Jump to content

I am infected now what do I do? AVD, Native Search, FBD downloader


Recommended Posts

I have run the free version of malware bytes and followed several detailed instructions. nothing appearing on any lists that I can find and delete. Nor does any threat appear when I run the program or when I run eset. every time I open chrome all three avd, native search, and fbd open multiple tabs. here is the reports i ran. I hope I am posting correctly. new here. thank you so much!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tracy at 19:13:48 on 2014-01-07
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6000.4262 [GMT -8:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\dashost.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tracy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve

uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
uRun: [Akamai NetSession Interface] "C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [sSync] "C:\Users\Tracy\AppData\Roaming\SSync\SSync.exe"
uRun: [FVDSuite.exe] C:\Program Files (x86)\FVD Suite\FVDSuite.exe /S
uRun: [DataMgr] "C:\Users\Tracy\AppData\Roaming\DataMgr\DataMgr.exe"
uRun: [Google Update] "C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sCheck] "C:\Users\Tracy\AppData\Roaming\SCheck\SCheck.exe" check
uRun: [snoozer] "C:\Users\Tracy\AppData\Roaming\Snz\Snz.exe"
uRun: [intermediate] "C:\Users\Tracy\AppData\Roaming\Intermediate\Intermediate.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Tracy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 66.51.205.100 66.51.206.100 208.201.224.11
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB} : DHCPNameServer = 66.51.205.100 66.51.206.100 208.201.224.11
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\341626C65675966496 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\357494553514D235D43434 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\37D6D6573746F57657563747 : DHCPNameServer = 10.200.214.5 10.200.214.6
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\37D6D6573746F5775607 : DHCPNameServer = 10.200.214.6 10.200.214.5
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\44166796467237027596D2649602E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{B241F68D-CC7C-42B0-9D6D-4FA944F3B3DB}\D4970275966496 : DHCPNameServer = 68.238.64.12 68.238.96.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\windows\System32\Drivers\edevmon.sys [2013-9-17 239296]
R0 epfwwfp;epfwwfp;C:\windows\System32\Drivers\epfwwfp.sys [2013-9-17 62136]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-31 647736]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-11-12 39008]
R1 eamonm;eamonm;C:\windows\System32\Drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\System32\Drivers\EpfwLWF.sys [2013-9-17 44120]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-12 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-12 365376]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-9-10 318800]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-10-16 342528]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-12-26 25928]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-11-12 683664]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2012-11-12 8230160]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-2-1 23552]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2013-10-15 1390904]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2013-10-15 69088]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-11-12 315536]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-11-12 102376]
S4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
.
=============== Created Last 30 ================
.
2014-01-07 20:43:02    --------    d-----w-    C:\Users\Tracy\AppData\Local\VS Revo Group
2014-01-07 20:42:57    --------    d-----w-    C:\ProgramData\VS Revo Group
2013-12-31 21:18:05    --------    d-----w-    C:\Program Files\ESET
2013-12-29 04:07:38    236208    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
2013-12-26 22:11:10    --------    d-----w-    C:\Users\Tracy\AppData\Roaming\Malwarebytes
2013-12-26 22:11:05    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-26 22:11:04    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-12-26 22:11:04    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 20:00:32    --------    d-----w-    C:\Users\Tracy\AppData\Roaming\Snz
2013-12-18 19:55:21    --------    d-----w-    C:\Users\Tracy\AppData\Local\Citrix
2013-12-15 20:42:25    23350272    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 20:42:22    22615040    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 21:07:02    312320    ----a-w-    C:\windows\System32\msieftp.dll
2013-12-12 21:07:01    273408    ----a-w-    C:\windows\SysWow64\msieftp.dll
2013-12-12 21:06:59    420864    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-12-12 21:06:59    368640    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-12-12 20:41:38    62976    ----a-w-    C:\windows\System32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-12-04 00:53:54    78304    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54    694240    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-06 23:18:57    4036608    ----a-w-    C:\windows\System32\win32k.sys
2013-10-25 06:19:22    2241536    ----a-w-    C:\windows\System32\wininet.dll
2013-10-25 06:19:12    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57    3959808    ----a-w-    C:\windows\System32\jscript9.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-10-19 04:04:07    59392    ----a-w-    C:\windows\SysWow64\imagehlp.dll
2013-10-15 19:42:24    1390904    ----a-w-    C:\windows\System32\drivers\btmhsf.sys
2013-10-15 19:42:10    80184    ----a-w-    C:\windows\System32\btmwu.dll
2013-10-15 19:42:10    69088    ----a-w-    C:\windows\System32\drivers\iBtFltCoex.sys
2013-10-10 11:53:35    96600    ----a-w-    C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09    115712    ----a-w-    C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50    162304    ----a-w-    C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50    156160    ----a-w-    C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02    143872    ----a-w-    C:\windows\System32\wshom.ocx
2013-10-10 09:23:41    146944    ----a-w-    C:\windows\System32\cscript.exe
2013-10-10 09:22:46    222720    ----a-w-    C:\windows\System32\scrobj.dll
2013-10-10 09:22:46    194048    ----a-w-    C:\windows\System32\scrrun.dll
2013-10-10 09:21:20    1160192    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43    723968    ----a-w-    C:\windows\System32\BFE.DLL
2013-10-02 00:43:32    15641088    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 19:14:47.96 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 1/12/2013 5:24:49 PM
System Uptime: 1/7/2014 7:06:03 PM (0 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 651 GiB total, 583.08 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.23 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description:
Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3
Manufacturer: Intel Corporation
Name:
PNP Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3
Service: BTHUSB
.
==== System Restore Points ===================
.
RP53: 12/19/2013 6:43:23 PM - Windows Update
RP54: 12/23/2013 11:13:13 PM - Windows Update
RP55: 12/27/2013 1:13:36 AM - Windows Update
RP56: 12/30/2013 9:03:50 PM - Windows Update
RP57: 1/3/2014 4:09:15 PM - Windows Update
RP58: 1/7/2014 6:55:55 PM - Removed Citrix Online Launcher
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Akamai NetSession Interface
Amazon Browser App
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Cambridge English Pronouncing Dictionary - 17th Edition
ConvertHelper 2.2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Home Theater v4
Dropbox
Energy Management
EPSON Scan
EPSON WorkForce 645 Series Printer Uninstall
ESET Smart Security
ETDWare PS/2-X64 11.4.8.1_WHQL
Google Chrome
Google Talk Plugin
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® PRO/Wireless Driver
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Intelligent Touchpad
iTunes
LastPass (uninstall only)
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo PowerDVD10
Lenovo YouCam
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Onekey Theater
Power2Go
PressReader
QUICKfind
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.11
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
UserGuide
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 1:26:36 PM, Error: Service Control Manager [7000]  - The ESET Service service failed to start due to the following error:  The system cannot find the file specified.
12/31/2013 1:22:14 PM, Error: Service Control Manager [7030]  - The Eset install launcher (4299) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
12/31/2013 1:18:17 PM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/7/2014 7:07:47 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user curlygirly\Tracy SID (S-1-5-21-117334080-4287712844-1216391920-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
1/7/2014 7:07:34 PM, Error: Service Control Manager [7022]  - The ESET Service service hung on starting.
1/7/2014 12:58:41 PM, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
1/6/2014 11:43:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070002: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter.
1/6/2014 10:55:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter.
1/2/2014 9:51:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

  • Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

     

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review.
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted (if necessary):
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Kevin....

Link to post
Share on other sites

hello kevin - new to all this so am re replying. thanks for your patience and assistance, Tracy. Ran farber recover: reports attached below.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Tracy (administrator) on CURLYGIRLY on 08-01-2014 11:36:42
Running from C:\Users\Tracy\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
(Akamai Technologies, Inc.) C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\Tracy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Farbar) C:\Users\Tracy\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [191544 2012-11-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072 2013-03-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE [241280 2013-02-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\Run: [sSync] - C:\Users\Tracy\AppData\Roaming\SSync\SSync.exe [41984 2012-12-18] ()
HKCU\...\Run: [FVDSuite.exe] - C:\Program Files (x86)\FVD Suite\FVDSuite.exe /S
HKCU\...\Run: [DataMgr] - C:\Users\Tracy\AppData\Roaming\DataMgr\DataMgr.exe [168776 2013-01-26] (HTTO Group, Ltd.)
HKCU\...\Run: [Google Update] - C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-22] (Google Inc.)
HKCU\...\Run: [sCheck] - C:\Users\Tracy\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKCU\...\Run: [snoozer] - C:\Users\Tracy\AppData\Roaming\Snz\Snz.exe [1209628 2013-12-24] ()
HKCU\...\Run: [intermediate] - C:\Users\Tracy\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] ()
Startup: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {DD7A9002-3323-4652-A8CE-2794044E72C4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {DD7A9002-3323-4652-A8CE-2794044E72C4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {DD7A9002-3323-4652-A8CE-2794044E72C4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {DD7A9002-3323-4652-A8CE-2794044E72C4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DD7A9002-3323-4652-A8CE-2794044E72C4} URL =
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 66.51.205.100 66.51.206.100 208.201.224.11

FireFox:
========
FF ProfilePath: C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tracy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tracy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Google Search) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (LastPass) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0
CHR Extension: (Rapportive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0
CHR Extension: (RealDownloader) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Google Wallet) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\3.1_0
CHR Extension: (Your name) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.21.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.8_0
CHR Extension: (Gmail) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 11:36 - 2014-01-08 11:36 - 00021715 _____ C:\Users\Tracy\Downloads\FRST.txt
2014-01-08 11:36 - 2014-01-08 11:36 - 00000000 ____D C:\FRST
2014-01-08 11:35 - 2014-01-08 11:36 - 01931770 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64(1).exe
2014-01-08 11:34 - 2014-01-08 11:34 - 01931770 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64.exe
2014-01-07 19:14 - 2014-01-07 19:15 - 00021504 _____ C:\Users\Tracy\Desktop\dds.txt
2014-01-07 19:14 - 2014-01-07 19:14 - 00009298 _____ C:\Users\Tracy\Desktop\attach.txt
2014-01-07 19:13 - 2014-01-07 19:13 - 00688992 ____R (Swearware) C:\Users\Tracy\Downloads\dds.scr
2014-01-07 14:17 - 2014-01-07 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-07 12:43 - 2014-01-07 12:43 - 00000000 ____D C:\Users\Tracy\AppData\Local\VS Revo Group
2014-01-07 12:42 - 2014-01-07 12:42 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-07 12:41 - 2014-01-07 12:42 - 10619688 _____ (VS Revo Group                                               ) C:\Users\Tracy\Downloads\RevoUninProSetup (1).exe
2014-01-07 12:31 - 2014-01-07 12:32 - 10619688 _____ (VS Revo Group                                               ) C:\Users\Tracy\Downloads\RevoUninProSetup.exe
2014-01-07 12:16 - 2014-01-07 12:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tracy\Downloads\revosetup.exe
2014-01-06 12:36 - 2014-01-06 13:06 - 00009381 _____ C:\Users\Tracy\Documents\TT 2014 meeting dates.xlsx
2014-01-06 12:31 - 2014-01-07 16:08 - 00000000 ____D C:\Users\Tracy\Desktop\Ellen giveaway
2014-01-06 12:27 - 2014-01-06 12:33 - 00000000 ___RD C:\Users\Tracy\Desktop\TJ VO
2013-12-31 13:30 - 2013-12-31 13:31 - 01581896 _____ (ESET) C:\Users\Tracy\Downloads\eset_smart_security_live_installer (3).exe
2013-12-31 13:23 - 2013-12-31 13:23 - 00000000 ____D C:\Users\Tracy\Downloads\Speclean
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\ESET
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\Program Files\ESET
2013-12-31 12:52 - 2013-12-31 12:52 - 01581896 _____ (ESET) C:\Users\Tracy\Downloads\eset_smart_security_live_installer (2).exe
2013-12-26 15:19 - 2014-01-07 17:41 - 00000000 ____D C:\Users\Tracy\Desktop\Old Firefox Data
2013-12-26 14:11 - 2013-12-26 14:11 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Malwarebytes
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 14:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-26 12:00 - 2013-12-26 12:00 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Snz
2013-12-19 18:14 - 2013-12-19 18:14 - 00357040 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-18 12:04 - 2013-12-18 13:09 - 00000000 ____D C:\Users\Tracy\Desktop\student loan
2013-12-18 11:55 - 2014-01-07 18:57 - 00000000 ____D C:\Users\Tracy\AppData\Local\Citrix
2013-12-12 13:07 - 2013-10-31 21:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 13:07 - 2013-10-31 19:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-12 13:06 - 2013-11-22 22:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 13:06 - 2013-11-22 21:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-12 12:45 - 2013-10-24 22:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 12:45 - 2013-10-24 22:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 12:45 - 2013-10-24 22:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-12-12 12:45 - 2013-10-24 22:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 12:45 - 2013-10-24 22:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 12:45 - 2013-10-24 22:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 12:45 - 2013-10-24 22:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 12:45 - 2013-10-24 22:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 12:45 - 2013-10-24 22:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 12:45 - 2013-10-24 22:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 12:45 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 12:45 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 12:45 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 12:45 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 12:45 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-12 12:45 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 12:45 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-12 12:45 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-12 12:41 - 2013-11-06 15:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 12:41 - 2013-10-18 21:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 12:41 - 2013-10-18 20:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-12 12:41 - 2013-10-10 01:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-12 12:41 - 2013-10-10 01:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2013-12-12 12:41 - 2013-10-10 01:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-12 12:41 - 2013-10-10 01:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 12:41 - 2013-10-10 01:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 12:41 - 2013-10-10 01:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2013-12-12 12:41 - 2013-10-10 01:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 12:41 - 2013-10-08 17:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-12-12 12:41 - 2013-10-08 14:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-12-12 12:41 - 2013-10-08 14:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-12-12 12:41 - 2013-10-08 14:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-12-12 12:41 - 2013-10-08 14:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-12-12 12:41 - 2013-10-08 14:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-12-12 12:41 - 2013-10-08 14:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-12-12 12:41 - 2013-10-08 14:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-12-12 12:41 - 2013-10-04 22:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-12-12 12:41 - 2013-10-03 14:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
2013-12-12 12:41 - 2013-10-01 18:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-12-12 12:41 - 2013-09-27 21:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-12-12 12:41 - 2013-09-27 19:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-12-12 12:41 - 2013-09-27 19:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-12 12:41 - 2013-09-18 23:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-12-12 12:41 - 2013-08-29 21:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2013-12-12 12:41 - 2013-08-29 21:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2013-12-12 12:41 - 2013-08-29 15:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2013-12-12 12:41 - 2013-08-29 15:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll

==================== One Month Modified Files and Folders =======

2014-01-08 11:36 - 2014-01-08 11:36 - 00021715 _____ C:\Users\Tracy\Downloads\FRST.txt
2014-01-08 11:36 - 2014-01-08 11:36 - 00000000 ____D C:\FRST
2014-01-08 11:36 - 2014-01-08 11:35 - 01931770 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64(1).exe
2014-01-08 11:34 - 2014-01-08 11:34 - 01931770 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64.exe
2014-01-08 11:20 - 2012-11-12 08:11 - 01522606 _____ C:\windows\WindowsUpdate.log
2014-01-08 11:14 - 2013-01-12 17:43 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 11:10 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\sru
2014-01-08 11:09 - 2012-07-25 23:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-08 09:44 - 2013-05-29 14:24 - 00000930 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001UA.job
2014-01-07 20:03 - 2013-02-28 09:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 19:15 - 2014-01-07 19:14 - 00021504 _____ C:\Users\Tracy\Desktop\dds.txt
2014-01-07 19:14 - 2014-01-07 19:14 - 00009298 _____ C:\Users\Tracy\Desktop\attach.txt
2014-01-07 19:13 - 2014-01-07 19:13 - 00688992 ____R (Swearware) C:\Users\Tracy\Downloads\dds.scr
2014-01-07 19:08 - 2013-01-23 09:02 - 00000000 ___RD C:\Users\Tracy\Dropbox
2014-01-07 19:08 - 2013-01-23 08:59 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Dropbox
2014-01-07 19:07 - 2013-01-12 17:43 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 19:07 - 2012-07-25 23:21 - 00060620 _____ C:\windows\setupact.log
2014-01-07 19:06 - 2012-07-25 23:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-07 19:05 - 2012-07-25 21:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-07 18:57 - 2013-12-18 11:55 - 00000000 ____D C:\Users\Tracy\AppData\Local\Citrix
2014-01-07 18:30 - 2013-02-11 10:27 - 00000000 ____D C:\Users\Tracy\Documents\Buddhism
2014-01-07 18:00 - 2013-02-04 17:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-07 17:41 - 2013-12-26 15:19 - 00000000 ____D C:\Users\Tracy\Desktop\Old Firefox Data
2014-01-07 16:08 - 2014-01-06 12:31 - 00000000 ____D C:\Users\Tracy\Desktop\Ellen giveaway
2014-01-07 15:56 - 2013-02-04 17:39 - 00000000 ____D C:\Users\Tracy\AppData\Local\Mozilla
2014-01-07 14:17 - 2014-01-07 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-07 12:43 - 2014-01-07 12:43 - 00000000 ____D C:\Users\Tracy\AppData\Local\VS Revo Group
2014-01-07 12:42 - 2014-01-07 12:42 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-07 12:42 - 2014-01-07 12:41 - 10619688 _____ (VS Revo Group                                               ) C:\Users\Tracy\Downloads\RevoUninProSetup (1).exe
2014-01-07 12:32 - 2014-01-07 12:31 - 10619688 _____ (VS Revo Group                                               ) C:\Users\Tracy\Downloads\RevoUninProSetup.exe
2014-01-07 12:16 - 2014-01-07 12:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tracy\Downloads\revosetup.exe
2014-01-07 12:06 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\FxsTmp
2014-01-06 15:44 - 2013-05-29 14:24 - 00000878 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001Core.job
2014-01-06 13:25 - 2013-11-28 12:49 - 00000000 ____D C:\Users\Tracy\Documents\Recipies
2014-01-06 13:06 - 2014-01-06 12:36 - 00009381 _____ C:\Users\Tracy\Documents\TT 2014 meeting dates.xlsx
2014-01-06 12:36 - 2013-01-24 18:48 - 00000000 ____D C:\Users\Tracy\Documents\Youcam
2014-01-06 12:33 - 2014-01-06 12:27 - 00000000 ___RD C:\Users\Tracy\Desktop\TJ VO
2014-01-06 12:30 - 2013-11-18 15:13 - 00000000 ____D C:\Users\Tracy\Desktop\Coaching
2014-01-06 12:28 - 2013-03-14 17:24 - 00395776 ___SH C:\Users\Tracy\Downloads\Thumbs.db
2014-01-02 18:51 - 2012-07-26 00:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-31 16:01 - 2013-01-12 17:33 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-117334080-4287712844-1216391920-1001
2013-12-31 13:31 - 2013-12-31 13:30 - 01581896 _____ (ESET) C:\Users\Tracy\Downloads\eset_smart_security_live_installer (3).exe
2013-12-31 13:23 - 2013-12-31 13:23 - 00000000 ____D C:\Users\Tracy\Downloads\Speclean
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\ESET
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\Program Files\ESET
2013-12-31 12:52 - 2013-12-31 12:52 - 01581896 _____ (ESET) C:\Users\Tracy\Downloads\eset_smart_security_live_installer (2).exe
2013-12-26 14:22 - 2012-09-13 10:32 - 00049772 _____ C:\windows\PFRO.log
2013-12-26 14:11 - 2013-12-26 14:11 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Malwarebytes
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 14:11 - 2013-12-26 14:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 12:00 - 2013-12-26 12:00 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Snz
2013-12-26 12:00 - 2013-02-26 22:16 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Intermediate
2013-12-26 09:20 - 2013-11-18 17:50 - 00000000 ____D C:\Users\Tracy\Documents\Dialects
2013-12-25 09:51 - 2013-01-28 08:23 - 00000000 ____D C:\Users\Tracy\AppData\Roaming\Skype
2013-12-22 18:47 - 2013-02-21 12:35 - 00097792 ___SH C:\Users\Tracy\Desktop\Thumbs.db
2013-12-19 18:14 - 2013-12-19 18:14 - 00357040 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-19 18:14 - 2013-01-12 17:24 - 00000000 ____D C:\Users\Tracy
2013-12-18 13:09 - 2013-12-18 12:04 - 00000000 ____D C:\Users\Tracy\Desktop\student loan
2013-12-16 09:47 - 2013-08-16 12:26 - 00000000 ____D C:\windows\system32\MRT
2013-12-16 09:45 - 2013-01-12 21:25 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 12:03 - 2013-01-28 08:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-15 12:03 - 2013-01-28 08:22 - 00000000 ____D C:\ProgramData\Skype
2013-12-12 15:41 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\NDF
2013-12-12 15:35 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2013-12-12 15:34 - 2013-01-12 19:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 15:32 - 2012-07-25 21:38 - 00000000 ____D C:\windows\system32\oobe
2013-12-12 13:09 - 2013-01-12 17:43 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 13:09 - 2013-01-12 17:43 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 13:03 - 2013-02-28 09:22 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Tracy\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Tracy\AppData\Local\Temp\COMAP.EXE
C:\Users\Tracy\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Tracy\AppData\Local\Temp\DeltaTB.exe
C:\Users\Tracy\AppData\Local\Temp\dp.exe
C:\Users\Tracy\AppData\Local\Temp\drm_dyndata_7290010.dll
C:\Users\Tracy\AppData\Local\Temp\fvdsuite-3.0.2.exe
C:\Users\Tracy\AppData\Local\Temp\lowproc.exe
C:\Users\Tracy\AppData\Local\Temp\oi_{1A395E56-6DBA-477A-B68B-9DDBEDAFD7D2}.exe
C:\Users\Tracy\AppData\Local\Temp\oi_{281C9164-FFBD-4113-ABA1-B20907406FDE}.exe
C:\Users\Tracy\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Tracy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tracy\AppData\Local\Temp\stubhelper.dll
C:\Users\Tracy\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Tracy\AppData\Local\Temp\~fvdsuite-3.0.2-hotfix.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 09:51

