Solved Unremovable Malware

[Alex Yee]

I followed every step in one of your guides: http://malwaretips.com/blogs/malware-removal-guide-for-windows/
And I every time I run a scan from Malwarebytes Anti-Malware the same key registry viruses show up. I must have quarantined them at least 5 times. I am using my phone to post this as I believe my computer contains key loggers. I changed my Facebook password after it was hacked but I think the virus key logged it so they know my new password too. Please respond ASAP and thank you very much for your detailed guides and time.

 

[TwinHeadedEagle]

Hi,

Before we begin, I want you to have this in mind:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Alex Yee]

Here is the (FRST.txt):

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1477773806-3054807255-2046806828-1003\...\Run: [BearShare] => "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
HKU\S-1-5-21-1477773806-3054807255-2046806828-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {55b95864-3251-45e9-bb30-1a82589aaff1} - No File
URLSearchHook: HKLM-x32 - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} - No File
URLSearchHook: HKLM-x32 - (No Name) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=...98cf57219b7&lang=en&ds=AVG&pr=sa&d=2013-08-26 07:29:52&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ie...D102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {55b95864-3251-45e9-bb30-1a82589aaff1} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {7f3f960e-a836-45ca-8911-0accb522246e} - No File
BHO-x32: No Name - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {55B95864-3251-45E9-BB30-1A82589AAFF1} - No File
Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File
Toolbar: HKCU - No Name - {7F3F960E-A836-45CA-8911-0ACCB522246E} - No File
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {465FCFBB-47A4-4866-A5D5-D12F9A77DA00} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\me4slhuo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BearSharePlugin - C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha979.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha979\ff

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [kfehigaaopcnlfigcppmopdoncbnnmkl] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha979\ch\WebexpEnhancedV1alpha979.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-05-15]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 0052371403547768mcinstcleanup; C:\Windows\TEMP\005237~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-23] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

==================== Drivers (Whitelisted) ====================

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 rtl819xpn64; C:\Windows\system32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R3 VSTWinDriver6; C:\Windows\system32\drivers\VSTwindrvr6.sys [252928 2013-03-29] (Jungo)
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 NvStUSB; \SystemRoot\System32\drivers\nvstusb.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 14:00 - 2014-06-23 14:00 - 00020762 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-23 13:41 - 2014-06-23 13:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-23 13:40 - 2014-06-23 13:40 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
2014-06-23 13:39 - 2014-06-23 13:39 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-06-23 13:33 - 2014-06-23 13:35 - 00033743 _____ () C:\Users\Alex\Downloads\FRST.txt
2014-06-23 13:33 - 2014-06-23 13:33 - 00031266 _____ () C:\Users\Alex\Downloads\Addition.txt
2014-06-23 13:32 - 2014-06-23 14:00 - 00000000 ____D () C:\FRST
2014-06-23 13:32 - 2014-06-23 13:32 - 02082816 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (1).exe
2014-06-23 13:32 - 2014-06-23 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-23 13:31 - 2014-06-23 13:31 - 02082816 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-06-23 13:27 - 2014-06-23 13:27 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-06-23 11:23 - 2014-06-23 11:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-23 11:23 - 2014-06-23 11:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-23 11:23 - 2014-06-23 11:23 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-23 11:23 - 2014-06-23 11:23 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-23 11:23 - 2014-06-23 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-23 11:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-23 11:18 - 2014-06-23 11:19 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Alex\Downloads\spybot-2.3.exe
2014-06-22 20:46 - 2014-06-22 20:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-22 19:53 - 2014-06-23 11:53 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 13c3fdf1-f7b7-44ab-8d5e-45a0664008a7.job
2014-06-22 19:53 - 2014-06-23 02:00 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 88b06e0e-caa7-424b-a4ae-cb96a7f1f2ee.job
2014-06-22 19:53 - 2014-06-22 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-22 19:53 - 2014-06-22 19:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-22 19:53 - 2014-06-22 19:53 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2014-06-22 19:53 - 2014-06-22 19:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-22 19:40 - 2014-06-22 19:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-22 19:33 - 2014-06-22 19:33 - 05268992 _____ () C:\Users\Alex\Desktop\RogueKillerX64.exe
2014-06-22 19:27 - 2014-06-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-22 19:27 - 2014-06-22 19:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-22 19:26 - 2014-06-22 19:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-22 19:25 - 2014-06-22 19:25 - 10971424 _____ (SurfRight B.V.) C:\Users\Alex\Desktop\HitmanPro_x64.exe
2014-06-22 19:06 - 2014-06-22 19:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-22 19:04 - 2014-06-22 19:04 - 00001107 _____ () C:\Users\Alex\Desktop\iExplore - Shortcut.lnk
2014-06-22 19:00 - 2014-06-22 19:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\iExplore.exe
2014-06-22 18:58 - 2014-06-22 18:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\tdsskiller.exe
2014-06-22 18:36 - 2014-06-22 18:36 - 01342659 _____ () C:\Users\Alex\Desktop\adwcleaner_3.213.exe
2014-06-22 18:17 - 2014-06-22 18:17 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-06-22 18:16 - 2014-06-22 18:16 - 13829304 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\MSEInstall (1).exe
2014-06-22 18:16 - 2014-06-22 18:16 - 11241816 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\MSEInstall.exe
2014-06-21 01:52 - 2014-06-23 12:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 01:51 - 2014-06-22 19:06 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 01:51 - 2014-06-22 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 01:51 - 2014-06-22 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 01:51 - 2014-06-21 01:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 01:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 01:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 01:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 01:50 - 2014-06-21 01:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 01:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-21 01:45 - 2014-06-22 19:22 - 00000000 ____D () C:\AdwCleaner
2014-06-19 21:07 - 2014-06-21 02:00 - 00000043 _____ () C:\Users\Alex\jagex_cl_runescape_LIVE.dat
2014-06-19 21:00 - 2014-06-22 21:45 - 00000043 _____ () C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
2014-06-19 21:00 - 2014-06-19 21:07 - 00000000 ____D () C:\Users\Alex\jagexcache

