Jump to content

Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Joel long at 22:09:45 on 2014-02-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2262 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve


mWinlogon: Userinit = userinit.exe,
BHO: Video Player: {e287b130-c305-4fb0-b976-3b76d03ea63f} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Facebook Update] "C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: LocalAccontFilterTokenPolicy = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: Interfaces\{4441A78A-ED75-4E43-911C-403FD9EA9566} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9B6BC409-72CF-4DBB-8034-DDE1A076B6BC} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>


x64-BHO: ElectroLyrics-16: {11111111-1111-1111-1111-110411411152} -
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-System: LocalAccontFilterTokenPolicy = dword:1
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joel long\AppData\Roaming\Mozilla\Firefox\Profiles\py68m5s0.default-1392004986906\

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joel long\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-8-31 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-26 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-2-26 361984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-31 2451456]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\Drivers\LMIRfsDriver.sys [2013-3-9 72216]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-8-31 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-8-31 683664]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-8-31 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-10 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-10 43832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-02-13 02:51:58    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85AE3031-AAC2-4769-9199-3BC32E8A6A55}\mpengine.dll
2014-02-13 02:45:33    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-10 04:23:16    --------    d-----w-    C:\Users\Joel long\AppData\Roaming\Malwarebytes
2014-02-10 04:22:44    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-10 04:22:40    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-10 04:22:40    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-10 04:06:34    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2014-02-10 03:51:22    240816    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
2014-02-09 21:39:58    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E37D35C3-1D3C-4CA6-A913-BF98CED740D5}\mpengine.dll
2014-02-09 03:12:24    --------    d-----w-    C:\Program Files\iPod
2014-02-09 03:12:16    --------    d-----w-    C:\Program Files\iTunes
2014-02-09 03:12:15    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-03 17:01:56    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2014-01-03 17:01:53    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2014-01-03 17:01:52    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2013-12-04 00:53:54    78304    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43:58    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
.
============= FINISH: 22:10:34.58 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/24/2012 6:18:01 PM
System Uptime: 2/12/2014 8:32:19 PM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 169A
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 225.533 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.293 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 1/16/2014 11:47:07 AM - Windows Modules Installer
RP65: 2/8/2014 9:37:56 PM - Revo Uninstaller's restore point - LogMeIn
RP66: 2/12/2014 8:57:57 PM - Revo Uninstaller's restore point - Java 7 Update 45
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Flash Player 12 Plugin
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Energy Star
Facebook Video Calling 1.2.0.287
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut
FlatOut 2
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
iTunes
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Mystery P.I. - Curious Case of Counterfeit Cove
OpenOffice.org 3.4.1
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Ralink RT5390R 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Revo Uninstaller 1.94
Roads of Rome 3
Swift Browse 1.0.0
swMSM
Synaptics TouchPad Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
VLC media player 2.1.3
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/9/2014 10:52:14 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  A system shutdown is in progress.
2/9/2014 10:52:09 AM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.
2/9/2014 10:34:51 AM, Error: Service Control Manager [7038]  - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2014 10:34:51 AM, Error: Service Control Manager [7000]  - The SSDP Discovery service failed to start due to the following error:  The service did not start due to a logon failure.
2/8/2014 9:47:23 PM, Error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The system cannot find the file specified.
2/8/2014 9:02:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
2/12/2014 8:33:19 PM, Error: Microsoft-Windows-GroupPolicy [1096]  - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
2/12/2014 8:32:55 PM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run the following in the order listed and post logs..

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.018 - Report created 14/02/2014 at 22:41:26

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Joel long - JOEL

# Running from : C:\Users\Joel long\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\MyPC Backup 

Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer

Folder Deleted : C:\Windows\SysWOW64\Searchprotect

Folder Deleted : C:\Users\JOELLO~1\AppData\Local\Temp\apn

Folder Deleted : C:\Users\JOELLO~1\AppData\Local\Temp\eIntaller

Folder Deleted : C:\Users\Joel long\AppData\Local\Conduit

Folder Deleted : C:\Users\Joel long\AppData\Local\Supreme Savings

Folder Deleted : C:\Users\Joel long\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Joel long\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Joel long\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Joel long\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\Joel long\AppData\Roaming\Searchprotect

Folder Deleted : C:\Users\Joel long\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Joel long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\JOELLO~1\AppData\Local\Temp\Uninstall.exe