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Tracy at 2014-01-08 11:37:23
Running from C:\Users\Tracy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Amazon Browser App (x32 Version: 1.0.0.0 - Amazon)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Cambridge English Pronouncing Dictionary - 17th Edition (x32 Version:  - )
ConvertHelper 2.2 (x32 Version:  - DownloadHelper)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
ESET Smart Security (Version: 7.0.302.26 - ESET, spol s r. o.)
ETDWare PS/2-X64 11.4.8.1_WHQL (Version: 11.4.8.1 - ELAN Microelectronic Corp.)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (x32 Version: 9.17.10.2884 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.5.0480 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
iTunes (Version: 11.1.3.8 - Apple Inc.)
LastPass (uninstall only) (x32 Version:  - LastPass)
Lenovo EasyCamera (x32 Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo Photos (x32 Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Onekey Theater (x32 Version: 3.0.1.0 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PressReader (x32 Version: 5.12.0927.0 -  NewspaperDirect Inc.)
QUICKfind (x32 Version:  - )
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

20-12-2013 02:43:23 Windows Update
24-12-2013 07:13:13 Windows Update
27-12-2013 09:13:36 Windows Update
31-12-2013 05:03:50 Windows Update
04-01-2014 00:09:15 Windows Update
08-01-2014 02:55:55 Removed Citrix Online Launcher

==================== Hosts content: ==========================

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {024309C0-55A9-4415-B612-616B143C7E62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23298956-5FCD-4D89-99CF-6FB468634A78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {238B91AE-F767-405C-AB9E-0682D285A78D} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {32C53A93-1D7D-48F6-9C22-10DEF2F730D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35E3C8DD-AD2E-4845-AA8B-8CCD01CB60A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {43B10F79-9C66-40A5-BC7F-F212FB3793A8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {5298EA7B-D7E7-45E1-89B2-760C6721CA7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001UA => C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {93867A57-7D04-45F4-9284-8323453A07EE} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E59E9ADC-3761-48F0-AF85-D83499AC0D98} - System32\Tasks\{C310DC49-7D78-4317-ABDA-B2A371C6429B} => Chrome.exe http://ui.skype.com/ui/0/6.3.60.105/en/abandoninstall?page=tsProgressBar
Task: {EA46153C-8D58-4B68-9C7B-2A5887D32859} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4408288-CE1A-41A6-AE8A-05A95010DB78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001Core => C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001Core.job => C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001UA.job => C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 07:53 - 2013-01-28 07:53 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-16 17:37 - 2012-10-11 22:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Tracy\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-25 10:11 - 2013-08-25 10:11 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll
2012-11-12 07:37 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-01-07 14:17 - 2014-01-07 14:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
 Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1204

Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1204

Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1204

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1204

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2014 00:57:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0x810
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (01/07/2014 00:05:56 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (01/06/2014 07:29:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (01/06/2014 07:29:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188


System errors:
=============
Error: (01/08/2014 09:51:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Intel driver update for Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter.

Error: (01/07/2014 07:07:47 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 07:07:47 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 07:07:46 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 07:07:45 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 07:07:34 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (01/07/2014 06:05:53 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 06:05:53 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}curlygirlyTracyS-1-5-21-117334080-4287712844-1216391920-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2014 06:05:48 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (01/07/2014 06:03:22 PM) (Source: DCOM) (User: CURLYGIRLY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


Microsoft Office Sessions:
=========================
Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1204

Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1204

Error: (01/07/2014 04:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1204

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1204

Error: (01/07/2014 03:23:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2014 00:57:37 PM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c0000005000000000002657081001cf0beb045927b8C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll5685b92b-77de-11e3-bec0-b888e397973b

Error: (01/07/2014 00:05:56 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (01/06/2014 07:29:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (01/06/2014 07:29:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188


CodeIntegrity Errors:
===================================
  Date: 2014-01-06 12:36:29.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-26 12:17:09.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 09:15:12.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 09:14:22.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 11:56:19.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 11:56:18.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 11:56:17.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 11:56:16.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 12:10:37.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 12:08:35.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 5999.52 MB
Available physical RAM: 4114.26 MB
Total Pagefile: 6959.52 MB
Available Pagefile: 5080.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:582.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 4471E95A)

Partition: GPT Partition Type
==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

I ask that you run AdwCleaner in my initial reply, can you it now. I give instructions once more:

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, let me know if any remaining issues or concerns..

 

Thanks,

 

Kevin....