==================== One Month Modified Files and Folders =======

2014-06-23 14:00 - 2014-06-23 14:00 - 00020762 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-23 14:00 - 2014-06-23 13:32 - 00000000 ____D () C:\FRST
2014-06-23 14:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-23 13:55 - 2013-05-24 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 13:41 - 2014-06-23 13:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-23 13:40 - 2014-06-23 13:40 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
2014-06-23 13:39 - 2014-06-23 13:39 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-06-23 13:35 - 2014-06-23 13:33 - 00033743 _____ () C:\Users\Alex\Downloads\FRST.txt
2014-06-23 13:33 - 2014-06-23 13:33 - 00031266 _____ () C:\Users\Alex\Downloads\Addition.txt
2014-06-23 13:32 - 2014-06-23 13:32 - 02082816 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (1).exe
2014-06-23 13:32 - 2014-06-23 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-23 13:31 - 2014-06-23 13:31 - 02082816 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-06-23 13:27 - 2014-06-23 13:27 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-06-23 13:27 - 2014-05-03 00:50 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 13:12 - 2014-05-03 00:50 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 12:27 - 2014-06-21 01:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 11:53 - 2014-06-22 19:53 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 13c3fdf1-f7b7-44ab-8d5e-45a0664008a7.job
2014-06-23 11:28 - 2014-06-23 11:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-23 11:26 - 2014-06-23 11:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-23 11:23 - 2014-06-23 11:23 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-23 11:23 - 2014-06-23 11:23 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-23 11:23 - 2014-06-23 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-23 11:22 - 2013-03-03 23:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-23 11:19 - 2014-06-23 11:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Alex\Downloads\spybot-2.3.exe
2014-06-23 02:00 - 2014-06-22 19:53 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 88b06e0e-caa7-424b-a4ae-cb96a7f1f2ee.job
2014-06-22 21:52 - 2012-12-22 12:13 - 00000024 _____ () C:\Users\Alex\random.dat
2014-06-22 21:45 - 2014-06-19 21:00 - 00000043 _____ () C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
2014-06-22 20:49 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 20:46 - 2014-06-22 20:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-22 20:46 - 2014-06-22 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-22 20:43 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 19:53 - 2014-06-22 19:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-22 19:53 - 2014-06-22 19:53 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2014-06-22 19:53 - 2014-06-22 19:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-22 19:40 - 2014-06-22 19:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-22 19:34 - 2014-06-22 19:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-22 19:33 - 2014-06-22 19:33 - 05268992 _____ () C:\Users\Alex\Desktop\RogueKillerX64.exe
2014-06-22 19:27 - 2014-06-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-22 19:27 - 2014-06-22 19:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-22 19:25 - 2014-06-22 19:25 - 10971424 _____ (SurfRight B.V.) C:\Users\Alex\Desktop\HitmanPro_x64.exe
2014-06-22 19:23 - 2012-08-27 13:42 - 00951726 _____ () C:\Windows\PFRO.log
2014-06-22 19:22 - 2014-06-21 01:45 - 00000000 ____D () C:\AdwCleaner
2014-06-22 19:06 - 2014-06-22 19:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-22 19:06 - 2014-06-21 01:51 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-22 19:06 - 2014-06-21 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-22 19:06 - 2014-06-21 01:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 19:04 - 2014-06-22 19:04 - 00001107 _____ () C:\Users\Alex\Desktop\iExplore - Shortcut.lnk
2014-06-22 19:00 - 2014-06-22 19:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\iExplore.exe
2014-06-22 18:59 - 2014-06-22 18:58 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\tdsskiller.exe
2014-06-22 18:36 - 2014-06-22 18:36 - 01342659 _____ () C:\Users\Alex\Desktop\adwcleaner_3.213.exe
2014-06-22 18:36 - 2014-01-04 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-22 18:17 - 2014-06-22 18:17 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-06-22 18:16 - 2014-06-22 18:16 - 13829304 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\MSEInstall (1).exe
2014-06-22 18:16 - 2014-06-22 18:16 - 11241816 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\MSEInstall.exe
2014-06-21 02:00 - 2014-06-19 21:07 - 00000043 _____ () C:\Users\Alex\jagex_cl_runescape_LIVE.dat
2014-06-21 01:51 - 2014-06-21 01:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 01:51 - 2014-06-21 01:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-19 21:07 - 2014-06-19 21:00 - 00000000 ____D () C:\Users\Alex\jagexcache
2014-06-19 21:07 - 2012-12-22 00:53 - 00000000 ____D () C:\Users\Alex
2014-06-18 15:10 - 2014-05-03 00:51 - 00002064 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-24 23:19 - 2012-12-21 21:30 - 01646681 _____ () C:\Windows\WindowsUpdate.log