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\Joel long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Joel long\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Joel long\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Joel long\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316759

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Swift Browse

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\eSafeSecControl

Key Deleted : HKLM\Software\systweak

Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v27.0 (en-US)

 

[ File : C:\Users\Joel long\AppData\Roaming\Mozilla\Firefox\Profiles\py68m5s0.default-1392004986906\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [7092 octets] - [14/02/2014 22:36:32]

AdwCleaner[s0].txt - [5464 octets] - [14/02/2014 22:41:26]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5524 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 8 x64

Ran by Joel long on Fri 02/14/2014 at 22:56:00.46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412252}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422412252}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411152}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/14/2014 at 23:12:54.44

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.15.02

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

Joel long :: JOEL [administrator]

 

2/14/2014 11:24:44 PM

mbam-log-2014-02-14 (23-24-44).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 418147

Time elapsed: 2 hour(s), 5 minute(s), 55 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01

Ran by Joel long (administrator) on JOEL on 15-02-2014 09:10:47

Running from C:\Users\Joel long\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)

HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-26] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-1151768343-762636676-3651508663-1004\...\Run: [Facebook Update] - C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-04] (Facebook Inc.)

HKU\S-1-5-21-1151768343-762636676-3651508663-1004\...\MountPoints2: {b0e9f4fd-94ca-11e2-be88-c8cbb801783b} - "F:\WD SmartWare.exe" autoplay=true

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.dell.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll No File

BHO-x32: Video Player - {e287b130-c305-4fb0-b976-3b76d03ea63f} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta622\ie\VideoPlayerV3beta622.dll No File

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

 

FireFox:

========

FF ProfilePath: C:\Users\Joel long\AppData\Roaming\Mozilla\Firefox\Profiles\py68m5s0.default-1392004986906


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Joel long\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff

FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff

FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta622.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta622\ff

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-26] (Advanced Micro Devices, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S4 LMIRfsClientNP; No ImagePath

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-10] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-10] (Synaptics Incorporated)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-15 09:10 - 2014-02-15 09:11 - 00009024 _____ () C:\Users\Joel long\Downloads\FRST.txt

2014-02-15 09:10 - 2014-02-15 09:10 - 00000000 ____D () C:\FRST

2014-02-15 09:06 - 2014-02-15 09:06 - 02152960 _____ (Farbar) C:\Users\Joel long\Downloads\FRST64.exe

2014-02-14 22:55 - 2014-02-14 22:55 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 22:36 - 2014-02-14 22:41 - 00000000 ____D () C:\AdwCleaner

2014-02-14 22:35 - 2014-02-15 09:09 - 00000000 ____D () C:\Users\Joel long\Downloads\virushelp-completed

2014-02-12 21:07 - 2013-12-08 18:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-12 21:07 - 2013-12-08 17:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 21:07 - 2013-12-04 17:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-12 21:07 - 2013-12-04 17:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-12 21:07 - 2013-11-26 18:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml

2014-02-12 21:07 - 2013-11-25 17:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2014-02-12 21:07 - 2013-10-31 23:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-02-12 21:06 - 2014-02-01 03:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-12 21:06 - 2014-02-01 03:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 21:06 - 2014-02-01 03:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-02-12 21:06 - 2014-02-01 03:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-12 21:06 - 2014-02-01 03:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-12 21:06 - 2014-02-01 01:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-12 21:06 - 2014-02-01 01:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-12 21:06 - 2014-02-01 01:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-12 21:06 - 2014-02-01 01:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-12 21:06 - 2014-02-01 01:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 21:06 - 2014-02-01 01:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-12 21:06 - 2014-01-31 23:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-02-12 21:06 - 2013-12-04 17:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-12 21:06 - 2013-12-04 17:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-12 21:06 - 2013-10-30 23:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll

2014-02-12 21:06 - 2013-10-30 23:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll

2014-02-12 21:06 - 2013-10-30 22:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll

2014-02-12 21:06 - 2013-10-30 21:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys

2014-02-12 21:06 - 2013-10-27 23:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-02-12 21:06 - 2013-10-27 22:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-02-12 21:06 - 2013-10-13 14:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys

2014-02-12 21:06 - 2013-08-26 23:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2014-02-12 21:06 - 2013-08-26 23:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2014-02-12 21:06 - 2013-08-26 16:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2014-02-12 21:06 - 2013-08-26 16:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2014-02-12 21:05 - 2014-02-01 03:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 21:05 - 2014-02-01 03:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 21:05 - 2014-02-01 03:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-12 21:05 - 2014-02-01 03:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 21:04 - 2014-02-01 03:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 21:04 - 2014-02-01 03:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 21:04 - 2014-02-01 01:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-12 21:04 - 2014-02-01 01:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-12 21:04 - 2014-02-01 01:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-12 21:04 - 2014-02-01 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-02-12 21:00 - 2014-01-12 17:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-12 21:00 - 2014-01-12 17:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-12 21:00 - 2013-11-19 18:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-12 21:00 - 2013-11-19 17:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-12 20:59 - 2013-12-07 00:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-02-12 20:59 - 2013-12-07 00:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-12 20:59 - 2013-12-06 23:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-02-12 20:59 - 2013-12-06 23:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-09 22:23 - 2014-02-09 22:23 - 00000000 ____D () C:\Users\Joel long\AppData\Roaming\Malwarebytes

2014-02-09 22:22 - 2014-02-09 22:22 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-09 22:22 - 2014-02-09 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-09 22:22 - 2014-02-09 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 22:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-09 22:07 - 2014-02-09 22:14 - 00000000 ____D () C:\Users\Joel long\AppData\Roaming\vlc

2014-02-09 22:07 - 2014-02-09 22:07 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-02-09 22:06 - 2014-02-09 22:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-02-09 22:03 - 2014-02-09 22:03 - 00000000 ____D () C:\Users\Joel long\Desktop\Old Firefox Data

2014-02-08 21:12 - 2014-02-08 21:41 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-08 21:12 - 2014-02-08 21:12 - 00000000 ____D () C:\Program Files\iTunes

2014-02-08 21:12 - 2014-02-08 21:12 - 00000000 ____D () C:\Program Files\iPod

2014-02-08 20:59 - 2014-02-08 20:59 - 00307728 _____ () C:\Windows\system32\FNTCACHE.DAT

 

==================== One Month Modified Files and Folders =======

 

2014-02-15 09:11 - 2014-02-15 09:10 - 00009024 _____ () C:\Users\Joel long\Downloads\FRST.txt

2014-02-15 09:10 - 2014-02-15 09:10 - 00000000 ____D () C:\FRST

2014-02-15 09:09 - 2014-02-14 22:35 - 00000000 ____D () C:\Users\Joel long\Downloads\virushelp-completed

2014-02-15 09:08 - 2012-11-24 18:18 - 00000000 ____D () C:\Users\Joel long

2014-02-15 09:08 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-15 09:07 - 2012-08-03 16:23 - 00732672 _____ () C:\Windows\PFRO.log

2014-02-15 09:06 - 2014-02-15 09:06 - 02152960 _____ (Farbar) C:\Users\Joel long\Downloads\FRST64.exe

2014-02-15 09:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru

2014-02-15 08:32 - 2012-12-04 20:27 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004UA.job

2014-02-15 08:31 - 2013-05-11 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-15 08:26 - 2012-11-24 18:17 - 01919792 _____ () C:\Windows\WindowsUpdate.log

2014-02-15 02:11 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache

2014-02-14 23:13 - 2012-11-24 18:32 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1151768343-762636676-3651508663-1004

2014-02-14 22:55 - 2014-02-14 22:55 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 22:41 - 2014-02-14 22:36 - 00000000 ____D () C:\AdwCleaner

2014-02-14 22:41 - 2012-11-24 18:25 - 00000997 _____ () C:\Users\Joel long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-14 22:37 - 2012-07-26 01:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-14 22:35 - 2012-07-26 01:21 - 00058384 _____ () C:\Windows\setupact.log

2014-02-12 22:18 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\WinStore

2014-02-12 22:09 - 2013-03-19 17:42 - 00041472 ___SH () C:\Users\Joel long\Downloads\Thumbs.db

2014-02-12 21:08 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-02-12 20:37 - 2012-11-24 18:26 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E53F647F-3F75-413A-B024-49DC7E3B9AD9}

2014-02-11 17:36 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-02-09 22:49 - 2014-01-09 19:07 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3

2014-02-09 22:23 - 2014-02-09 22:23 - 00000000 ____D () C:\Users\Joel long\AppData\Roaming\Malwarebytes

