirewallRules: [{D8508233-398C-4B19-9798-CC683CD08F69}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{ADD2CA4D-D0FE-4738-81C8-FC37AC66AD40}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{9401689B-650F-424E-BEDB-A42D0083BFCA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F598E33B-AB7C-4114-B3BD-7BB662976435}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{EC6D1B75-9122-4016-B61F-ABC6178A51C5}D:\nba 2k10\game\nba2k10.exe] => (Allow) D:\nba 2k10\game\nba2k10.exe
FirewallRules: [UDP Query User{F2F3017C-C159-41CD-895C-FFBED89EF4A6}D:\nba 2k10\game\nba2k10.exe] => (Allow) D:\nba 2k10\game\nba2k10.exe
FirewallRules: [TCP Query User{DF387534-7C0B-47F3-B614-6172953683AC}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Block) D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe
FirewallRules: [UDP Query User{70A58EA6-BF94-461C-95B9-403373096BB1}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe] => (Block) D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe
FirewallRules: [TCP Query User{33725B68-B59E-46EE-9659-42E4AB882141}C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe] => (Block) C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe
FirewallRules: [UDP Query User{57564BBA-4833-4DAF-BEF0-2D4D213678EE}C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe] => (Block) C:\windows\installer\{1330dfb3-aa22-4e50-827d-7ae6c3a35d01}\msiexec.exe
FirewallRules: [{40571F53-D62E-4191-A115-7F7F31B72422}] => (Allow) D:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{F5E3423D-66BA-42AA-A9FA-C97CC093D1DA}] => (Allow) D:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{11B539AD-D8C4-4214-898B-7D87B30E8AAD}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{B32A6FF6-4F7B-495B-B34D-FB9DA9090971}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{FEEAD987-F366-482D-8CB7-CE07E3BED9D6}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{2BED7C5D-C3BF-4636-BEDA-71008E349A2A}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{1DFF712C-B69D-4A68-B83A-36BBE30850D4}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{E92D186A-D39A-43D9-BA67-156F0D7CF151}] => (Allow) D:\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{75A7A4DC-2176-4EBD-BF8C-AE6906983AB0}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{7E820448-16B0-413E-90FE-0F95735D734F}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{44C69014-7A5C-49F7-B802-27E0CD35F8FA}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{DA11D233-DB98-487B-B743-BAE5E72CCDC1}] => (Allow) D:\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{034CBAF4-CDA8-4A67-BACF-ACBF3DE04635}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{645EF77D-3450-4730-8D8D-2D880CAA2B95}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{65358D59-8F7F-4C2E-82CD-F604C2219A0B}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{0E05661A-A372-412B-BFD8-4840C4BAD36C}] => (Allow) D:\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{6188DC38-C23A-42F7-BAF3-6A5F219C458C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1871E9D2-29FB-44D4-A5FB-9882D687E633}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DB98F79-AA93-4653-B020-491BF912A1A1}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{AEC82242-9E63-461D-84AE-3D2FD404114B}] => (Allow) D:\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{4C80BBBA-BF43-49DD-AD78-5E1AA0CE1C84}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C80C8700-14C5-4898-9B00-2C1299EDA0DA}] => (Allow) D:\Steam\SteamApps\common\Karate Master 2 Knock Down Blow\Karate Master 2 KDB.exe
FirewallRules: [{487496DE-C4B8-4A9F-837A-EAF285C1A005}] => (Allow) D:\Steam\SteamApps\common\Karate Master 2 Knock Down Blow\Karate Master 2 KDB.exe
FirewallRules: [{5796ADA3-64A9-40F6-B1DB-0EB4930EA068}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{27923F2A-F0A9-4A51-8C49-EDED046D280B}] => (Allow) D:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [TCP Query User{E9A7CFC1-EE1C-44B6-9E8F-CCC82FC6090F}D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{82747B78-2102-4BFE-A8F9-1A4D3ABFA9FE}D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{0F1A7E3B-76C4-4C9E-BEDB-9A28B7F71E2D}] => (Allow) D:\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{89D6C46F-6DC6-4490-AA08-33C7EB666181}] => (Allow) D:\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [TCP Query User{6ECA95E5-469F-413C-BBAC-E7CE93B83CA4}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{CC28BEB5-A092-4362-B79C-E0A5B637CC0D}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{FA317F31-98DA-41F5-8580-38AB3A136460}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{4F31302D-ADBC-4C57-B52F-ACFFD1A6B30C}D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{773AFCBE-AC48-4735-8277-C1BA96A7498A}] => (Allow) D:\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{5FDD8650-4439-40AB-BBA1-B7A3C7EF29C5}] => (Allow) D:\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{33CD8E3C-D351-46B1-BDD9-7A2F7FA586E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/24/2015 07:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11936073
 
Error: (09/24/2015 07:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11936073
 
Error: (09/24/2015 07:42:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/23/2015 10:00:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2327238
 
Error: (09/23/2015 10:00:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2327238
 
Error: (09/23/2015 10:00:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15865
 
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15865
 
Error: (09/21/2015 08:54:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/20/2015 10:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 319475
 