Files to move or delete:
====================
C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat


Some content of TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (1).exe
C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (2).exe
C:\Users\Sharon\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sharon\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================















Here is the (Addition.txt):

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKCU\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
FoodBuzz (HKLM-x32\...\FoodBuzz) (Version: 9.0 - foodbuzz.net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.219 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2792 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
jZip (HKCU\...\jZip) (Version: 2.0.0.134601 - Bandoo Media Inc) <==== ATTENTION
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKCU\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.1.0.3 - NETGEAR)
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{A5BD84AE-D340-4C7B-A272-412AE146ECC8}) (Version: 2.1.0.0 - NETGEAR)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Webexp Enhanced (HKLM-x32\...\Webexp Enhanced) (Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 13c3fdf1-f7b7-44ab-8d5e-45a0664008a7.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 88b06e0e-caa7-424b-a4ae-cb96a7f1f2ee.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-16 20:13 - 2014-01-16 20:18 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-11 10:23 - 2012-07-04 22:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-02 00:00 - 2012-09-18 18:46 - 08384800 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: WAN Miniport (Network Monitor) #2
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 01:42:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:41:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/23/2014 01:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WifiSvc.exe, version: 2.0.1.2, time stamp: 0x4c3544fe
Faulting module name: WifiSvc.exe, version: 2.0.1.2, time stamp: 0x4c3544fe
Exception code: 0xc0000005
Fault offset: 0x00008a0b
Faulting process id: 0xf04
Faulting application start time: 0xWifiSvc.exe0
Faulting application path: WifiSvc.exe1
Faulting module path: WifiSvc.exe2
Report Id: WifiSvc.exe3
Faulting package full name: WifiSvc.exe4
Faulting package-relative application ID: WifiSvc.exe5

Error: (06/23/2014 01:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WifiSvc.exe, version: 2.0.1.2, time stamp: 0x4c3544fe
Faulting module name: WifiSvc.exe, version: 2.0.1.2, time stamp: 0x4c3544fe
Exception code: 0xc0000005
Fault offset: 0x00008a0b
Faulting process id: 0x2748
Faulting application start time: 0xWifiSvc.exe0
Faulting application path: WifiSvc.exe1
Faulting module path: WifiSvc.exe2
Report Id: WifiSvc.exe3
Faulting package full name: WifiSvc.exe4
Faulting package-relative application ID: WifiSvc.exe5


