Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014 Ran by eliott at 2014-07-20 17:26:17 Run:1 Running from C:\Users\eliott\Desktop Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** start Hosts: Task: {1CF0199B-DBC1-4A54-AD0C-F1ECA46CCDF8} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools) Task: {BCB1B0BE-72D3-47A3-B9FC-4D647C52E4B6} - System32\Tasks\peerblock => C:\Program Files\PeerBlock\peerblock.exe [2014-01-14] (PeerBlock, LLC) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 AlternateDataStreams: C:\Users\eliott\Downloads\No Subject.eml:OECustomProperty C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2305288 2014-06-25] (FSPro Labs) HKU\S-1-5-21-3694308926-3650113944-2100594866-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC) HKU\S-1-5-21-3694308926-3650113944-2100594866-1000\...\Policies\Explorer: [NoInstrumentation] 1 ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztByBzyzztD0DtB0A0DtAyBtN0D0Tzu0SzytBtCtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0BtAtC0EyE0CtAtGtDzztCyEtGtA0DzzyBtG0E0Fzz0EtGtB0CyCtDtDyDzyzy0BtAtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByB0CyDtCzy0BtGtByC0CtAtGtBtB0EzytGzztCzz0EtGyByByD0CtB0AtBzy0FyB0BtA2Q&cr=497636678&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztByBzyzztD0DtB0A0DtAyBtN0D0Tzu0SzytBtCtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0BtAtC0EyE0CtAtGtDzztCyEtGtA0DzzyBtG0E0Fzz0EtGtB0CyCtDtDyDzyzy0BtAtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByB0CyDtCzy0BtGtByC0CtAtGtBtB0EzytGzztCzz0EtGyByByD0CtB0AtBzy0FyB0BtA2Q&cr=497636678&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\eliott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools) 2014-07-18 20:28 - 2014-07-18 20:28 - 00000000 _____ () C:\Users\eliott\AppData\Local\{C1C6E337-B6A7-4340-B28B-4A44AB84872E} 2014-07-17 19:38 - 2014-07-17 19:38 - 00000000 _____ () C:\Users\eliott\AppData\Local\{E8C06C34-0803-41A2-AA9E-F7893893FC0F} 2014-07-17 13:34 - 2014-07-17 13:34 - 00000000 ____D () C:\Users\eliott\AppData\Roaming\Wireshark 2014-07-17 00:46 - 2014-07-17 00:48 - 1073741824 _____ () C:\Users\eliott\verycrypt container 2014-07-17 00:10 - 2014-07-17 00:10 - 00000064 _____ () C:\Users\eliott\keyfiletest 2014-07-16 22:06 - 2014-07-16 22:06 - 00165376 _____ (Unamedia) C:\Users\eliott\Downloads\Computrace Lojack Checker_1.2.exe 2014-07-16 21:40 - 2014-07-16 21:41 - 00000000 ____D () C:\Program Files\Wireshark 2014-07-16 21:40 - 2014-07-16 21:40 - 00001545 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2014-07-16 20:46 - 2014-07-17 14:13 - 00000000 ____D () C:\Users\eliott\AppData\Roaming\VeraCrypt 2014-07-16 20:42 - 2014-07-16 20:52 - 28013520 _____ (Wireshark development team) C:\Users\eliott\Downloads\Wireshark-win64-1.10.8.exe 2014-07-16 20:38 - 2014-07-16 20:38 - 00000847 _____ () C:\Users\Public\Desktop\VeraCrypt.lnk 2014-07-16 20:38 - 2014-07-16 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt 2014-07-16 20:37 - 2014-07-16 20:37 - 00231768 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys 2014-07-16 20:36 - 2014-07-16 20:37 - 00000000 ____D () C:\Program Files\VeraCrypt 2014-07-16 20:34 - 2014-07-16 20:35 - 03435080 _____ (IDRIX) C:\Users\eliott\Downloads\VeraCrypt Setup 1.0d.exe 2014-07-16 18:08 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-07-16 18:08 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-07-11 14:49 - 2014-07-11 14:49 - 00000000 ____D () C:\Users\eliott\AppData\Roaming\FreeHideIP 2014-07-11 14:49 - 2014-07-11 14:49 - 00000000 ____D () C:\ProgramData\FreeHideIP 2014-07-11 12:40 - 2014-07-13 14:11 - 00000000 ____D () C:\Users\eliott\AppData\Roaming\tor 2014-07-11 12:31 - 2014-07-11 12:42 - 00003734 _____ () C:\Windows\System32\Tasks\peerblock 2014-07-09 23:40 - 2014-07-09 23:40 - 00000000 ____D () C:\Users\eliott\Desktop\cle eliott 2014-07-08 01:45 - 2014-07-08 01:47 - 00000000 ____D () C:\Users\eliott\.idlerc 2014-07-03 11:30 - 2014-07-03 11:30 - 00001677 _____ () C:\Users\eliott\Desktop\My Lockbox.lnk 2014-07-03 11:30 - 2014-07-03 11:30 - 00000815 _____ () C:\Users\eliott\Desktop\My Lockbox Control Panel.lnk 2014-07-03 11:30 - 2014-07-03 11:30 - 00000000 ____D () C:\Users\eliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox C:\Users\eliott\AppData\Local\Temp\proxy_vole7179914300677996037.dll C:\Users\eliott\AppData\Local\Temp\Quarantine.exe end ***************** C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CF0199B-DBC1-4A54-AD0C-F1ECA46CCDF8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF0199B-DBC1-4A54-AD0C-F1ECA46CCDF8}' => Key deleted successfully. C:\Windows\System32\Tasks\RMAutoUpdate => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMAutoUpdate' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCB1B0BE-72D3-47A3-B9FC-4D647C52E4B6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCB1B0BE-72D3-47A3-B9FC-4D647C52E4B6}' => Key deleted successfully. C:\Windows\System32\Tasks\peerblock => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\peerblock' => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\RMAutoUpdate.job => Moved successfully. C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully. C:\Users\eliott\Downloads\No Subject.eml => ":OECustomProperty" ADS removed successfully. "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe" => File/Directory not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mylbx => Value not found. HKU\S-1-5-21-3694308926-3650113944-2100594866-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PeerBlock => Value not found. HKU\S-1-5-21-3694308926-3650113944-2100594866-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value deleted successfully. 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully. 'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found. 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully. 'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found. 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully. 'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found. 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully. 'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully. 'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0' => Key deleted successfully. C:\Users\eliott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => Moved successfully. PCToolsSSDMonitorSvc => Service not found. C:\Users\eliott\AppData\Local\{C1C6E337-B6A7-4340-B28B-4A44AB84872E} => Moved successfully. C:\Users\eliott\AppData\Local\{E8C06C34-0803-41A2-AA9E-F7893893FC0F} => Moved successfully. C:\Users\eliott\AppData\Roaming\Wireshark => Moved successfully. C:\Users\eliott\verycrypt container => Moved successfully. C:\Users\eliott\keyfiletest => Moved successfully. C:\Users\eliott\Downloads\Computrace Lojack Checker_1.2.exe => Moved successfully. C:\Program Files\Wireshark => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk => Moved successfully. "C:\Users\eliott\AppData\Roaming\VeraCrypt" => File/Directory not found. C:\Users\eliott\Downloads\Wireshark-win64-1.10.8.exe => Moved successfully. "C:\Users\Public\Desktop\VeraCrypt.lnk" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt" => File/Directory not found. C:\Windows\system32\Drivers\veracrypt.sys => Moved successfully. "C:\Program Files\VeraCrypt" => File/Directory not found. C:\Users\eliott\Downloads\VeraCrypt Setup 1.0d.exe => Moved successfully. C:\Windows\SysWOW64\locale.nls => Moved successfully. C:\Windows\system32\locale.nls => Moved successfully. C:\Users\eliott\AppData\Roaming\FreeHideIP => Moved successfully. C:\ProgramData\FreeHideIP => Moved successfully. C:\Users\eliott\AppData\Roaming\tor => Moved successfully. "C:\Windows\System32\Tasks\peerblock" => File/Directory not found. C:\Users\eliott\Desktop\cle eliott => Moved successfully. C:\Users\eliott\.idlerc => Moved successfully. "C:\Users\eliott\Desktop\My Lockbox.lnk" => File/Directory not found. "C:\Users\eliott\Desktop\My Lockbox Control Panel.lnk" => File/Directory not found. "C:\Users\eliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox" => File/Directory not found. C:\Users\eliott\AppData\Local\Temp\proxy_vole7179914300677996037.dll => Moved successfully. C:\Users\eliott\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ====