Jump to content

Recommended Posts

Sorry this is kind of a long history, I'm not really sure if any of this information is useful or not. I started working at a company this summer. Every time I would use their computer and go on the internet, I would get redirected to a random site. I remember one time goggling Microsoft skydrive. I clicked on the Microsoft link but got redirected to a site that looked very similar but was not actually Microsoft's site. It wanted me to download something, so I quickly exited the site. I knew something was wrong, so I downloaded Malwarebytes onto the computer. I downloaded and paid for the pro version because that is what I have on my personal computer and absolutely love it. It found a bunch of viruses right away. The computer started working faster and everything seemed back to normal.

 

Well for the past couple of months, the computer seems to be getting slower and slower. The past week or two it has been extremely slow! So I am not sure if the virus was to far on the computer by the time I downloaded Malwarebytes and if Malwarebytes then was unable to remove all of it. If someone could please help me out, that would be great!

 

Here are my logs.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16537
Run by SJS CinderCare at 12:49:37 on 2014-02-04
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.2038.954 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\dashost.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [skyDrive] "c:\users\sjs cindercare\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRunOnce: [uninstall c:\users\sjs cindercare\appdata\local\microsoft\skydrive\17.0.2010.0530] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\sjs cindercare\appdata\local\microsoft\skydrive\17.0.2010.0530"
uRunOnce: [uninstall c:\users\sjs cindercare\appdata\local\microsoft\skydrive\17.0.2011.0627] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\sjs cindercare\appdata\local\microsoft\skydrive\17.0.2011.0627"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.10.4
TCP: Interfaces\{2FD02FAA-AFEF-428B-A611-E8FA91810FEC} : DHCPNameServer = 192.168.10.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-19 701512]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2013-7-10 78960]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2013-7-10 18800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-19 22856]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-25 155136]
.
=============== Created Last 30 ================
.
2014-02-04 12:29:33 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{82a1ecb6-0ee3-4bfc-b8a7-005a6c40d06d}\mpengine.dll
2014-02-04 12:06:29 7760024 ------w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-02-04 12:06:29 7760024 ------w- c:\programdata\microsoft\windows defender\definition updates\{2676d004-b2ab-4862-aaf6-958bee67b3df}\mpengine.dll
2014-01-28 18:46:47 -------- d-----w- c:\users\sjs cindercare\appdata\roaming\MPC-HC
2014-01-28 18:45:45 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2014-01-28 18:45:45 216064 ----a-w- c:\windows\system32\lagarith.dll
2014-01-28 18:45:44 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-01-28 18:45:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-01-28 18:45:42 122880 ----a-w- c:\windows\system32\ac3acm.acm
2014-01-28 18:45:41 218200 ----a-w- c:\windows\system32\unrar.dll
2014-01-28 18:45:38 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-01-28 18:45:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-01-24 12:45:28 246960 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10231.bin
2014-01-23 20:12:11 -------- d-----w- c:\program files\iPod
2014-01-23 20:12:10 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 20:12:10 -------- d-----w- c:\program files\iTunes
2014-01-15 11:52:30 562688 ----a-w- c:\windows\system32\WSShared.dll
2014-01-15 11:52:30 124928 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M  ====================
.
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-09 08:02:07 78296 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-09 08:02:07 694240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-23 05:05:01 368640 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-06 23:18:46 3387904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:51:00.30 ===============
 
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2012 9:26:25 PM
System Uptime: 1/28/2014 12:54:58 PM (168 hours ago)
.
Motherboard: Dell Inc.           |  | 0KF623
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2993/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 15.896 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 1/20/2014 6:01:57 AM - Scheduled Checkpoint
RP65: 1/27/2014 6:19:47 AM - Scheduled Checkpoint
RP66: 2/4/2014 6:33:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother MFL-Pro Suite MFC-9325CW
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
Google Update Helper
Google+ Auto Backup
iCloud
iTunes
K-Lite Mega Codec Pack 10.2.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Picasa 3
QuickTime
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shutterfly Express Uploader
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
.
==== End Of File ===========================
 
Thanks,
Maria
Link to post
Share on other sites

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------

Link to post
Share on other sites

Hi Jeff,

 

Thank you so much for your help! 