System errors:
=============
Error: (06/23/2014 01:27:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 01:27:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 11:17:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 11:17:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 08:22:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 08:22:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 01:47:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 01:47:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 00:21:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/23/2014 00:21:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/23/2014 01:42:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:41:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (06/23/2014 01:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WifiSvc.exe2.0.1.24c3544feWifiSvc.exe2.0.1.24c3544fec000000500008a0bf0401cf8f0f6c6a8717C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exeC:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exedd3fdcb6-fb14-11e3-8006-902b34a2f8f0

Error: (06/23/2014 01:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WifiSvc.exe2.0.1.24c3544feWifiSvc.exe2.0.1.24c3544fec000000500008a0b274801cf8f0f6d310c28C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exeC:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exedc60ec25-fb14-11e3-8006-902b34a2f8f0


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 16260.31 MB
Available physical RAM: 11974.92 MB
Total Pagefile: 16260.31 MB
Available Pagefile: 11848.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:53.28 GB) (Free:0.35 GB) NTFS
Drive d: (Data) (Fixed) (Total:2794.52 GB) (Free:2792.87 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

[TwinHeadedEagle]

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Ask Toolbar Updater
- BrowserSafeguard with RocketTab
- jZip
- Webexp Enhanced

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

 

[Alex Yee]

1)
I went into the control panel and

-Ask Toolbar Updater could not be deleted because I don't have the administrative authority, which I don't understand because I know the administrative password

- BrowserSafeguard with RocketTab
- jZip
- Webexp Enhanced

When I tried to uninstall the three programs above it said error the file may have already been uninstalled would you like to remove it from this list.


2)
I downloaded the attached fixlist file, however I don;t understand what you mean when you say download on the same location as FRST, therefore I cannot "Fix" it

3)
I used adwcleaner and no malware appeared. No report opened up when my computer was restarted either, so this report is from my second scan, before I "cleaned" the files even though no files appeared.

# AdwCleaner v3.213 - Report created 23/06/2014 at 15:05:35
# Updated 23/06/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Sharon - KITCHENPC
# Running from : C:\Users\Alex\Desktop\adwcleaner_3.213.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [26226 octets] - [21/06/2014 01:45:50]
AdwCleaner[R1].txt - [1158 octets] - [22/06/2014 18:38:49]
AdwCleaner[R2].txt - [1161 octets] - [22/06/2014 18:48:18]
AdwCleaner[R3].txt - [1281 octets] - [22/06/2014 19:21:21]
AdwCleaner[R4].txt - [1404 octets] - [23/06/2014 14:54:02]
AdwCleaner[R5].txt - [1518 octets] - [23/06/2014 14:58:54]
AdwCleaner[R6].txt - [1143 octets] - [23/06/2014 15:05:35]
AdwCleaner[S0].txt - [25343 octets] - [21/06/2014 01:46:38]
AdwCleaner[S1].txt - [1234 octets] - [22/06/2014 18:41:50]
AdwCleaner[S2].txt - [1223 octets] - [22/06/2014 18:49:00]
AdwCleaner[S3].txt - [1343 octets] - [22/06/2014 19:22:15]
AdwCleaner[S4].txt - [1465 octets] - [23/06/2014 14:54:44]
AdwCleaner[S5].txt - [1579 octets] - [23/06/2014 14:59:37]

########## EOF - \AdwCleaner\AdwCleaner[R6].txt - [1564 octets] ##########

 

[TwinHeadedEagle]

Just download Fixlist where your FRST is located. Simple. About Control Panel entries, delete them when message appears...

