Ran MWB, No Internet Connection

[BenNeedsHelp]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by owner (administrator) on USER (24-11-2015 19:09:36)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33486513-085e-11e5-be77-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33487445-085e-11e5-be77-6036dd96df6a} - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {47e853b3-e967-11e4-be9b-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9306f413-1a71-11e5-be7c-6036dd96df6a} - "E:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9847de0c-2af1-11e5-be7f-6036dd96df6a} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A86A4DAE-D5FB-4CDC-BE7E-5533FF37E6DB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: League of Legends Match History Fix - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\leaguematchfix@distilledchaos.addons.mozilla.org.xpi [2015-05-28]
FF Extension: Who Deleted Me - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\whodeletedme@deleted.io.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U0 msahci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:09 - 2015-11-24 19:09 - 00017703 _____ C:\Users\owner\Desktop\FRST.txt
2015-11-24 19:08 - 2015-11-24 19:08 - 02348544 _____ (Farbar) C:\Users\owner\Downloads\FRST64(1).exe
2015-11-24 18:44 - 2015-11-24 18:46 - 00027118 _____ C:\Users\owner\Downloads\Addition.txt
2015-11-24 18:43 - 2015-11-24 19:09 - 00000000 ____D C:\FRST
2015-11-24 18:43 - 2015-11-24 18:46 - 00024058 _____ C:\Users\owner\Downloads\FRST.txt
2015-11-24 18:43 - 2015-11-24 18:43 - 02348544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-11-24 18:37 - 2015-11-24 18:39 - 00000000 ____D C:\AdwCleaner
2015-11-24 18:37 - 2015-11-24 18:37 - 01733632 _____ C:\Users\owner\Downloads\AdwCleaner.exe
2015-11-24 18:16 - 2015-11-24 18:18 - 00002186 _____ C:\Users\owner\Desktop\Rkill.txt
2015-11-24 18:15 - 2015-11-24 18:15 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe
2015-11-21 14:13 - 2015-11-21 14:14 - 00286640 _____ C:\WINDOWS\Minidump\112115-26328-01.dmp
2015-11-21 14:10 - 2015-11-21 14:16 - 00000000 ____H C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 00000107 _____ C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2015-11-12 14:50 - 2015-11-12 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 12:51 - 2015-11-16 14:09 - 00018725 _____ C:\Users\owner\Desktop\Union cover letter.odt
2015-11-03 15:08 - 2015-11-09 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-28 08:11 - 2015-10-28 08:11 - 00290536 _____ C:\WINDOWS\Minidump\102815-52937-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 18:51 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-24 18:46 - 2015-07-10 10:36 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-24 18:46 - 2012-07-26 02:28 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 18:42 - 2015-05-19 22:09 - 00000450 _____ C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-24 18:42 - 2012-12-28 12:00 - 01394100 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 18:40 - 2015-07-10 10:36 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-24 18:40 - 2012-07-26 02:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 18:39 - 2012-07-26 00:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 18:25 - 2012-08-01 20:20 - 00022366 _____ C:\WINDOWS\PFRO.log
2015-11-24 18:12 - 2015-07-10 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 18:12 - 2015-05-20 00:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 07:49 - 2015-05-19 22:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2015-11-24 01:17 - 2013-09-09 09:58 - 00000000 ____D C:\Users\owner\Desktop\LOL
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\Users\owner\ntuser.pol
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-24 01:13 - 2015-05-19 22:02 - 00000000 ____D C:\Users\owner
2015-11-24 01:13 - 2012-07-26 03:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-11-24 00:53 - 2015-05-19 22:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-23 23:13 - 2015-05-19 22:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2015-11-23 22:16 - 2015-05-19 22:40 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2015-11-22 21:59 - 2015-07-10 10:39 - 00000000 ___RD C:\Users\owner\Dropbox
2015-11-22 21:58 - 2015-07-10 10:36 - 00000000 ____D C:\Users\owner\AppData\Local\Dropbox
2015-11-21 14:19 - 2012-07-26 02:21 - 00044393 _____ C:\WINDOWS\setupact.log
2015-11-21 14:13 - 2015-05-19 21:56 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-21 14:13 - 2015-05-19 21:55 - 612238929 _____ C:\WINDOWS\MEMORY.DMP
2015-11-19 19:40 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-11-16 20:24 - 2015-05-19 22:16 - 00000000 ____D C:\ProgramData\Skype
2015-11-12 14:50 - 2015-07-10 10:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 12:12 - 2015-05-20 00:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-09 09:12 - 2015-05-19 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-05-19 22:09 - 2015-11-24 18:42 - 0000450 _____ () C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-21 14:10 - 2015-11-21 14:16 - 0000000 ____H () C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 0000107 _____ () C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2012-08-22 00:06 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-22 00:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqkb7n.dll
C:\Users\owner\AppData\Local\Temp\setup.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll
C:\Users\owner\AppData\Local\Temp\tmp8FB4.exe
C:\Users\owner\AppData\Local\Temp\tmpA749.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-15 06:19