 
System errors:
=============
Error: (09/24/2015 07:43:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (09/24/2015 07:42:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (09/24/2015 07:42:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (09/23/2015 10:40:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:40:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:40:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:40:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:40:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:38:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2015 10:37:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 59%
Total physical RAM: 3873.14 MB
Available physical RAM: 1565.4 MB
Total Virtual: 7744.42 MB
Available Virtual: 5069.35 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:72.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:321.12 GB) (Free:84.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A49D5ABE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=250.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=321.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you have slightly more than a redirect problem

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

A premade fixlist if required .. Just download
Attached File  fixlist.txt   19.61KB   92 downloads
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\RunOnce: [Browsersafeguard-rockettab FF:0] => C:\Users\Leng\AppData\Local\BrowserSafeguard\Resources\certutil.exe -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Leng\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users\Len (the data entry has 60 more characters).
HKLM\...\AppCertDlls: [aeinHMCA] -> C:\Users\Leng\AppData\L
HKLM\...\AppCertDlls: [appigr32] -> C:\Users\Leng\AppData\Lo
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2207828519-3919902441-2265496074-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYaJQtbWAAXDFAWcV0VVQFEFhgaJVoMTAAUFwwQdV9ZWQkXRRNBNARaB0tXUUEeGGlxR1dMa0BNJ1VdL1wF
FF DefaultSearchEngine.US: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAeVwKAgBIRxhGdQhcTA1JFAIOeVxbVRRIRAMacwxeAAFBR1EFIk0FA18DB0VXfWFoKB8fHH9WLl5UBHcUVQ==
FF user.js: detected! => C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js [2015-07-03]
FF SearchPlugin: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml [2015-09-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-04] <==== ATTENTION
1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 cpyzutoy; \??\C:\Windows\system32\drivers\cpyzutoy.sys [X]
S1 dcvssiho; \??\C:\Windows\system32\drivers\dcvssiho.sys [X]
S1 druhdshf; \??\C:\Windows\system32\drivers\druhdshf.sys [X]
S1 dvrzsyes; \??\C:\Windows\system32\drivers\dvrzsyes.sys [X]
S1 effkmzua; \??\C:\Windows\system32\drivers\effkmzua.sys [X]
S1 egptrfps; \??\C:\Windows\system32\drivers\egptrfps.sys [X]
S1 ensuopzc; \??\C:\Windows\system32\drivers\ensuopzc.sys [X]
S1 ffvvzrlc; \??\C:\Windows\system32\drivers\ffvvzrlc.sys [X]
S1 fhbbjggz; \??\C:\Windows\system32\drivers\fhbbjggz.sys [X]
S1 fjthueeb; \??\C:\Windows\system32\drivers\fjthueeb.sys [X]
S1 hqeslbfk; \??\C:\Windows\system32\drivers\hqeslbfk.sys [X]
S1 hxgbdanv; \??\C:\Windows\system32\drivers\hxgbdanv.sys [X]
S1 iggmcigt; \??\C:\Windows\system32\drivers\iggmcigt.sys [X]
S1 iyffaqtd; \??\C:\Windows\system32\drivers\iyffaqtd.sys [X]
S1 janddtky; \??\C:\Windows\system32\drivers\janddtky.sys [X]
S1 jrgjsocs; \??\C:\Windows\system32\drivers\jrgjsocs.sys [X]
S1 kmbwhaxn; \??\C:\Windows\system32\drivers\kmbwhaxn.sys [X]
S1 koxwroig; \??\C:\Windows\system32\drivers\koxwroig.sys [X]
S1 kwrnwjii; \??\C:\Windows\system32\drivers\kwrnwjii.sys [X]
S1 mzvqqlwh; \??\C:\Windows\system32\drivers\mzvqqlwh.sys [X]
S1 neogppqk; \??\C:\Windows\system32\drivers\neogppqk.sys [X]
S1 nicxcbbr; \??\C:\Windows\system32\drivers\nicxcbbr.sys [X]
S1 npecygjc; \??\C:\Windows\system32\drivers\npecygjc.sys [X]
S1 npfejnxt; \??\C:\Windows\system32\drivers\npfejnxt.sys [X]
S1 nubnfgsm; \??\C:\Windows\system32\drivers\nubnfgsm.sys [X]
S1 obpoqbaq; \??\C:\Windows\system32\drivers\obpoqbaq.sys [X]
S1 ohrbuect; \??\C:\Windows\system32\drivers\ohrbuect.sys [X]
S1 puvirvtk; \??\C:\Windows\system32\drivers\puvirvtk.sys [X]
S1 pzwlreic; \??\C:\Windows\system32\drivers\pzwlreic.sys [X]
S1 qwlsmkzz; \??\C:\Windows\system32\drivers\qwlsmkzz.sys [X]
S1 qxmddyji; \??\C:\Windows\system32\drivers\qxmddyji.sys [X]
S1 rwrhebxb; \??\C:\Windows\system32\drivers\rwrhebxb.sys [X]
S1 rxpwmado; \??\C:\Windows\system32\drivers\rxpwmado.sys [X]
S1 smgdufff; \??\C:\Windows\system32\drivers\smgdufff.sys [X]
S1 svmbwkcg; \??\C:\Windows\system32\drivers\svmbwkcg.sys [X]
S1 swrqoleu; \??\C:\Windows\system32\drivers\swrqoleu.sys [X]
S1 tacydwtl; \??\C:\Windows\system32\drivers\tacydwtl.sys [X]
S1 udjmjekc; \??\C:\Windows\system32\drivers\udjmjekc.sys [X]
S1 ulfdtusz; \??\C:\Windows\system32\drivers\ulfdtusz.sys [X]
S1 umtfgwuo; \??\C:\Windows\system32\drivers\umtfgwuo.sys [X]
S1 vjsmxhxi; \??\C:\Windows\system32\drivers\vjsmxhxi.sys [X]
S1 vtidzqdb; \??\C:\Windows\system32\drivers\vtidzqdb.sys [X]