2014-02-09 22:22 - 2014-02-09 22:22 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-09 22:22 - 2014-02-09 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-09 22:22 - 2014-02-09 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 22:22 - 2013-01-15 17:02 - 00536576 ___SH () C:\Users\Joel long\Desktop\Thumbs.db

2014-02-09 22:14 - 2014-02-09 22:07 - 00000000 ____D () C:\Users\Joel long\AppData\Roaming\vlc

2014-02-09 22:07 - 2014-02-09 22:07 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-02-09 22:06 - 2014-02-09 22:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-02-09 22:03 - 2014-02-09 22:03 - 00000000 ____D () C:\Users\Joel long\Desktop\Old Firefox Data

2014-02-09 22:01 - 2013-12-09 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-09 22:01 - 2013-03-09 19:09 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-09 20:32 - 2012-12-04 20:27 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004Core.job

2014-02-09 20:08 - 2012-11-24 19:39 - 00000000 ____D () C:\Users\Joel long\AppData\Local\CrashDumps

2014-02-08 22:33 - 2013-05-11 20:40 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-08 22:05 - 2013-08-14 11:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-08 21:59 - 2013-03-09 16:21 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-02-08 21:56 - 2013-03-09 15:49 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-08 21:56 - 2012-07-25 23:38 - 00000000 ____D () C:\Windows\system32\oobe

2014-02-08 21:48 - 2013-03-09 16:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn

2014-02-08 21:41 - 2014-02-08 21:12 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-08 21:41 - 2014-01-07 12:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-08 21:12 - 2014-02-08 21:12 - 00000000 ____D () C:\Program Files\iTunes

2014-02-08 21:12 - 2014-02-08 21:12 - 00000000 ____D () C:\Program Files\iPod

2014-02-08 21:12 - 2012-11-25 11:59 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-02-08 20:59 - 2014-02-08 20:59 - 00307728 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-02-01 03:20 - 2014-02-12 21:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-01 03:19 - 2014-02-12 21:06 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-01 03:19 - 2014-02-12 21:06 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-02-01 03:19 - 2014-02-12 21:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-02-01 03:19 - 2014-02-12 21:05 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-01 03:18 - 2014-02-12 21:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-01 03:18 - 2014-02-12 21:05 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-01 03:18 - 2014-02-12 21:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-01 03:18 - 2014-02-12 21:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-01 03:18 - 2014-02-12 21:04 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-01 03:18 - 2014-02-12 21:04 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-01 01:58 - 2014-02-12 21:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-01 01:58 - 2014-02-12 21:06 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-01 01:58 - 2014-02-12 21:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-01 01:57 - 2014-02-12 21:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-01 01:57 - 2014-02-12 21:04 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-01 01:57 - 2014-02-12 21:04 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-01 01:57 - 2014-02-12 21:04 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-01 01:57 - 2014-02-12 21:04 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-02-01 01:40 - 2014-02-12 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-01 01:34 - 2014-02-12 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-01-31 23:08 - 2014-02-12 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-01-30 15:10 - 2013-12-06 19:52 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-30 15:10 - 2013-12-06 19:52 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-19 01:33 - 2013-03-09 16:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

Some content of TEMP:

====================

C:\Users\Joel long\AppData\Local\Temp\APNSetup.exe

C:\Users\Joel long\AppData\Local\Temp\BackupSetup.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\lowproc.exe

C:\Users\Joel long\AppData\Local\Temp\MotoCast_Installer_2.0031.exe

C:\Users\Joel long\AppData\Local\Temp\oi_{FDA7113F-A910-4802-A1D7-603155652678}.exe

C:\Users\Joel long\AppData\Local\Temp\Quarantine.exe

C:\Users\Joel long\AppData\Local\Temp\safeguard.exe

C:\Users\Joel long\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll

C:\Users\Joel long\AppData\Local\Temp\stubhelper.dll

C:\Users\Joel long\AppData\Local\Temp\tbMixi.dll

C:\Users\Joel long\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Joel long\AppData\Local\Temp\winziprosetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-15 03:07

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01

Ran by Joel long at 2014-02-15 09:13:15

Running from C:\Users\Joel long\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)

AMD Accelerated Video Transcoding (Version: 12.10.100.30226 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0226.1355.24951 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden

CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.)

CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden

CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Energy Star (Version: 1.0.8 - Hewlett-Packard)

Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

FlatOut (x32 Version: 2.2.0.110 - WildTangent) Hidden

FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)

HP Games (x32 Version: 1.0.3.0 - WildTangent)

HP MyRoom (x32 Version: 9.0.0.0 - Hewlett-Packard Company)

HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden

HP Quick Launch (x32 Version: 3.0.3 - Hewlett-Packard Company)

HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden

HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Software Framework (x32 Version: 4.6.8.1 - Hewlett-Packard Company)

HP Support Assistant (x32 Version: 7.0.32.44 - Hewlett-Packard Company)

HP Utility Center (x32 Version: 1.0.7 - Hewlett-Packard)

HP Wireless Button Driver (x32 Version: 1.0.5.1 - Hewlett-Packard Company)

IDT Audio (x32 Version: 1.0.6417.0 - IDT)

iTunes (Version: 11.1.2.32 - Apple Inc.)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 25.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Ralink RT5390R 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0 - Ralink)

Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)

Realtek PCIE Card Reader (x32 Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.94 (x32 Version: 1.94 - VS Revo Group)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics TouchPad Driver (Version: 16.2.10.12 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden

VLC media player 2.1.3 (x32 Version: 2.1.3 - VideoLAN)

WildTangent Games (x32 Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

16-01-2014 17:47:07 Windows Modules Installer

09-02-2014 03:37:56 Revo Uninstaller's restore point - LogMeIn

13-02-2014 02:57:57 Revo Uninstaller's restore point - Java 7 Update 45

 

==================== Hosts content: ==========================

 

2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {01DA2E6E-DF3E-4EE9-A748-CB905B145891} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004UA => C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04] (Facebook Inc.)

Task: {08E988FE-5696-4BB7-9B59-C9FFFF62C48D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1AB3811D-5D75-4847-A699-421B8A8E924B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {554231DB-F84A-4795-B48C-A658FA4B428A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {80B6BA18-2A7E-41B1-A34A-1F3F55A53E38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {89C81841-8FDD-4E0F-A1FD-7C12E4C813E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {9AACED47-47D2-4FAB-96C6-CE65202906C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)

Task: {A5901F04-94D4-49E1-84C6-595611CA19EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C1EE4DAB-807E-405F-A535-8887CD08F681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D985EAC8-0B84-4A7F-869E-40DFB5C3B0F0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004Core => C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04] (Facebook Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F2E46419-1B6D-4CA8-BD2D-E951F1525F8B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004Core.job => C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1151768343-762636676-3651508663-1004UA.job => C:\Users\Joel long\AppData\Local\Facebook\Update\FacebookUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-02-26 14:07 - 2013-02-26 14:07 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-08-27 23:33 - 2012-08-27 23:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-08-27 23:33 - 2012-08-27 23:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-31 16:14 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

Error: (02/15/2014 09:08:36 AM) (Source: Microsoft-Windows-GroupPolicy) (User: Joel)

Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

 

Error: (02/15/2014 09:08:11 AM) (Source: Service Control Manager) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 

%%3

 

Error: (02/15/2014 09:06:05 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (02/15/2014 09:05:35 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (02/14/2014 11:20:15 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (02/14/2014 11:19:45 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 31%

Total physical RAM: 3682.26 MB

Available physical RAM: 2521.29 MB

Total Pagefile: 4322.26 MB

Available Pagefile: 3097.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:276.8 GB) (Free:220.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:20.52 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (KINGSTON) (Removable) (Total:7.25 GB) (Free:7.24 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: C2C9F703)

 

Partition: GPT Partition Type

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7 GB) - (Type=0B)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on nay remaining issues or concerns...

 

Kevin

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01

Ran by Joel long at 2014-02-15 14:19:00 Run:1

Running from C:\Users\Joel long\Downloads\virushelp-completed

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-1151768343-762636676-3651508663-1004\...\MountPoints2: {b0e9f4fd-94ca-11e2-be88-c8cbb801783b} - "F:\WD SmartWare.exe" autoplay=true

C:\Users\Joel long\AppData\Local\Temp\APNSetup.exe

C:\Users\Joel long\AppData\Local\Temp\BackupSetup.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Joel long\AppData\Local\Temp\lowproc.exe

C:\Users\Joel long\AppData\Local\Temp\MotoCast_Installer_2.0031.exe

C:\Users\Joel long\AppData\Local\Temp\oi_{FDA7113F-A910-4802-A1D7-603155652678}.exe

C:\Users\Joel long\AppData\Local\Temp\Quarantine.exe

C:\Users\Joel long\AppData\Local\Temp\safeguard.exe

C:\Users\Joel long\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll

C:\Users\Joel long\AppData\Local\Temp\stubhelper.dll

C:\Users\Joel long\AppData\Local\Temp\tbMixi.dll

C:\Users\Joel long\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Joel long\AppData\Local\Temp\winziprosetup.exe

AlternateDataStreams: C:\ProgramData\Temp:373E1720

End

*****************

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0e9f4fd-94ca-11e2-be88-c8cbb801783b} => Key not found.

HKCR\CLSID\{b0e9f4fd-94ca-11e2-be88-c8cbb801783b} => Key not found.

C:\Users\Joel long\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\BackupSetup.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\lowproc.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\MotoCast_Installer_2.0031.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\oi_{FDA7113F-A910-4802-A1D7-603155652678}.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\safeguard.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\stubhelper.dll => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\tbMixi.dll => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

C:\Users\Joel long\AppData\Local\Temp\winziprosetup.exe => Moved successfully.

C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

C:\FRST\Quarantine\APNSetup.exe15-02-2014_14-19-00 a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\FRST\Quarantine\tbMixi.dll15-02-2014_14-19-02 a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\Joel long\AppData\Local\Temp\SkWNojGz.exe.part Win32/DownWare.S potentially unwanted application

C:\Users\Joel long\AppData\Local\Temp\uO3oqJXB.exe.part a variant of Win32/InstallCore.CH potentially unwanted application

C:\Users\Joel long\AppData\Local\Temp\DM2\microsoft-office-word-viewer-2007_027\software\Supreme Savings.exe Win32/Packed.ScrambleWrapper.A potentially unwanted application

C:\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\mypc.exe Win32/MyPCBackup.A potentially unwanted application

C:\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\speed.exe Win32/SpeedUpMyPC potentially unwanted application

C:\Windows\Installer\MSI669F.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Flash Player 12.0.0.44  

 Mozilla Firefox (27.0) 

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Windows Defender MsMpEng.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\Joel long\AppData\Local\Temp\SkWNojGz.exe.partC:\Users\Joel long\AppData\Local\Temp\uO3oqJXB.exe.partC:\Users\Joel long\AppData\Local\Temp\DM2\microsoft-office-word-viewer-2007_027\software\Supreme Savings.exeC:\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\mypc.exeC:\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\speed.exeC:\Windows\Installer\MSI669F.tmpipconfig /flushdns /c:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Run Malwarebytes Quick scan, post that log...
 

Post those logs, also give an update on any remaining issues or concerns....

 

Kevin... :)

Link to post
Share on other sites

So, I updated my computer from Windows 8 to 8.1 overnight. I modified your OTM "script" a bit to reflect this. Below is from the Results side of OTM  .... OTM still seems to be running though, the green progress bar periodically scans from left to right. I honestly didn't think that through very well before performing the Windows upgrade.

 

All processes killed
========== FILES ==========
C:\Windows.old\Users\Joel long\AppData\Local\Temp\SkWNojGz.exe.part moved successfully.
C:\Windows.old\Users\Joel long\AppData\Local\Temp\uO3oqJXB.exe.part moved successfully.
File/Folder C:\Windows.old\Users\Joel long\AppData\Local\Temp\DM2\microsoft-office-word-viewer-2007_027\software\Supreme Savings.exe not found.
C:\Windows.old\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\mypc.exe moved successfully.
File/Folder C:\Windows.old\Users\Joel long\AppData\Local\Temp\nscE2F2.tmp\speed.exe not found.
File/Folder C:\Windows.old\Installer\MSI669F.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joel long\Downloads\cmd.bat deleted successfully.
C:\Users\Joel long\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: joel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Joel long
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Link to post
Share on other sites

The quick scan from Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Joel long :: JOEL [administrator]

2/16/2014 9:33:06 PM
mbam-log-2014-02-16 (21-33-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 234852
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

If no remaining issues or concerns lets clean up....

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


  •  

       


  • Remove disinfection tools

     

     



 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any tools or logs on Desktop or Downloads folder can be deleted....

 

If no remaining issues are we OK to close out?  Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin....

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.