==================== End of FRST.txt ============================

 

[BenNeedsHelp]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by owner (2015-11-24 19:09:55)
Running from C:\Users\owner\Desktop
Windows 8 (X64) (2015-05-20 03:04:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4053647124-3796825272-3454316862-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4053647124-3796825272-3454316862-501 - Limited - Disabled)
owner (S-1-5-21-4053647124-3796825272-3454316862-1001 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0006 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Batman Arkham Asylum - Game of the Year Edition (HKLM-x32\...\Batman Arkham Asylum - Game of the Year Edition_is1) (Version: - )
Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0236 - Motorola Solutions, Inc)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6760 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.6.2742.1 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-11-2015 13:08:35 Scheduled Checkpoint
13-11-2015 11:51:00 Scheduled Checkpoint
23-11-2015 18:22:33 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26BF8079-047C-4054-8696-1ACD18FD6D8E} - System32\Tasks\{C75438B8-DAEF-435A-AAF7-111CFBF3037B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {2BA2221C-3501-4976-94E6-58362CCC9925} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {2E95013E-1F22-4324-BCAB-24EE7D2E8F24} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {404C4D0C-CFBB-41C4-B727-F2F8A71DD17F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-10] (Dropbox, Inc.)
Task: {406A1E94-1944-4DF3-9CF3-F5B960827104} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-10] (Dropbox, Inc.)
Task: {537806BD-A5FA-409D-9C78-101512871370} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {552BA50C-4FD7-4D86-8816-78597B9C1876} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {55E4CA9E-8125-494A-9358-40F2C257E207} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {8E8D4B09-63FB-41D3-BA60-C54CB7523BCA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {991678EA-4031-4CFE-803E-F95AEEBE9281} - System32\Tasks\YBSNKXI => C:\ProgramData\6b818a33a2964c51a9c56ff33ef8d8c7\6b818a33a2964c51a9c56ff33ef8d8c7.exe <==== ATTENTION
Task: {A6AD429C-F3A9-464E-B79B-F924E9C95D55} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CE96EE03-7A4A-4955-B249-6D5096739190} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-10-17] (ASUS)
Task: {D5846A61-4F8D-4C03-BB3B-CA9A97D07A6B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {EB8632DF-8257-4048-90E5-4589D0F4ECBB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 10:50 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-10-28 08:30 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-17 12:51 - 2012-10-17 12:51 - 00168664 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-11-13 03:30 - 2012-10-14 23:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-10-17 12:51 - 2012-10-17 12:51 - 00011776 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-12-28 11:45 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\Pictures\Protest\durrutifaiwallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EA4FF0B3-8537-4EBF-9D03-A25C9F89A4C0}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A8D22C49-A55D-4170-9E83-8A1FDD2D0A74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{49B970C5-5095-41D0-A9A1-5C8AD8FF0D47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0213E8B1-EC43-4D15-80C2-68389453A0A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6703A77F-EDD0-49F8-8948-0ACC40FDC5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A2A5413E-683C-4BEC-9652-D91B9AFECB16}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C19A86A6-9D9B-4957-88A6-7B348DD3221E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{2DFC80DC-7CA4-4C24-A7B1-A5A181A0B925}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{85CBA462-D9E4-4977-BF08-8FC82F02AAC9}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B5CA1395-3768-4172-82F2-17BD5718280A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{87D572C1-9F18-4C7D-99FC-FCD709AF096A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9F9F5FFB-4D7E-40F6-BC8D-5C83984CF2E1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8D2886F6-4005-44C9-B32C-FCD4EF6235FA}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{47857BA7-107E-4C27-A80E-32C9D7D07D00}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