S1 vznoqxgj; \??\C:\Windows\system32\drivers\vznoqxgj.sys [X]
S1 wfasrzts; \??\C:\Windows\system32\drivers\wfasrzts.sys [X]
S1 wmvucwrc; \??\C:\Windows\system32\drivers\wmvucwrc.sys [X]
S1 wurfyvca; \??\C:\Windows\system32\drivers\wurfyvca.sys [X]
S1 xgmpkplj; \??\C:\Windows\system32\drivers\xgmpkplj.sys [X]
S1 ycnvwkgi; \??\C:\Windows\system32\drivers\ycnvwkgi.sys [X]
S1 ymsfoezj; \??\C:\Windows\system32\drivers\ymsfoezj.sys [X]
S1 yoawqmlg; \??\C:\Windows\system32\drivers\yoawqmlg.sys [X]
S1 yrsyarno; \??\C:\Windows\system32\drivers\yrsyarno.sys [X]
S1 yxakxbpx; \??\C:\Windows\system32\drivers\yxakxbpx.sys [X]
S1 zllirvpa; \??\C:\Windows\system32\drivers\zllirvpa.sys [X]
S1 zxgmiquh; \??\C:\Windows\system32\drivers\zxgmiquh.sys [X]
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____H C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 _____ C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2015-09-24 22:28 - 2013-01-30 18:28 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-04-20 15:20 - 2013-04-20 15:20 - 4126720 _____ () C:\Program Files (x86)\GUT2684.tmp
Task: {3247FB56-0B58-4649-9122-FFCE84174C76} - \Cassiopesa lice -> No File <==== ATTENTION
Task: {94F5CEC3-DB56-48A0-A2CC-4E0F25C05054} - System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => pcalua.exe -a C:\Users\Leng\Desktop\scz.exe -d C:\Users\Leng\Desktop
Task: {A61F402C-945A-4F9F-BB90-C596FD4F239A} - System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => pcalua.exe -a "C:\Games\Madden 08\Madden NFL 08 (Download)\Setup.exe" -d "C:\Games\Madden 08\Madden NFL 08 (Download)"
Task: {B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B965A0FF-0714-4881-BC09-779D2BDCCC73} - \Updater26278.exe -> No File <==== ATTENTION
Task: {C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9} - System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => pcalua.exe -a F:\Setup.now.exe -d F:\
Task: {C716FC81-195D-4251-BDA0-C4DDBF93BD4D} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {C9198085-70E1-4BA5-9D4B-6EA153F55DE6} - System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => pcalua.exe -a C:\Users\Leng\Desktop\setup.exe -d C:\Users\Leng\Desktop
Task: {E27ACC1B-DD3E-40E7-99F9-94F09E693853} - \IE_ERR4WDR -> No File <==== ATTENTION
2014-11-12 01:03 - 2014-11-12 01:03 - 0000448 ____H () C:\Users\Leng\AppData\Roaming\麽鎒駓覜
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 ____H () C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 _____ () C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2014-11-12 01:03 - 2014-11-12 01:03 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 01:04 - 2014-11-12 01:04 - 0000256 ____H () C:\ProgramData\@system3.att
C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
C:\Windows\system32\drivers\cpyzutoy.sys
C:\Windows\system32\drivers\dcvssiho.sys
C:\Windows\system32\drivers\druhdshf.sys
C:\Windows\system32\drivers\dvrzsyes.sys
C:\Windows\system32\drivers\effkmzua.sys
C:\Windows\system32\drivers\egptrfps.sys
C:\Windows\system32\drivers\ensuopzc.sys
C:\Windows\system32\drivers\ffvvzrlc.sys
C:\Windows\system32\drivers\fhbbjggz.sys
:\Windows\system32\drivers\fjthueeb.sys
C:\Windows\system32\drivers\hqeslbfk.sys
:\Windows\system32\drivers\hxgbdanv.sys
C:\Windows\system32\drivers\iggmcigt.sys
C:\Windows\system32\drivers\iyffaqtd.sys
C:\Windows\system32\drivers\janddtky.sys
C:\Windows\system32\drivers\jrgjsocs.sys
C:\Windows\system32\drivers\kmbwhaxn.sys
C:\Windows\system32\drivers\koxwroig.sys
C:\Windows\system32\drivers\kwrnwjii.sys
C:\Windows\system32\drivers\mzvqqlwh.sys
C:\Windows\system32\drivers\neogppqk.sys
C:\Windows\system32\drivers\nicxcbbr.sys
C:\Windows\system32\drivers\npecygjc.sys
C:\Windows\system32\drivers\npfejnxt.sys
C:\Windows\system32\drivers\nubnfgsm.sys
C:\Windows\system32\drivers\obpoqbaq.sys
C:\Windows\system32\drivers\ohrbuect.sys
C:\Windows\system32\drivers\puvirvtk.sys
C:\Windows\system32\drivers\pzwlreic.sys
C:\Windows\system32\drivers\qwlsmkzz.sys
C:\Windows\system32\drivers\qxmddyji.sys
C:\Windows\system32\drivers\rwrhebxb.sys
C:\Windows\system32\drivers\rxpwmado.sys
C:\Windows\system32\drivers\smgdufff.sys
C:\Windows\system32\drivers\svmbwkcg.sys
C:\Windows\system32\drivers\swrqoleu.sys
C:\Windows\system32\drivers\tacydwtl.sys
C:\Windows\system32\drivers\udjmjekc.sys
C:\Windows\system32\drivers\ulfdtusz.sys
C:\Windows\system32\drivers\umtfgwuo.sys
C:\Windows\system32\drivers\vjsmxhxi.sys
C:\Windows\system32\drivers\vtidzqdb.sys
C:\Windows\system32\drivers\vznoqxgj.sys
C:\Windows\system32\drivers\wfasrzts.sys
C:\Windows\system32\drivers\wmvucwrc.sys
C:\Windows\system32\drivers\wurfyvca.sys
C:\Windows\system32\drivers\xgmpkplj.sys
C:\Windows\system32\drivers\ycnvwkgi.sys
C:\Windows\system32\drivers\ymsfoezj.sys
C:\Windows\system32\drivers\yoawqmlg.sys
C:\Windows\system32\drivers\yrsyarno.sys
C:\Windows\system32\drivers\yxakxbpx.sys
C:\Windows\system32\drivers\zllirvpa.sys
C:\Windows\system32\drivers\zxgmiquh.sys [X]
C:\ProgramData\BitRaider
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
fnh

fnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thanks for all your help.  Here are the two logs:

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Leng (2015-09-25 21:44:25) Run:1
Running from C:\temp
Loaded Profiles: Leng (Available Profiles: Leng)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\RunOnce: [Browsersafeguard-rockettab FF:0] => C:\Users\Leng\AppData\Local\BrowserSafeguard\Resources\certutil.exe -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Leng\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users\Len (the data entry has 60 more characters).
HKLM\...\AppCertDlls: [aeinHMCA] -> C:\Users\Leng\AppData\L
HKLM\...\AppCertDlls: [appigr32] -> C:\Users\Leng\AppData\Lo
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2207828519-3919902441-2265496074-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYaJQtbWAAXDFAWcV0VVQFEFhgaJVoMTAAUFwwQdV9ZWQkXRRNBNARaB0tXUUEeGGlxR1dMa0BNJ1VdL1wF
FF DefaultSearchEngine.US: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAeVwKAgBIRxhGdQhcTA1JFAIOeVxbVRRIRAMacwxeAAFBR1EFIk0FA18DB0VXfWFoKB8fHH9WLl5UBHcUVQ==
FF user.js: detected! => C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js [2015-07-03]
FF SearchPlugin: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml [2015-09-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-04] <==== ATTENTION
1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 cpyzutoy; \??\C:\Windows\system32\drivers\cpyzutoy.sys [X]
S1 dcvssiho; \??\C:\Windows\system32\drivers\dcvssiho.sys [X]
S1 druhdshf; \??\C:\Windows\system32\drivers\druhdshf.sys [X]
S1 dvrzsyes; \??\C:\Windows\system32\drivers\dvrzsyes.sys [X]
S1 effkmzua; \??\C:\Windows\system32\drivers\effkmzua.sys [X]
S1 egptrfps; \??\C:\Windows\system32\drivers\egptrfps.sys [X]
S1 ensuopzc; \??\C:\Windows\system32\drivers\ensuopzc.sys [X]
S1 ffvvzrlc; \??\C:\Windows\system32\drivers\ffvvzrlc.sys [X]
S1 fhbbjggz; \??\C:\Windows\system32\drivers\fhbbjggz.sys [X]
S1 fjthueeb; \??\C:\Windows\system32\drivers\fjthueeb.sys [X]
S1 hqeslbfk; \??\C:\Windows\system32\drivers\hqeslbfk.sys [X]
S1 hxgbdanv; \??\C:\Windows\system32\drivers\hxgbdanv.sys [X]
S1 iggmcigt; \??\C:\Windows\system32\drivers\iggmcigt.sys [X]
S1 iyffaqtd; \??\C:\Windows\system32\drivers\iyffaqtd.sys [X]
S1 janddtky; \??\C:\Windows\system32\drivers\janddtky.sys [X]
S1 jrgjsocs; \??\C:\Windows\system32\drivers\jrgjsocs.sys [X]
S1 kmbwhaxn; \??\C:\Windows\system32\drivers\kmbwhaxn.sys [X]
S1 koxwroig; \??\C:\Windows\system32\drivers\koxwroig.sys [X]
S1 kwrnwjii; \??\C:\Windows\system32\drivers\kwrnwjii.sys [X]
S1 mzvqqlwh; \??\C:\Windows\system32\drivers\mzvqqlwh.sys [X]
S1 neogppqk; \??\C:\Windows\system32\drivers\neogppqk.sys [X]
S1 nicxcbbr; \??\C:\Windows\system32\drivers\nicxcbbr.sys [X]
S1 npecygjc; \??\C:\Windows\system32\drivers\npecygjc.sys [X]
S1 npfejnxt; \??\C:\Windows\system32\drivers\npfejnxt.sys [X]
S1 nubnfgsm; \??\C:\Windows\system32\drivers\nubnfgsm.sys [X]
S1 obpoqbaq; \??\C:\Windows\system32\drivers\obpoqbaq.sys [X]
S1 ohrbuect; \??\C:\Windows\system32\drivers\ohrbuect.sys [X]
S1 puvirvtk; \??\C:\Windows\system32\drivers\puvirvtk.sys [X]
S1 pzwlreic; \??\C:\Windows\system32\drivers\pzwlreic.sys [X]
S1 qwlsmkzz; \??\C:\Windows\system32\drivers\qwlsmkzz.sys [X]
S1 qxmddyji; \??\C:\Windows\system32\drivers\qxmddyji.sys [X]
S1 rwrhebxb; \??\C:\Windows\system32\drivers\rwrhebxb.sys [X]
S1 rxpwmado; \??\C:\Windows\system32\drivers\rxpwmado.sys [X]
S1 smgdufff; \??\C:\Windows\system32\drivers\smgdufff.sys [X]
S1 svmbwkcg; \??\C:\Windows\system32\drivers\svmbwkcg.sys [X]
S1 swrqoleu; \??\C:\Windows\system32\drivers\swrqoleu.sys [X]
S1 tacydwtl; \??\C:\Windows\system32\drivers\tacydwtl.sys [X]
S1 udjmjekc; \??\C:\Windows\system32\drivers\udjmjekc.sys [X]
S1 ulfdtusz; \??\C:\Windows\system32\drivers\ulfdtusz.sys [X]
S1 umtfgwuo; \??\C:\Windows\system32\drivers\umtfgwuo.sys [X]
S1 vjsmxhxi; \??\C:\Windows\system32\drivers\vjsmxhxi.sys [X]
S1 vtidzqdb; \??\C:\Windows\system32\drivers\vtidzqdb.sys [X]
S1 vznoqxgj; \??\C:\Windows\system32\drivers\vznoqxgj.sys [X]
S1 wfasrzts; \??\C:\Windows\system32\drivers\wfasrzts.sys [X]
S1 wmvucwrc; \??\C:\Windows\system32\drivers\wmvucwrc.sys [X]
S1 wurfyvca; \??\C:\Windows\system32\drivers\wurfyvca.sys [X]
S1 xgmpkplj; \??\C:\Windows\system32\drivers\xgmpkplj.sys [X]
S1 ycnvwkgi; \??\C:\Windows\system32\drivers\ycnvwkgi.sys [X]
S1 ymsfoezj; \??\C:\Windows\system32\drivers\ymsfoezj.sys [X]
S1 yoawqmlg; \??\C:\Windows\system32\drivers\yoawqmlg.sys [X]
S1 yrsyarno; \??\C:\Windows\system32\drivers\yrsyarno.sys [X]
S1 yxakxbpx; \??\C:\Windows\system32\drivers\yxakxbpx.sys [X]