 

Here is my AdeCleaner Report

 

# AdwCleaner v3.018 - Report created 05/02/2014 at 12:44:03
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : SJS CinderCare - CINDERCARE
# Running from : C:\Users\SJS CinderCare\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\SJS CinderCare\AppData\Local\unitlayers
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\SJS CinderCare\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1208 octets] - [05/02/2014 12:44:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1268 octets] ##########
 
I ran the Malwarebytes Anti-Rootkit and received a no malware found message.
Link to post
Share on other sites

Hi and well done!!
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites

Here is the results from the additions log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2014
Ran by SJS CinderCare at 2014-02-06 08:50:04
Running from C:\Users\SJS CinderCare\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9325CW (Version: 3.0.3.0 - Brother Industries, Ltd.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (Version: 1.0.21.81 - Google)
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.4.62 - Apple Inc.)
K-Lite Mega Codec Pack 10.2.0 (Version: 10.2.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Picasa 3 (Version: 3.9 - Google, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Shutterfly Express Uploader (Version: 1.2.0.0 - Shutterfly, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
 
==================== Restore Points  =========================
 
27-01-2014 12:19:47 Scheduled Checkpoint
04-02-2014 12:33:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-25 22:17 - 2012-07-25 22:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12A1C6EB-B7EF-493C-95BF-5E4987B5D90C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {67E7F345-A385-4ECB-9EA8-D6F9038C45EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {85CE3760-C242-4C53-ABF2-D63CD617AF8C} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5A54F62-22C2-4664-BB47-AA2F5A3BFEE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {E2D062D2-7C0D-40CD-9D68-F4AD3803B5C7} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-26 16:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2014-02-04 06:14 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 06:14 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 06:14 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 06:14 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 06:14 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15662
 
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15662
 
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/05/2014 05:53:22 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:22.571]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:21 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:21.065]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:19 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:19.557]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:18 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:18.053]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:16 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:16.549]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:15 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:15.043]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:13 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/02/05 17:53:13.538]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
 
System errors:
=============
Error: (01/28/2014 00:55:17 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:21:32 PM on ‎1/‎28/‎2014 was unexpected.
 
Error: (01/27/2014 05:50:09 PM) (Source: DCOM) (User: CinderCare)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/24/2014 06:03:32 PM) (Source: DCOM) (User: CinderCare)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/21/2014 05:50:29 PM) (Source: DCOM) (User: CinderCare)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/21/2014 05:50:28 PM) (Source: DCOM) (User: CinderCare)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/21/2014 05:50:27 PM) (Source: DCOM) (User: CinderCare)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/21/2014 05:50:27 PM) (Source: DCOM) (User: CinderCare)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/16/2014 05:51:49 PM) (Source: DCOM) (User: CinderCare)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/06/2014 05:03:08 PM) (Source: DCOM) (User: CinderCare)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (01/06/2014 05:03:08 PM) (Source: DCOM) (User: CinderCare)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15662
 
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15662
 
Error: (02/05/2014 05:54:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/05/2014 05:53:22 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:22.571]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:21 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:21.065]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:19 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:19.557]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:18 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:18.053]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:16 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:16.549]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:15 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:15.043]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
Error: (02/05/2014 05:53:13 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/02/05 17:53:13.538]: [00004048]: lperrcode->api = 1 , lperrcode->code = 2
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 67%
Total physical RAM: 2038.14 MB
Available physical RAM: 657.63 MB
Total Pagefile: 3792.41 MB
Available Pagefile: 1940.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1855.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:74.19 GB) (Free:16.07 GB) NTFS
Drive e: (Singable Songs for Letters & Sou) (CDROM) (Total:4.05 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 4B869091)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Here is the FRST log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by SJS CinderCare (administrator) on CINDERCARE on 06-02-2014 08:46:58
Running from C:\Users\SJS CinderCare\Desktop
Microsoft Windows 8 Pro (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [brMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-3886179815-1488367952-3934508139-1001\...\Run: [skyDrive] - C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-3886179815-1488367952-3934508139-1001\...\RunOnce: [uninstall C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
HKU\S-1-5-21-3886179815-1488367952-3934508139-1001\...\RunOnce: [uninstall C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SJS CinderCare\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87BCB1D3581CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
BHO: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\SJS CinderCare\AppData\Local\UnitLayers\temp.dat No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.4
 
Chrome: 
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=U217DF&PC=U217&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\SJS CinderCare\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
 