{EA044A73-679F-4A8F-A8C2-0B356933FC43}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{66810C25-19C6-48A2-B2B6-22A8277A1C3B}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01F3C9E4-02E8-4A41-965E-17877B247B85}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D0B1E449-5069-4A9E-A522-C4A57588A2DC}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{E5C10345-10BB-405B-A76E-7BF0ABA77015}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [{13038F5B-16C7-4B63-86EF-F83935358F33}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F785BCB7-1DDC-4C98-B30D-0126BC9757E2}] => (Allow) C:\Users\owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{AB0F478A-8DCA-4DE8-8C6A-A069BAF65BBA}] => (Allow) C:\Users\owner\Desktop\Games\BatmanArkhamCity\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{C57AE126-E45C-412D-9ECB-F7C9298C23A0}C:\users\owner\desktop\games\batmanarkhamcity\binaries\win32\batmanac_o.exe] => (Allow) C:\users\owner\desktop\games\batmanarkhamcity\binaries\win32\batmanac_o.exe
FirewallRules: [UDP Query User{F65286C6-AE46-44AA-9D0E-DC3B6DCE369D}C:\users\owner\desktop\games\batmanarkhamcity\binaries\win32\batmanac_o.exe] => (Allow) C:\users\owner\desktop\games\batmanarkhamcity\binaries\win32\batmanac_o.exe
FirewallRules: [{96CE8779-A30F-451D-B162-7BCDBE2BA07B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91BB544A-A87F-4222-A8BB-3F8D5C75992E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4A1FCC3-A441-4927-A906-3B81DC904353}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2015 06:46:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/24/2015 06:46:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/24/2015 06:31:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/24/2015 06:31:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/24/2015 06:19:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (11/24/2015 07:59:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/24/2015 07:59:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/24/2015 01:20:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/24/2015 01:20:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/23/2015 05:18:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (11/24/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (11/24/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/24/2015 06:39:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (11/24/2015 06:39:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (11/24/2015 06:39:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (11/24/2015 06:39:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2015 06:39:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/24/2015 06:39:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/24/2015 06:39:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2015 06:39:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 6033.77 MB
Available physical RAM: 4042.12 MB
Total Virtual: 12177.77 MB
Available Virtual: 10125.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:676.99 GB) (Free:286.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (BACGOTY) (CDROM) (Total:18.16 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A3362226)

Partition: GPT.

==================== End of Addition.txt ============================

 

[BenNeedsHelp]

# AdwCleaner v5.022 - Logfile created 24/11/2015 at 19:13:51
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Local]
# Operating system : Windows 8 (x64)
# Username : owner - USER
# Running from : C:\Users\owner\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [644 bytes] ##########

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



Can you describe your problem better and how it came to this?

 

[BenNeedsHelp]

Hello, Mr. Eagle. I noticed that I was having internet problems while playing a MOBA, so I ran my Malwarebytes and it found something like 56 suspicious programs. I deleted them, and now I'm receiving the message "the remote device won't accept the connection" error when I troubleshoot my internet. I was able to use my web browser (Firefox) by making it not access any proxy, but the rest of my computer is still having trouble accessing the internet. I rolled back my computer to about 20 days ago, and reran Malwarebytes, and it got the same amount of programs to delete and I'm back to square one. I'm not sure if that would change my FRST file, but I tried everything I possibly could.