 

 

 

fixlist.txt

Link to post
Share on other sites

Kevin - I just downloaded the Adware cleaner and was overtaken by all kinds of nastiness: start.mysearchdial has grabbed control of Firefox search bar and free games another program mbgone or something like it.  This is why I did not want to run the free Adware, whenever I download free fix programs I am invaded  Please advise.  thank you, Tracy

Link to post
Share on other sites

Kevin - I just ran the FRST with the fix text in the same file. I will continue the instructions above. Many thanks Tracy

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 05
Ran by Tracy at 2014-01-11 12:32:35 Run:1
Running from C:\Users\Tracy\Desktop\malware fix jan 2014
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [DataMgr] - C:\Users\Tracy\AppData\Roaming\DataMgr\DataMgr.exe [168776 2013-01-26] (HTTO Group, Ltd.)
C:\Users\Tracy\AppData\Roaming\DataMgr
HKCU\...\Run: [sCheck] - C:\Users\Tracy\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
C:\Users\Tracy\AppData\Roaming\SCheck
HKCU\...\Run: [snoozer] - C:\Users\Tracy\AppData\Roaming\Snz\Snz.exe [1209628 2013-12-24] ()
C:\Users\Tracy\AppData\Roaming\Snz
HKCU\...\Run: [intermediate] - C:\Users\Tracy\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] ()
C:\Users\Tracy\AppData\Roaming\Intermediate
C:\Users\Tracy\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Tracy\AppData\Local\Temp\COMAP.EXE
C:\Users\Tracy\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Tracy\AppData\Local\Temp\DeltaTB.exe
C:\Users\Tracy\AppData\Local\Temp\dp.exe
C:\Users\Tracy\AppData\Local\Temp\drm_dyndata_7290010.dll
C:\Users\Tracy\AppData\Local\Temp\fvdsuite-3.0.2.exe
C:\Users\Tracy\AppData\Local\Temp\lowproc.exe
C:\Users\Tracy\AppData\Local\Temp\oi_{1A395E56-6DBA-477A-B68B-9DDBEDAFD7D2}.exe
C:\Users\Tracy\AppData\Local\Temp\oi_{281C9164-FFBD-4113-ABA1-B20907406FDE}.exe
C:\Users\Tracy\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Tracy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tracy\AppData\Local\Temp\stubhelper.dll
C:\Users\Tracy\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Tracy\AppData\Local\Temp\~fvdsuite-3.0.2-hotfix.exe
AlternateDataStreams: C:\Windows:nlsPreferences
End



*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DataMgr => Value deleted successfully.
C:\Users\Tracy\AppData\Roaming\DataMgr => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => Value deleted successfully.
C:\Users\Tracy\AppData\Roaming\SCheck => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => Value deleted successfully.
C:\Users\Tracy\AppData\Roaming\Snz => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => Value deleted successfully.
C:\Users\Tracy\AppData\Roaming\Intermediate => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\AVG-Safeguard.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\dp.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\drm_dyndata_7290010.dll => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\fvdsuite-3.0.2.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\oi_{1A395E56-6DBA-477A-B68B-9DDBEDAFD7D2}.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\oi_{281C9164-FFBD-4113-ABA1-B20907406FDE}.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\~fvdsuite-3.0.2-hotfix.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Kevin - all seems well as I just signed into both google and chrome and explorer and not a single imposter!  Hurray!  Here are the reports.

# AdwCleaner v3.016 - Report created 11/01/2014 at 12:49:20

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Tracy - CURLYGIRLY

# Running from : C:\Users\Tracy\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!

Folder Deleted : C:\Program Files (x86)\Mobogenie

Folder Deleted : C:\Program Files (x86)\openit

Folder Deleted : C:\Users\Tracy\AppData\Local\Mobogenie

Folder Deleted : C:\Users\Tracy\AppData\Roaming\Common\LuaRT

Folder Deleted : C:\Users\Tracy\AppData\Roaming\fbDownloader

Folder Deleted : C:\Users\Tracy\AppData\Roaming\SSync

Folder Deleted : C:\Users\Tracy\Documents\Mobogenie

Folder Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

Folder Deleted : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

File Deleted : C:\END

File Deleted : C:\Users\Public\Desktop\Open It!.lnk

File Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\searchplugins\Mysearchdial.xml

File Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\searchplugins\search.xml

File Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\NSIS_cepd17

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\OfferMosquito

Key Deleted : HKCU\Software\Protector

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0101");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzyyBzyyBtA0B0E0AtCzztN0D0Tzu0CyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutDzytDtC0B");

Line Deleted : user_pref("extensions.mysearchdial.cr", "1333177501");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "B888E397973BEA18");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16080");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:18:31");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7254 octets] - [11/01/2014 12:41:03]

AdwCleaner[s0].txt - [6610 octets] - [11/01/2014 12:49:20]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6670 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.01.09.06

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Tracy :: CURLYGIRLY [administrator]

1/11/2014 12:56:49 PM

mbam-log-2014-01-11 (12-56-49).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 437115

Time elapsed: 53 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

Link to post
Share on other sites

Excellent, we still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin....

Link to post
Share on other sites

clearly I DO need to run the eset online av scan...when I opened Chrome this morning, AVF, FBD, myonlinesearchdial and native search tabs all opened.  How insidious this all is.  I have another question that may or may not be related. My PC is stuck and cannot load window this after my husband was trying to download software for an audio program he says that BING took over the search bar on the PC we are networked, could this be related.  I have every intention of compensating you, though I am certain we can never repay your talents, Best Tracy

Link to post
Share on other sites

I just tried the first steps of the Eset online av scanner and this is the issue both when I disable and enable real time . Please advise.