S1 zllirvpa; \??\C:\Windows\system32\drivers\zllirvpa.sys [X]
S1 zxgmiquh; \??\C:\Windows\system32\drivers\zxgmiquh.sys [X]
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____H C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 _____ C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2015-09-24 22:28 - 2013-01-30 18:28 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-04-20 15:20 - 2013-04-20 15:20 - 4126720 _____ () C:\Program Files (x86)\GUT2684.tmp
Task: {3247FB56-0B58-4649-9122-FFCE84174C76} - \Cassiopesa lice -> No File <==== ATTENTION
Task: {94F5CEC3-DB56-48A0-A2CC-4E0F25C05054} - System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => pcalua.exe -a C:\Users\Leng\Desktop\scz.exe -d C:\Users\Leng\Desktop
Task: {A61F402C-945A-4F9F-BB90-C596FD4F239A} - System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => pcalua.exe -a "C:\Games\Madden 08\Madden NFL 08 (Download)\Setup.exe" -d "C:\Games\Madden 08\Madden NFL 08 (Download)"
Task: {B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B965A0FF-0714-4881-BC09-779D2BDCCC73} - \Updater26278.exe -> No File <==== ATTENTION
Task: {C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9} - System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => pcalua.exe -a F:\Setup.now.exe -d F:\
Task: {C716FC81-195D-4251-BDA0-C4DDBF93BD4D} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {C9198085-70E1-4BA5-9D4B-6EA153F55DE6} - System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => pcalua.exe -a C:\Users\Leng\Desktop\setup.exe -d C:\Users\Leng\Desktop
Task: {E27ACC1B-DD3E-40E7-99F9-94F09E693853} - \IE_ERR4WDR -> No File <==== ATTENTION
2014-11-12 01:03 - 2014-11-12 01:03 - 0000448 ____H () C:\Users\Leng\AppData\Roaming\麽鎒駓覜
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 ____H () C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 _____ () C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2014-11-12 01:03 - 2014-11-12 01:03 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 01:04 - 2014-11-12 01:04 - 0000256 ____H () C:\ProgramData\@system3.att
C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
C:\Windows\system32\drivers\cpyzutoy.sys
C:\Windows\system32\drivers\dcvssiho.sys
C:\Windows\system32\drivers\druhdshf.sys
C:\Windows\system32\drivers\dvrzsyes.sys
C:\Windows\system32\drivers\effkmzua.sys
C:\Windows\system32\drivers\egptrfps.sys
C:\Windows\system32\drivers\ensuopzc.sys
C:\Windows\system32\drivers\ffvvzrlc.sys
C:\Windows\system32\drivers\fhbbjggz.sys
:\Windows\system32\drivers\fjthueeb.sys
C:\Windows\system32\drivers\hqeslbfk.sys
:\Windows\system32\drivers\hxgbdanv.sys
C:\Windows\system32\drivers\iggmcigt.sys
C:\Windows\system32\drivers\iyffaqtd.sys
C:\Windows\system32\drivers\janddtky.sys
C:\Windows\system32\drivers\jrgjsocs.sys
C:\Windows\system32\drivers\kmbwhaxn.sys
C:\Windows\system32\drivers\koxwroig.sys
C:\Windows\system32\drivers\kwrnwjii.sys
C:\Windows\system32\drivers\mzvqqlwh.sys
C:\Windows\system32\drivers\neogppqk.sys
C:\Windows\system32\drivers\nicxcbbr.sys
C:\Windows\system32\drivers\npecygjc.sys
C:\Windows\system32\drivers\npfejnxt.sys
C:\Windows\system32\drivers\nubnfgsm.sys
C:\Windows\system32\drivers\obpoqbaq.sys
C:\Windows\system32\drivers\ohrbuect.sys
C:\Windows\system32\drivers\puvirvtk.sys
C:\Windows\system32\drivers\pzwlreic.sys
C:\Windows\system32\drivers\qwlsmkzz.sys
C:\Windows\system32\drivers\qxmddyji.sys
C:\Windows\system32\drivers\rwrhebxb.sys
C:\Windows\system32\drivers\rxpwmado.sys
C:\Windows\system32\drivers\smgdufff.sys
C:\Windows\system32\drivers\svmbwkcg.sys
C:\Windows\system32\drivers\swrqoleu.sys
C:\Windows\system32\drivers\tacydwtl.sys
C:\Windows\system32\drivers\udjmjekc.sys
C:\Windows\system32\drivers\ulfdtusz.sys
C:\Windows\system32\drivers\umtfgwuo.sys
C:\Windows\system32\drivers\vjsmxhxi.sys
C:\Windows\system32\drivers\vtidzqdb.sys
C:\Windows\system32\drivers\vznoqxgj.sys
C:\Windows\system32\drivers\wfasrzts.sys
C:\Windows\system32\drivers\wmvucwrc.sys
C:\Windows\system32\drivers\wurfyvca.sys
C:\Windows\system32\drivers\xgmpkplj.sys
C:\Windows\system32\drivers\ycnvwkgi.sys
C:\Windows\system32\drivers\ymsfoezj.sys
C:\Windows\system32\drivers\yoawqmlg.sys
C:\Windows\system32\drivers\yrsyarno.sys
C:\Windows\system32\drivers\yxakxbpx.sys
C:\Windows\system32\drivers\zllirvpa.sys
C:\Windows\system32\drivers\zxgmiquh.sys [X]
C:\ProgramData\BitRaider
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION => restored successfully
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Browsersafeguard-rockettab FF:0 => value removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\aeinHMCA => value removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\appigr32 => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js => moved successfully