========================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)
U3 mbr; \??\C:\Users\SJSCIN~1\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-06 08:46 - 2014-02-06 08:47 - 00006473 _____ () C:\Users\SJS CinderCare\Desktop\FRST.txt
2014-02-06 08:46 - 2014-02-06 08:46 - 00000000 ____D () C:\FRST
2014-02-06 08:45 - 2014-02-06 08:45 - 01139200 _____ (Farbar) C:\Users\SJS CinderCare\Desktop\FRST.exe
2014-02-05 12:57 - 2014-02-05 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-05 12:50 - 2014-02-05 13:41 - 00000000 ____D () C:\Users\SJS CinderCare\Desktop\mbar
2014-02-05 12:50 - 2014-02-05 12:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-05 12:49 - 2014-02-05 12:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\SJS CinderCare\Desktop\mbar-1.07.0.1009.exe
2014-02-05 12:43 - 2014-02-05 12:45 - 00000000 ____D () C:\AdwCleaner
2014-02-05 12:41 - 2014-02-05 12:42 - 01166132 _____ () C:\Users\SJS CinderCare\Desktop\AdwCleaner.exe
2014-02-04 12:51 - 2014-02-04 12:51 - 00008182 _____ () C:\Users\SJS CinderCare\Desktop\dds.txt
2014-02-04 12:51 - 2014-02-04 12:51 - 00003699 _____ () C:\Users\SJS CinderCare\Desktop\attach.txt
2014-02-04 12:47 - 2014-02-04 12:48 - 00688992 ____R (Swearware) C:\Users\SJS CinderCare\Desktop\dds.com
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\WhiteBorderFramesGraphicsforCommercialUse
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\thJulyFramesBackgroundsFREEBIE
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FramesSummerSetFREEBIE
2014-01-30 13:18 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotClassroomLabels
2014-01-30 13:18 - 2014-01-30 13:18 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotCircleSquareFrames
2014-01-30 13:18 - 2014-01-30 13:18 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEFluffyCircleFramesClipArt
2014-01-28 13:41 - 2014-01-28 13:41 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDottedSquareFramesFramesGraphicsforCommercialUse
2014-01-28 13:27 - 2014-01-28 13:27 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotBordersLabelsNameTags
2014-01-28 13:22 - 2014-01-28 13:22 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\DoodleFramesFreebieCommercialUse
2014-01-28 12:50 - 2014-01-28 12:50 - 00000000 ____D () C:\Users\SJS CinderCare\Documents\MPC-HC Capture
2014-01-28 12:46 - 2014-01-28 12:46 - 00000000 ____D () C:\Users\SJS CinderCare\AppData\Roaming\MPC-HC
2014-01-28 12:45 - 2014-01-28 12:45 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-01-28 12:45 - 2013-12-20 12:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-01-28 12:45 - 2013-12-01 07:10 - 00218200 _____ () C:\Windows\system32\unrar.dll
2014-01-28 12:45 - 2013-03-17 11:21 - 03649536 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-01-28 12:45 - 2012-07-21 05:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2014-01-28 12:45 - 2011-12-07 12:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
2014-01-28 12:45 - 2011-06-24 09:44 - 00243200 _____ () C:\Windows\system32\xvidvfw.dll
2014-01-28 12:45 - 2011-06-24 09:28 - 00650752 _____ () C:\Windows\system32\xvidcore.dll
2014-01-23 14:13 - 2014-01-23 14:13 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 14:12 - 2014-01-23 14:13 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 14:12 - 2014-01-23 14:13 - 00000000 ____D () C:\Program Files\iTunes
2014-01-23 14:12 - 2014-01-23 14:12 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 14:07 - 2014-01-23 14:08 - 02164368 _____ (Microsoft Corporation) C:\Users\SJS CinderCare\Downloads\DefaultPack.EXE
2014-01-20 15:12 - 2014-01-20 15:15 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\New folder (2)
2014-01-17 12:20 - 2014-01-17 12:20 - 00114913 _____ () C:\Users\SJS CinderCare\Downloads\5DB5.tmp
2014-01-15 05:52 - 2013-12-06 23:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 05:52 - 2013-12-06 23:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-12 20:15 - 2014-01-12 20:16 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\New folder
2014-01-12 20:13 - 2014-01-12 20:13 - 05205262 _____ () C:\Users\SJS CinderCare\Downloads\ChristmasClipartCookiesandotherYummies.zip
2014-01-12 20:13 - 2014-01-12 20:13 - 00601898 _____ () C:\Users\SJS CinderCare\Downloads\DoodleFramesFreebieCommercialUse.zip
2014-01-12 17:58 - 2014-01-12 17:59 - 00000000 ____D () C:\Users\SJS CinderCare\Desktop\New folder
2014-01-09 13:19 - 2014-01-09 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 09:03 - 2014-01-07 09:03 - 00058083 _____ () C:\Users\SJS CinderCare\Downloads\D73.tmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-06 08:47 - 2014-02-06 08:46 - 00006473 _____ () C:\Users\SJS CinderCare\Desktop\FRST.txt
2014-02-06 08:46 - 2014-02-06 08:46 - 00000000 ____D () C:\FRST
2014-02-06 08:45 - 2014-02-06 08:45 - 01139200 _____ (Farbar) C:\Users\SJS CinderCare\Desktop\FRST.exe
2014-02-06 08:05 - 2013-06-17 14:37 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 08:00 - 2012-07-26 00:53 - 00000000 ____D () C:\Windows\system32\sru