 

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.

Link to post
Share on other sites

ESET online AV should be run through Internet Explorer (if possible) not FireFox. Leave it for now and run the following:

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites

I ran this one incorrectly the first time which I why I did not include it.
Zoek.exe v5.0.0.0 Updated 09-Januari-2014
Tool run by Tracy on Sun 01/12/2014 at 13:10:55.54.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tracy\Downloads\zoek.exe [scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

1/12/2014 1:11:27 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0101");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzyyBzyyBtA0B0E0AtCzztN0D0Tzu0CyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutDzytDtC0
user_pref("extensions.irmysearch.cr", "1333177501");
user_pref("extensions.irmysearch.instlRef", "");
---- FireFox user.js and prefs.js backups ----

prefs_20140112_0116_.backup

==== Deleting Files \ Folders ======================

C:\Users\Tracy\AppData\Local\genienext deleted
C:\Users\Tracy\daemonprocess.txt deleted
C:\Users\Tracy\.android deleted
C:\PROGRA~2\Amazon deleted
C:\Users\Tracy\AppData\Roaming\Common deleted
C:\ProgramData\Package Cache deleted
C:\Users\Tracy\AppData\Local\cache deleted
C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Tracy\AppData\Local\Temp ====
2014-01-11 01:28:31    9F81FEA4D9046DBC6566CF9233388EE6    306688    ----a-w-    C:\Users\Tracy\AppData\Local\Temp\72106uninstall.exe
2014-01-11 01:28:31    5405413FFF79B8D9C747AA900F60F082    599419    ----a-w-    C:\Users\Tracy\AppData\Local\Temp\Sqlite3.dll
2014-01-11 01:17:46    974A4FBA0FFBF10FAEECE714017DF617    163744    ----a-w-    C:\Users\Tracy\AppData\Local\Temp\is1590112554\252555202_stp\SCC.dll
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
2013-12-26 22:11:04    0BB97D43299910CBFBA59C461B99B910    25928    ----a-w-    C:\windows\Sysnative\drivers\mbam.sys
====== C:\windows\Tasks ======
2014-01-11 01:18:22    E7202629A0DD2B09904C25FBCAC08668    314    ----a-w-    C:\windows\Tasks\Digital Sites.job
2014-01-11 01:18:22    3604E68931C02AAE3E792623D2287E27    2652    ----a-w-    C:\windows\Sysnative\Tasks\Digital Sites
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-12-31 21:18:05    --------    d-----w-    C:\Program Files\ESET
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Tracy\AppData\Roaming ======
2014-01-11 01:18:30    A17479231DC298309A3FDA7D7D00111A    5    ----a-w-    C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
2014-01-11 01:18:29    A969B45B9FCF04F2E69FD4A0C1BFF50D    104    ----a-w-    C:\Users\Tracy\AppData\Roaming\WB.CFG
2014-01-11 01:18:20    --------    d-----w-    C:\Users\Tracy\AppData\Roaming\DigitalSites
2014-01-07 20:43:02    --------    d-----w-    C:\Users\Tracy\AppData\Local\VS Revo Group
2013-12-18 19:55:21    --------    d-----w-    C:\Users\Tracy\AppData\Local\Citrix
====== C:\Users\Tracy ======
2014-01-11 20:37:58    AF5C84446657B48C9B9B870C46438261    1233962    ----a-w-    C:\Users\Tracy\Downloads\AdwCleaner.exe
2014-01-11 01:18:18    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
2014-01-08 02:01:22    --------    d-----w-    C:\windows\serviceprofiles\Localservice\winhttp
2014-01-07 20:42:57    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-01-07 20:41:43    DA09AF2982A2800FD068AF857EAD480B    10619688    ----a-w-    C:\Users\Tracy\Downloads\RevoUninProSetup (1).exe
2014-01-07 20:31:34    DA09AF2982A2800FD068AF857EAD480B    10619688    ----a-w-    C:\Users\Tracy\Downloads\RevoUninProSetup.exe
2014-01-07 20:16:40    4F99CAE27FFD46712E65C21444AACDFC    2623656    ----a-w-    C:\Users\Tracy\Downloads\revosetup.exe
2013-12-31 21:30:09    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2013-12-31 21:18:05    --------    d-----w-    C:\ProgramData\ESET