 

[TwinHeadedEagle]

Please re-run

Malwarebytes' Anti-Malware.

• Click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[BenNeedsHelp]

Here you are, Mr. Eagle. All clean. For some reason, this site is not allowing me to upload the file (it is giving me an error), so this is really the best I can do:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2015
Scan Time: 11:46:52 AM
Logfile: Scanfor2HEagle_11_25_15.txt
Administrator: Yes

Version: 2.02.0.1024
Malware Database: v2015.11.25.04
Rootkit Database: v2015.11.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378932
Time Elapsed: 15 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[TwinHeadedEagle]

Do you have the report that actually shows what has been deleted?

 

[BenNeedsHelp]

Here should be everything that came out in the wash last night.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/24/2015
Scan Time: 11:42:41 PM
Logfile: WhatWasDeletedLastNight.txt
Administrator: Yes

Version: 2.02.0.1024
Malware Database: v2015.11.24.07
Rootkit Database: v2015.11.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378699
Time Elapsed: 44 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Injector, C:\Windows\wnavga.exe, 2984, Delete-on-Reboot, [c0174e334d3e7db98109315423e18e72]

Modules: 0
(No malicious items detected)

Registry Keys: 34
Trojan.Injector, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinGraph, Quarantined, [c0174e334d3e7db98109315423e18e72],
PUP.Optional.TaskRNDM, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [9146552c4645cc6ab46147ffad55a25e],
PUP.Optional.TaskRNDM, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [9146552c4645cc6ab46147ffad55a25e],
PUP.Optional.Dealz, HKLM\SOFTWARE\WOW6432NODE\DEALZ, Quarantined, [a136ef92b0db8fa7e892fabbed16f30d],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bghejdcdajlenjngcknlkkoakmmjfanb, Quarantined, [d50259280d7ee353a001a0441fe4fb05],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eeafbffkmccheohnooflcnppngmobeoe, Quarantined, [6d6a354c305b2115c4de1dc70ef5a45c],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ellbonkjdmgdghkojcjmomekmjpdffde, Quarantined, [24b3522f32598babb0f343a124df6997],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fllgpcmelbfhcligbphaaplminjpbiad, Quarantined, [10c7d7aa503b81b500a43ca8f01351af],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hpjocjloojeicikiokfiekcdpojgfefc, Quarantined, [9d3af78aa4e735014b5a3ca8c63d17e9],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jmnkgjdfgnjhmnopgmkcpigenfhgajdj, Quarantined, [06d1027f0487f93d357111d308fb7888],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kfbhfniohjdklgcmbmemnpaimpdaikea, Quarantined, [a631265b86056bcbccdb786c966dae52],
PUP.Optional.Dealz, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\manaobgbdfpjjjnheogfghmjbikhjnlf, Quarantined, [a82f344d0e7d7db941185b5a897ae818],
PUP.Optional.ChromePatcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oaobejgaaiojgggjojlcpbembaoajbmc, Quarantined, [c41384fd24677db9cbde2aba3bc846ba],
PUP.Optional.Dealz, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Dealz1.0.1.7, Quarantined, [b720eb96f59645f18cef5164768d58a8],
PUP.Optional.Dealz, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\DEALZ, Quarantined, [41963b46deadf83e8eeaf2c3ab58ad53],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bghejdcdajlenjngcknlkkoakmmjfanb, Quarantined, [0ec9b3cee5a614222b6d8e56b152a060],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\eeafbffkmccheohnooflcnppngmobeoe, Quarantined, [a4335f221c6f989e009991534db6d62a],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ellbonkjdmgdghkojcjmomekmjpdffde, Quarantined, [ffd8f78aeaa182b4b0eab82c39caa060],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fllgpcmelbfhcligbphaaplminjpbiad, Quarantined, [7562abd6474457df1586cb1906fde11f],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hpjocjloojeicikiokfiekcdpojgfefc, Quarantined, [01d6fd84127902341f7d0bd99b68e31d],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jmnkgjdfgnjhmnopgmkcpigenfhgajdj, Quarantined, [578091f0107b1b1bcfce8a5a53b0bb45],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kfbhfniohjdklgcmbmemnpaimpdaikea, Quarantined, [587f6120bad1a492fca28b59649fd12f],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\manaobgbdfpjjjnheogfghmjbikhjnlf, Quarantined, [8651443d4645a591b0ef786c6f94b848],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oaobejgaaiojgggjojlcpbembaoajbmc, Quarantined, [c80f255c64272610148c558fad569d63],
PUP.Optional.Dealz, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Dealz1.0.1.7, Quarantined, [aa2dfb86513a71c5b3c643727c87cd33],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bghejdcdajlenjngcknlkkoakmmjfanb, Quarantined, [09cee0a1d6b562d4bade1ec6f40f28d8],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eeafbffkmccheohnooflcnppngmobeoe, Quarantined, [f7e0c0c17b10270fbddc994b0af92bd5],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ellbonkjdmgdghkojcjmomekmjpdffde, Quarantined, [e4f3136ec2c97eb8eeac7b6948bbae52],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fllgpcmelbfhcligbphaaplminjpbiad, Quarantined, [eee94041e5a61422f7a4865e976cae52],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hpjocjloojeicikiokfiekcdpojgfefc, Quarantined, [c215651c642767cfd5c771735ca7c838],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jmnkgjdfgnjhmnopgmkcpigenfhgajdj, Quarantined, [24b3c5bcf29938fec6d713d1ea19fe02],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kfbhfniohjdklgcmbmemnpaimpdaikea, Quarantined, [cc0b621ff6955ed8811dcc1802010bf5],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\manaobgbdfpjjjnheogfghmjbikhjnlf, Quarantined, [02d56d14dbb068ce66396c78c53eec14],
PUP.Optional.ChromePatcher.ChrPRST, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oaobejgaaiojgggjojlcpbembaoajbmc, Quarantined, [72658cf596f588ae0f915b8922e1c23e],