 

[Alex Yee]

Okay I think I got it, please tell me if I did it incorrectly and need to redo it. Here is the fixed report:

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {55b95864-3251-45e9-bb30-1a82589aaff1} - No File
URLSearchHook: HKLM-x32 - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} - No File
URLSearchHook: HKLM-x32 - (No Name) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=A...e={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=...98cf57219b7&lang=en&ds=AVG&pr=sa&d=2013-08-26 07:29:52&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ie...D102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
Toolbar: HKCU - No Name - {55B95864-3251-45E9-BB30-1A82589AAFF1} - No File
Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File
Toolbar: HKCU - No Name - {7F3F960E-A836-45CA-8911-0ACCB522246E} - No File
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {465FCFBB-47A4-4866-A5D5-D12F9A77DA00} - No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [kfehigaaopcnlfigcppmopdoncbnnmkl] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha979\ch\WebexpEnhancedV1alpha979.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-05-15]
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 NvStUSB; \SystemRoot\System32\drivers\nvstusb.sys [X]
C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat
C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (1).exe
C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (2).exe
C:\Users\Sharon\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sharon\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe
cmd: ipconfig /flushdns

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

"HKLM\Software\\Microsoft\Internet Explorer\Main"

Listing permissions failed. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main"

Listing permissions failed. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{55b95864-3251-45e9-bb30-1a82589aaff1} => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7f3f960e-a836-45ca-8911-0accb522246e} => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Error setting value.

"HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command"

Listing permissions failed. Access Denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found.
'HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55B95864-3251-45E9-BB30-1A82589AAFF1} => value deleted successfully.
'HKCR\CLSID\{55B95864-3251-45E9-BB30-1A82589AAFF1}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} => value deleted successfully.
'HKCR\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F3F960E-A836-45CA-8911-0ACCB522246E} => value deleted successfully.
'HKCR\CLSID\{7F3F960E-A836-45CA-8911-0ACCB522246E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => value deleted successfully.
'HKCR\CLSID\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
'HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
'HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00} => value deleted successfully.
'HKCR\CLSID\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfehigaaopcnlfigcppmopdoncbnnmkl' => Error deleting key. The key could be protected.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha979\ch\WebexpEnhancedV1alpha979.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl' => Error deleting key. The key could be protected.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
netr28x => Error deleting Service
NVHDA => Error deleting Service
nvlddmkm => Error deleting Service
NvStUSB => Error deleting Service
C:\Users\Alex\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Alex\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Alex\random.dat => Moved successfully.
Could not move "C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (1).exe" => Scheduled to move on reboot.
Could not move "C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (2).exe" => Scheduled to move on reboot.
Could not move "C:\Users\Sharon\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Sharon\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe" => Scheduled to move on reboot.
"C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-23 15:24:48)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (1).exe" => File could not move.
"C:\Users\Sharon\AppData\Local\Temp\ICReinstall_FileOpenerSetup (2).exe" => File could not move.
"C:\Users\Sharon\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File could not move.
"C:\Users\Sharon\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe" => File could not move.

==== End of Fixlog ====

 

[TwinHeadedEagle]

How is computer now?

 

[Alex Yee]

I don't believe it's fixed, whenever I run Malwarebytes the same files still appear as threatening, I attached it below, sorry if it's unreadable I had to shrink the file to fit it in my post. In addition whenever I attempt to open Google Chrome it says my preferences cannot be read, and directs be to a new tab instead of my homepage, I cannot change this either. I don't really care that my homepage isn't opening whenever I open chrome, but does that mean the virus still exists? I don't believe the virus has hacked anything else since I downloaded it. So is Malwarebytes simply glitching and picking up a virus that doesn't exist? Or will I have to try different virus scanners? If nothing works I can completely clean out all files on my computer and redownload windows, but I want to use that as a last resort. Thanks.

 

[Alex Yee]

I just tried to open the attached file and it's basically unreadable, I can't copy and paste the report, but it basically says there are registry key, registry value, and registry data viruses on my computer. Can you please tell me what this means?

 

[TwinHeadedEagle]

Did you quarantine all files Malwarebytes detected?

 

[Alex Yee]

Yes and after I quarantine it I restart my computer. After it restarts I always run a second virus scan, and every time I run the second scan, all the viruses that I "quarantined" show up still in my computer.

 

[TwinHeadedEagle]

Can I see the report?

 

[Alex Yee]

The report is in the most recent attachment above, it's a picture and it's of poor quality because I had to reduce the size or else it wouldn't let me post. Is there any way to copy and paste the report that you know of?

 

[TwinHeadedEagle]

Open Malwarebytes and go to history. Then find the report, open it and copy here...

 

[Alex Yee]

The malware bytes I have is not a text document so I don't know how to copy it? That's why I posted the picture.

 

[TwinHeadedEagle]

Find Scan Log, double click it, then export to .txt document. Attach report here...