C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => moved successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X] => Error: No automatic fix found for this entry.
BRDriver64_1_3_3_E02B25FC => service removed successfully
cpyzutoy => service removed successfully
dcvssiho => service removed successfully
druhdshf => service removed successfully
dvrzsyes => service removed successfully
effkmzua => service removed successfully
egptrfps => service removed successfully
ensuopzc => service removed successfully
ffvvzrlc => service removed successfully
fhbbjggz => service removed successfully
fjthueeb => service removed successfully
hqeslbfk => service removed successfully
hxgbdanv => service removed successfully
iggmcigt => service removed successfully
iyffaqtd => service removed successfully
janddtky => service removed successfully
jrgjsocs => service removed successfully
kmbwhaxn => service removed successfully
koxwroig => service removed successfully
kwrnwjii => service removed successfully
mzvqqlwh => service removed successfully
neogppqk => service removed successfully
nicxcbbr => service removed successfully
npecygjc => service removed successfully
npfejnxt => service removed successfully
nubnfgsm => service removed successfully
obpoqbaq => service removed successfully
ohrbuect => service removed successfully
puvirvtk => service removed successfully
pzwlreic => service removed successfully
qwlsmkzz => service removed successfully
qxmddyji => service removed successfully
rwrhebxb => service removed successfully
rxpwmado => service removed successfully
smgdufff => service removed successfully
svmbwkcg => service removed successfully
swrqoleu => service removed successfully
tacydwtl => service removed successfully
udjmjekc => service removed successfully
ulfdtusz => service removed successfully
umtfgwuo => service removed successfully
vjsmxhxi => service removed successfully
vtidzqdb => service removed successfully
vznoqxgj => service removed successfully
wfasrzts => service removed successfully
wmvucwrc => service removed successfully
wurfyvca => service removed successfully
xgmpkplj => service removed successfully
ycnvwkgi => service removed successfully
ymsfoezj => service removed successfully
yoawqmlg => service removed successfully
yrsyarno => service removed successfully
yxakxbpx => service removed successfully
zllirvpa => service removed successfully
zxgmiquh => service removed successfully
C:\Users\Leng\AppData\Local\BIT8989.tmp => moved successfully
C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB} => moved successfully
C:\Windows\SysWOW64\acovcnt.exe => moved successfully
C:\Program Files (x86)\GUT2684.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3247FB56-0B58-4649-9122-FFCE84174C76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3247FB56-0B58-4649-9122-FFCE84174C76}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa lice => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F5CEC3-DB56-48A0-A2CC-4E0F25C05054}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F5CEC3-DB56-48A0-A2CC-4E0F25C05054}" => key removed successfully
C:\Windows\System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E098EBF-191A-48B5-BA4F-966484E10698}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A61F402C-945A-4F9F-BB90-C596FD4F239A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61F402C-945A-4F9F-BB90-C596FD4F239A}" => key removed successfully
C:\Windows\System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B965A0FF-0714-4881-BC09-779D2BDCCC73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B965A0FF-0714-4881-BC09-779D2BDCCC73}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9}" => key removed successfully
C:\Windows\System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C716FC81-195D-4251-BDA0-C4DDBF93BD4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C716FC81-195D-4251-BDA0-C4DDBF93BD4D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9198085-70E1-4BA5-9D4B-6EA153F55DE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9198085-70E1-4BA5-9D4B-6EA153F55DE6}" => key removed successfully
C:\Windows\System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83B26B54-87DA-4680-8BE3-71C0702A460A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E27ACC1B-DD3E-40E7-99F9-94F09E693853}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E27ACC1B-DD3E-40E7-99F9-94F09E693853}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
C:\Users\Leng\AppData\Roaming\麽鎒駓覜 => moved successfully
"C:\Users\Leng\AppData\Local\BIT8989.tmp" => File/Folder not found.
"C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}" => File/Folder not found.
C:\ProgramData\@system.temp => moved successfully
C:\ProgramData\@system3.att => moved successfully
"C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys" => File/Folder not found.
"C:\Windows\system32\drivers\cpyzutoy.sys" => File/Folder not found.
"C:\Windows\system32\drivers\dcvssiho.sys" => File/Folder not found.
"C:\Windows\system32\drivers\druhdshf.sys" => File/Folder not found.
"C:\Windows\system32\drivers\dvrzsyes.sys" => File/Folder not found.
"C:\Windows\system32\drivers\effkmzua.sys" => File/Folder not found.
"C:\Windows\system32\drivers\egptrfps.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ensuopzc.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ffvvzrlc.sys" => File/Folder not found.
"C:\Windows\system32\drivers\fhbbjggz.sys" => File/Folder not found.
:\Windows\system32\drivers\fjthueeb.sys => Error: No automatic fix found for this entry.
"C:\Windows\system32\drivers\hqeslbfk.sys" => File/Folder not found.
:\Windows\system32\drivers\hxgbdanv.sys => Error: No automatic fix found for this entry.
"C:\Windows\system32\drivers\iggmcigt.sys" => File/Folder not found.
"C:\Windows\system32\drivers\iyffaqtd.sys" => File/Folder not found.
"C:\Windows\system32\drivers\janddtky.sys" => File/Folder not found.
"C:\Windows\system32\drivers\jrgjsocs.sys" => File/Folder not found.
"C:\Windows\system32\drivers\kmbwhaxn.sys" => File/Folder not found.
"C:\Windows\system32\drivers\koxwroig.sys" => File/Folder not found.
"C:\Windows\system32\drivers\kwrnwjii.sys" => File/Folder not found.
"C:\Windows\system32\drivers\mzvqqlwh.sys" => File/Folder not found.
"C:\Windows\system32\drivers\neogppqk.sys" => File/Folder not found.
"C:\Windows\system32\drivers\nicxcbbr.sys" => File/Folder not found.
"C:\Windows\system32\drivers\npecygjc.sys" => File/Folder not found.
"C:\Windows\system32\drivers\npfejnxt.sys" => File/Folder not found.
"C:\Windows\system32\drivers\nubnfgsm.sys" => File/Folder not found.
"C:\Windows\system32\drivers\obpoqbaq.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ohrbuect.sys" => File/Folder not found.
"C:\Windows\system32\drivers\puvirvtk.sys" => File/Folder not found.
"C:\Windows\system32\drivers\pzwlreic.sys" => File/Folder not found.
"C:\Windows\system32\drivers\qwlsmkzz.sys" => File/Folder not found.
"C:\Windows\system32\drivers\qxmddyji.sys" => File/Folder not found.
"C:\Windows\system32\drivers\rwrhebxb.sys" => File/Folder not found.
"C:\Windows\system32\drivers\rxpwmado.sys" => File/Folder not found.
"C:\Windows\system32\drivers\smgdufff.sys" => File/Folder not found.
"C:\Windows\system32\drivers\svmbwkcg.sys" => File/Folder not found.
"C:\Windows\system32\drivers\swrqoleu.sys" => File/Folder not found.
"C:\Windows\system32\drivers\tacydwtl.sys" => File/Folder not found.
"C:\Windows\system32\drivers\udjmjekc.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ulfdtusz.sys" => File/Folder not found.
"C:\Windows\system32\drivers\umtfgwuo.sys" => File/Folder not found.
"C:\Windows\system32\drivers\vjsmxhxi.sys" => File/Folder not found.
"C:\Windows\system32\drivers\vtidzqdb.sys" => File/Folder not found.
"C:\Windows\system32\drivers\vznoqxgj.sys" => File/Folder not found.
"C:\Windows\system32\drivers\wfasrzts.sys" => File/Folder not found.
"C:\Windows\system32\drivers\wmvucwrc.sys" => File/Folder not found.
"C:\Windows\system32\drivers\wurfyvca.sys" => File/Folder not found.
"C:\Windows\system32\drivers\xgmpkplj.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ycnvwkgi.sys" => File/Folder not found.
"C:\Windows\system32\drivers\ymsfoezj.sys" => File/Folder not found.
"C:\Windows\system32\drivers\yoawqmlg.sys" => File/Folder not found.
"C:\Windows\system32\drivers\yrsyarno.sys" => File/Folder not found.
"C:\Windows\system32\drivers\yxakxbpx.sys" => File/Folder not found.
"C:\Windows\system32\drivers\zllirvpa.sys" => File/Folder not found.
"C:\Windows\system32\drivers\zxgmiquh.sys [X]" => File/Folder not found.
C:\ProgramData\BitRaider => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A049FD30-23F3-4B51-900F-9135E7A1096F}.
Unable to cancel {B8EF02F0-A382-4BD6-B517-358281211B9B}.
Unable to cancel {B895192B-22BF-4FAB-B29D-C6473222DE10}.
Unable to cancel {4F44C2EF-2DE3-4CF9-BD12-17BA2B92EE0C}.
{7CC6A7BE-DC3A-4C05-8BD4-73E6AF0071D0} canceled.
{B3E9D423-CBC8-4402-822C-199F43E1D5BD} canceled.
{937C74D2-5882-421B-BD8E-1A4AB0914792} canceled.
3 out of 7 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 17.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:46:55 ====