2014-02-06 07:57 - 2012-11-28 21:25 - 01159036 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 07:05 - 2013-06-17 14:37 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 06:02 - 2013-06-19 14:41 - 00000000 ___RD () C:\Users\SJS CinderCare\SkyDrive
2014-02-05 13:41 - 2014-02-05 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-05 13:41 - 2014-02-05 12:50 - 00000000 ____D () C:\Users\SJS CinderCare\Desktop\mbar
2014-02-05 12:50 - 2014-02-05 12:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-05 12:50 - 2014-02-05 12:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\SJS CinderCare\Desktop\mbar-1.07.0.1009.exe
2014-02-05 12:45 - 2014-02-05 12:43 - 00000000 ____D () C:\AdwCleaner
2014-02-05 12:42 - 2014-02-05 12:41 - 01166132 _____ () C:\Users\SJS CinderCare\Desktop\AdwCleaner.exe
2014-02-05 06:51 - 2012-07-26 00:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-05 06:20 - 2012-07-26 00:53 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-04 12:51 - 2014-02-04 12:51 - 00008182 _____ () C:\Users\SJS CinderCare\Desktop\dds.txt
2014-02-04 12:51 - 2014-02-04 12:51 - 00003699 _____ () C:\Users\SJS CinderCare\Desktop\attach.txt
2014-02-04 12:48 - 2014-02-04 12:47 - 00688992 ____R (Swearware) C:\Users\SJS CinderCare\Desktop\dds.com
2014-02-04 06:14 - 2013-06-17 14:38 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 08:21 - 2012-11-29 19:19 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-01-30 15:10 - 2013-11-15 05:47 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-30 15:10 - 2013-11-15 05:47 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\WhiteBorderFramesGraphicsforCommercialUse
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\thJulyFramesBackgroundsFREEBIE
2014-01-30 13:19 - 2014-01-30 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FramesSummerSetFREEBIE
2014-01-30 13:19 - 2014-01-30 13:18 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotClassroomLabels
2014-01-30 13:18 - 2014-01-30 13:18 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotCircleSquareFrames
2014-01-30 13:18 - 2014-01-30 13:18 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEFluffyCircleFramesClipArt
2014-01-28 13:41 - 2014-01-28 13:41 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDottedSquareFramesFramesGraphicsforCommercialUse
2014-01-28 13:27 - 2014-01-28 13:27 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\FREEPolkaDotBordersLabelsNameTags
2014-01-28 13:24 - 2013-06-21 12:22 - 00000000 ____D () C:\Users\SJS CinderCare\Documents\Classroom Labels
2014-01-28 13:22 - 2014-01-28 13:22 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\DoodleFramesFreebieCommercialUse
2014-01-28 12:55 - 2012-07-26 00:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-28 12:50 - 2014-01-28 12:50 - 00000000 ____D () C:\Users\SJS CinderCare\Documents\MPC-HC Capture
2014-01-28 12:46 - 2014-01-28 12:46 - 00000000 ____D () C:\Users\SJS CinderCare\AppData\Roaming\MPC-HC
2014-01-28 12:45 - 2014-01-28 12:45 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-01-23 14:17 - 2012-07-25 22:17 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-01-23 14:13 - 2014-01-23 14:13 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 14:13 - 2014-01-23 14:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 14:13 - 2014-01-23 14:12 - 00000000 ____D () C:\Program Files\iTunes
2014-01-23 14:12 - 2014-01-23 14:12 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 14:12 - 2013-05-31 15:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-23 14:08 - 2014-01-23 14:07 - 02164368 _____ (Microsoft Corporation) C:\Users\SJS CinderCare\Downloads\DefaultPack.EXE
2014-01-23 14:07 - 2013-05-31 15:59 - 00000000 ____D () C:\ProgramData\Apple
2014-01-23 12:45 - 2013-09-19 11:32 - 00000000 ____D () C:\Users\SJS CinderCare\Documents\Name Tags
2014-01-20 15:15 - 2014-01-20 15:12 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\New folder (2)
2014-01-19 01:32 - 2012-11-29 11:06 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 12:20 - 2014-01-17 12:20 - 00114913 _____ () C:\Users\SJS CinderCare\Downloads\5DB5.tmp
2014-01-15 06:05 - 2013-08-14 07:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 06:01 - 2012-12-13 06:11 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 05:58 - 2012-07-26 00:53 - 00000000 ____D () C:\Windows\WinStore
2014-01-12 20:16 - 2014-01-12 20:15 - 00000000 ____D () C:\Users\SJS CinderCare\Downloads\New folder
2014-01-12 20:13 - 2014-01-12 20:13 - 05205262 _____ () C:\Users\SJS CinderCare\Downloads\ChristmasClipartCookiesandotherYummies.zip
2014-01-12 20:13 - 2014-01-12 20:13 - 00601898 _____ () C:\Users\SJS CinderCare\Downloads\DoodleFramesFreebieCommercialUse.zip
2014-01-12 17:59 - 2014-01-12 17:58 - 00000000 ____D () C:\Users\SJS CinderCare\Desktop\New folder
2014-01-09 13:19 - 2014-01-09 13:19 - 00000000 ____D () C:\Users\SJS CinderCare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-08 13:41 - 2012-11-28 21:29 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-07 09:03 - 2014-01-07 09:03 - 00058083 _____ () C:\Users\SJS CinderCare\Downloads\D73.tmp
 