 

[Alex Yee]

Oh I got it thanks.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2014
Scan Time: 3:07:02 PM
Logfile: Malwarebytes Report.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.06.23.12
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300106
Time Elapsed: 3 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.MixiDJ.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{55b95864-3251-45e9-bb30-1a82589aaff1}, Delete-on-Reboot, [0ddbbfbc73080333240e4cfb778b07f9],
PUP.Optional.VafMusic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7f3f960e-a836-45ca-8911-0accb522246e}, Delete-on-Reboot, [9d4bb3c8a2d994a22f04a89fcf330ff1],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mmifolfpllfdhilecpdpmemhelmanajl, Delete-on-Reboot, [d315bcbf95e644f28fbb3b73cb37de22],

Registry Values: 9
PUP.Optional.MixiDJ.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{55B95864-3251-45E9-BB30-1A82589AAFF1}, Delete-on-Reboot, [0ddbbfbc73080333240e4cfb778b07f9],
PUP.Optional.VafMusic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7F3F960E-A836-45CA-8911-0ACCB522246E}, Delete-on-Reboot, [9d4bb3c8a2d994a22f04a89fcf330ff1],
PUP.Optional.MixiDJ.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{55b95864-3251-45e9-bb30-1a82589aaff1}, Quarantined, [0cdcc4b7dd9e152158da65e25ca6e020],
PUP.Optional.VafMusic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7f3f960e-a836-45ca-8911-0accb522246e}, Quarantined, [ab3dc9b2413a3ef88aa92621fe04bb45],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [3fa94e2d91eaa98de3572822bc4629d7],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, C:\Program Files\Updater By SweetPacks\Firefox, Delete-on-Reboot, [3fa94e2d91eaa98de3572822bc4629d7]
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, C:\Program Files\Updater By SweetPacks\Firefox, Delete-on-Reboot, [3fa94e2d91eaa98de3572822bc4629d7]
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [6a7ec4b7d8a3ee4885b5c783e220ec14],
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha979.net, C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha979\ff, Delete-on-Reboot, [f7f1dc9f3e3dc86ee8afbf0989794ab6]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Delete-on-Reboot,[8a5e33484c2f60d641bdf68d4db74db3]

Folders: 0
(No malicious items detected)

Files: 14
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd64E4.exe, Delete-on-Reboot, [17d1c6b5d8a3a3932ea4d954f110e818],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd64E5.exe, Delete-on-Reboot, [c32585f679021b1b8b47ad802cd5d729],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd64F3.exe, Delete-on-Reboot, [36b25a211269033302d05fce06fb3ec2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdD7B5.exe, Delete-on-Reboot, [65830d6e7ffc56e0537f7cb1bf42966a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nse73AA.exe, Delete-on-Reboot, [4e9aa9d2f487d264c9097ab349b84ab6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf4361.exe, Delete-on-Reboot, [5f891f5cc1ba86b0e7eb5ad33fc257a9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk4380.exe, Delete-on-Reboot, [9d4b0a712457e1558b47a38ac43d37c9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk5ED3.exe, Delete-on-Reboot, [40a8ec8f78033105ebe724098879c43c],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsk8F4F.exe, Delete-on-Reboot, [8d5be09b92e91c1a5f6555cd8d746997],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp4303.exe, Delete-on-Reboot, [1eca2f4ca7d4280ed9f942eba958eb15],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss64F3.exe, Delete-on-Reboot, [53954d2e2556082e01d160cdde2314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu4370.exe, Delete-on-Reboot, [aa3e94e75d1e092ddcf6a4897190a65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv4511.exe, Delete-on-Reboot, [32b6daa1e497d75f884ad85530d129d7],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsy8C05.exe, Delete-on-Reboot, [27c15e1d265547ef8949f03d34cd639d],

Physical Sectors: 0
(No malicious items detected)

 

[TwinHeadedEagle]

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Alex Yee]

This is what I found, although I'm not sure if it's the log you wanted. Also I don't know if this is important or not, but my computer did not reboot after I ran the scan.


Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Sharon on Wed 06/25/2014 at 22:46:38.77.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alex\Downloads\zoek\zoek.scr [Scan all users] [Script inserted]

===== Runcheck 22:47:49.45 =====

--- Create Environment Variables 22:47:51.31
--- Create System Restore Point 22:48:01.43
--- Checking Input 22:48:03.16
--- AU AppData Check 22:48:06.89
--- Remove From Windows Installer 22:48:10.89