====== C: exe-files ==
2014-01-11 20:37:58    AF5C84446657B48C9B9B870C46438261    1233962    ----a-w-    C:\Users\Tracy\Downloads\AdwCleaner.exe
2014-01-11 20:32:31    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUTUKNA4\FRST64[2].exe
2014-01-11 20:32:16    FC3AAF12BE279CE3F3FBA1A11DEC15A0    2076672    ----a-w-    C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECZSEO8C\FRST64[2].exe
2014-01-11 01:28:31    9F81FEA4D9046DBC6566CF9233388EE6    306688    ----a-w-    C:\Users\Tracy\AppData\Local\Temp\72106uninstall.exe
2014-01-10 01:35:31    D4577203559D4EB8EA4EADBD88812F69    1931772    ----a-w-    C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUTUKNA4\FRST64[1].exe
2014-01-08 19:35:46    C7846EDE10E2CD5E32AE5EEC647A7035    1931770    ----a-w-    C:\Users\Tracy\Downloads\FRST-OlderVersion\FRST64(1).exe
2014-01-08 19:34:37    FC3AAF12BE279CE3F3FBA1A11DEC15A0    2076672    ----a-w-    C:\Users\Tracy\Desktop\malware fix jan 2014\FRST64.exe
2014-01-08 19:34:37    D4577203559D4EB8EA4EADBD88812F69    1931772    ----a-w-    C:\Users\Tracy\Desktop\malware fix jan 2014\FRST-OlderVersion\FRST64.exe
2014-01-08 19:34:37    C7846EDE10E2CD5E32AE5EEC647A7035    1931770    ----a-w-    C:\Users\Tracy\Downloads\FRST-OlderVersion\FRST64.exe
2014-01-07 20:41:43    DA09AF2982A2800FD068AF857EAD480B    10619688    ----a-w-    C:\Users\Tracy\Downloads\RevoUninProSetup (1).exe
2014-01-07 20:31:34    DA09AF2982A2800FD068AF857EAD480B    10619688    ----a-w-    C:\Users\Tracy\Downloads\RevoUninProSetup.exe
2014-01-07 20:16:40    4F99CAE27FFD46712E65C21444AACDFC    2623656    ----a-w-    C:\Users\Tracy\Downloads\revosetup.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-117334080-4287712844-1216391920-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 645"
"Akamai NetSession Interface"="C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe"
"GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"FVDSuite.exe"="C:\Program Files (x86)\FVD Suite\FVDSuite.exe /S"
"Google Update"="C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 645"
"Akamai NetSession Interface"="C:\Users\Tracy\AppData\Local\Akamai\netsession_win.exe"
"GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"FVDSuite.exe"="C:\Program Files (x86)\FVD Suite\FVDSuite.exe /S"
"Google Update"="C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnekeyStudio"="C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"RtsFT"="RTFTrack.exe"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Folders ======================

2013-01-23 17:00:30    1063    ----a-w-    C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-05-29 02:46:59    2121    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2013-10-02 00:43:32    2121    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/12/2013 01:03 PM]
C:\windows\tasks\Digital Sites.job --a-------- C:\8FDD s  C:\Users\Tracy\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/12/2013 05:43 PM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/12/2013 05:43 PM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001Core.job --a-------- C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [05/22/2013 06:53 AM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001UA.job --a-------- C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [05/22/2013 06:53 AM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\Digital Sites" [C:\Users\Tracy\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
"C:\windows\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001Core" [C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-117334080-4287712844-1216391920-1001UA" [C:\Users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe]
"C:\windows\SysNative\tasks\{C310DC49-7D78-4317-ABDA-B2A371C6429B}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [03/01/2013 05:29 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
F891089A6AB9E12FEDEBCC5EC0F40D66    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -    Shockwave Flash
C36444D7301A8C881FC7296B092609C7    - C:\Users\Tracy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
68BCBB241EF254BC5100D9E6C06ECC71    - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -    Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3    - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792    - C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
FEF9ECECFA177AEC0F7564A08394D2C8    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hphehadppenpmajgnkjdcopcfijjegaf - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[11/29/2012 08:35 PM]

Google Docs - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Firebug Lite for Google Chrome\u2122 - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench
Google Search - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
LastPass - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Rapportive - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin
RealDownloader - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Diigo Web Collector - Capture and Annotate - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole
None - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg
Evernote Web Clipper - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hphehadppenpmajgnkjdcopcfijjegaf_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{DD7A9002-3323-4652-A8CE-2794044E72C4} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-117334080-4287712844-1216391920-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DD7A9002-3323-4652-A8CE-2794044E72C4} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Tracy\AppData\Local\Mozilla\Firefox\Profiles\2w33cfwb.default-1389145297470\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=214 folders=46 95231990 bytes)

==== Empty Temp Folders ======================

C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Tracy\AppData\Local\Temp  will be emptied at reboot
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Tracy\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 01/12/2014 at 13:24:34.64 ======================
 

Link to post
Share on other sites

Even using the quick scan option with "Auto clean" many entries are removed, that is why I ask for the log..... Ok we contunue:

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive,  Attach it to your next reply… Also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Hello Kevin - I ran cureit and am attaching the report.  I signed into chrome and all the culprits tried to load then I got a plain google screen....yay for 5 seconds, until I realized all culprits running in another screen behind. Wah!  I am hoping you can help me get this under control, I am not able to work while computer is down and due to a death in the family I really need to be able to travel on thursday and take my lap top so I can work and travel.  How did I get so deeply infested? I have been running eset and am pretty careful.  YIKES!cureit(1436).log

Link to post
Share on other sites

Is this problem only happening with Chrome, if so continue:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Go here: https://support.google.com/chrome/answer/3296214?hl=en follow the instructions and reset Chrome browser settings....

 

Next,

 

Run FRST one more time and post fresh logs, ensure "Addition.txt" is selected underneath "Optional scan" and all boxes are selected underneath "White List"

 

Kevin

Link to post
Share on other sites

Kevin - YES only in Chrome. So I will follow all steps in your last reply.  here is JRT log. Many thanks, words are just not sufficient to express my gratitude. T

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Tracy on Mon 01/13/2014 at 13:48:44.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/13/2014 at 13:54:04.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run quick scan with Malwarebytes, post its log....

 

Let me see those two logs, tell me if there are any remaining issues or concerns. Restart Chrome a couple of times, see if it is as expected...

 

Thanks,

 

Kevin.....

Fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.