Registry Values: 2
PUP.Optional.Dealz, HKLM\SOFTWARE\WOW6432NODE\DEALZ|Partner, Quarantined, [a136ef92b0db8fa7e892fabbed16f30d],
PUP.Optional.Dealz, HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\SOFTWARE\DEALZ|Partner, Quarantined, [41963b46deadf83e8eeaf2c3ab58ad53],

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],

Files: 13
Trojan.Injector, C:\Windows\wnavga.exe, Delete-on-Reboot, [c0174e334d3e7db98109315423e18e72],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\cygavb.exe, Quarantined, [9d3aed94c4c7c6702a25ebfebe457b85],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\initcvtr.bat, Quarantined, [fadd225fb4d7de5898b8e9008b7812ee],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\URL Killfile.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\AllowCookies.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\Bypass List.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\Keyword list.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\Kill Images.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\MIME Fix List.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\Lists\URL Alias List.txt, Quarantined, [0fc80e73503b8fa773de4c9d24df48b8],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\mstdcvtr.bat, Quarantined, [894e9ee3404b73c3450d81680af9f709],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\plofgye, Quarantined, [dff8afd28a0168ce4e050fda7b8805fb],
PUP.Optional.ProxyHijacker.PrxySvrRST, C:\Windows\soxe, Quarantined, [ca0db4cdb5d6999d2133608954aff907],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[TwinHeadedEagle]

Okay, now I need fresh FRST reports:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[BenNeedsHelp]

Do you think I'm going to have to run Combofix?

 

[TwinHeadedEagle]

Please do not paste reports, upload them instead.

 

[BenNeedsHelp]

Sir, I apologize, but I'm getting errors whenever I try to upload the files. I made mention of it when I pasted the clean scan file, but it probably got lost in the wall of text.

 

[TwinHeadedEagle]

You can upload them here:

www.zippyshare.com