Some content of TEMP:
====================
C:\Users\SJS CinderCare\AppData\Local\Temp\_isC3AF.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-06 06:03
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Hi,
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\SJS CinderCare\Downloads\D73.tmp
 
C:\Users\SJS CinderCare\Downloads\5DB5.tmp


 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------

Link to post
Share on other sites

Here is the log from the AdwCleaner

 

# AdwCleaner v3.018 - Report created 06/02/2014 at 13:43:45
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : SJS CinderCare - CINDERCARE
# Running from : C:\Users\SJS CinderCare\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\SJS CinderCare\AppData\Local\unitlayers
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\SJS CinderCare\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1348 octets] - [05/02/2014 12:44:03]
AdwCleaner[R1].txt - [1408 octets] - [06/02/2014 13:41:10]
AdwCleaner[s0].txt - [1343 octets] - [06/02/2014 13:43:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1403 octets] ##########
 
Here is the link to the D73.tmp thing
 
 
Here is the link to the 5DB5.tmp thing
 
Link to post
Share on other sites

It's running a tad bit better. Did it end up having a virus? I'm thinking the computer might need some more ram to help make it faster.

You had some "garbage" on your system that we removed in the form of adware, but nothing really bad at all.

 

I would wager that you are correct about the RAM though....it seems you have on 2Gb of RAM on your Windows 8 system?  That really is not enough any more for RAM so maybe getting more would be beneficial to you.   :)

 

Let's check and be sure nothing is in there hiding though...

 

GUZVCQN.jpgMalwarebytes

 

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.

----------

 

ESET Online Scanner

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Hi,

Sorry I was off all weekend. Here is the quick scan log.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.04
 
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16750
SJS CinderCare :: CINDERCARE [administrator]
 
Protection: Enabled
 
2/10/2014 11:45:05 AM
mbam-log-2014-02-10 (11-45-05).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 203441
Time elapsed: 11 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
It said 4 threats found.
 
I could not export it to my desktop. I would click on export and the Save As box would pop up. I would like save and nothing happens. So I clicked copy to clipboard and pasted it below. Hopefully that works.
 
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Users\SJS CinderCare\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\498CF4FA.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
 
Link to post
Share on other sites

Hi,
 
You are doing great!!   :)
 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your Desktop as fixlist.txt 
 

C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll C:\Users\SJS CinderCare\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\498CF4FA.exe

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
----------
 
What remaining malware problems are you having?   :)

Link to post
Share on other sites

Hi,

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by SJS CinderCare at 2014-02-11 08:38:21 Run:1
Running from C:\Users\SJS CinderCare\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll 
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll 
C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll 
C:\Users\SJS CinderCare\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\498CF4FA.ex
*****************
 
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll => Moved successfully.
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll => Moved successfully.
C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll => Moved successfully.
"C:\Users\SJS CinderCare\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\498CF4FA.ex" => File/Directory not found.
 
==== End of Fixlog ====
 
Things seem to be running a little bit faster so I think it is good.
Link to post
Share on other sites

Providing there are no other malware related problems...
 
IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN!  GREAT JOB!!  
 
This infection appears to have been cleared, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
 

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

--------------

 
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------
 
Here are some tips to reduce the potential for spyware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus 
 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current.  Windows XP users can visit Windows update  regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.
 
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.