 

 

 

 

 

 

# AdwCleaner v5.008 - Logfile created 25/09/2015 at 21:52:28
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : Leng - BATMAN-PC
# Running from : C:\Users\Leng\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Partner Service

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Application Updater
[-] Folder Deleted : C:\Program Files (x86)\RobooSaaver
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\ProgramData\Updater
[-] Folder Deleted : C:\ProgramData\4ff04a0200006af1
[-] Folder Deleted : C:\ProgramData\{be45e719-55c8-0b1d-be45-5e71955c9c65}
[-] Folder Deleted : C:\Users\Leng\AppData\Local\RocketTab
[-] Folder Deleted : C:\Windows\SysWOW64\ARFC
[-] Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\Sysnative\dmwu.exe
[-] File Deleted : C:\Windows\Sysnative\ImhxxpComm.dll

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
[-] Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
[-] Key Deleted : HKLM\SOFTWARE\c6197f4f-5b00-a549-2d2e-648a3c34ab24
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FED6A736-129B-49C7-857E-25FC91E87DB3}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Cr_Installer
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
[-] Key Deleted : HKCU\Software\SocialBit
[-] Key Deleted : HKCU\Software\CoinisRS
[-] Key Deleted : HKCU\Software\Condut
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\Cr_Installer
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\InstalledThirdPartyPrograms
[!] Key Not Deleted : [x64] HKCU\Software\SocialBit
[!] Key Not Deleted : [x64] HKCU\Software\CoinisRS
[!] Key Not Deleted : [x64] HKCU\Software\Condut
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\WNLT
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Compete
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Web browsers ] *****

[-] [C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Leng\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11207 bytes] ##########

 

 

 

 


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
fnh

fnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

It's looking good.  It's not longer redirecting my home page in firefox

 

Here's the log

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/26/2015
Scan Time: 7:03 PM
Logfile: Mbm.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.26.05
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Leng

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394242
Time Elapsed: 28 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [4c31b97b78132610a9225d944db5a060],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [4c31b97b78132610a9225d944db5a060],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [4c31b97b78132610a9225d944db5a060],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [e9945ed6ef9c4fe7c3d5fcf57d858c74],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [e9945ed6ef9c4fe7c3d5fcf57d858c74],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, Quarantined, [770662d2ef9cac8af5a49e531ce6f60a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, Quarantined, [770662d2ef9cac8af5a49e531ce6f60a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost.1, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost.1, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [067783b14249be78e9b17081cb37b749],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [502dba7ab3d81e187d1eb73acc360cf4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [502dba7ab3d81e187d1eb73acc360cf4],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, Quarantined, [f786151f06850a2c8cd4d305ba4abf41],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-host.exe, Quarantined, [0b721f15f2998bab124e875145bf33cd],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-host.exe, Quarantined, [a6d7cd67e2a95fd7461ab820956f9769],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You may want to consider replacing MSES with a third party free antivirus

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP