Jump to content

Help!


Recommended Posts

I have been trying to get rid of some infected files. I followed instructions on dds and gmer, at first gmer forced closed but I followed the topic on that and was able to do a scan. Here are my gmer results. Im not sure if my computer is clean, yet when I ran a quick scan I had no infections. 

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-12 23:46:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332041 rev.CC46 298.09GB
Running: gmer.exe; Driver: C:\Users\MARISS~1\AppData\Local\Temp\pwloyaog.sys
 
 
---- Devices - GMER 2.1 ----
 
Device   \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                    fffffa80018172c0
Device   \FileSystem\fastfat \Fat                                                                                                                                                                                                                                  fffffa80046e22c0
Device   \Driver\usbuhci \Device\USBPDO-5                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbuhci \Device\USBFDO-3                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbuhci \Device\USBPDO-1                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\iaStor \Device\Dev_fffffa8002215050                                                                                                                                                                                                               fffffa80029d2d18
Device   \Driver\cdrom \Device\CdRom0                                                                                                                                                                                                                              fffffa80027bb2c0
Device   \Driver\usbehci \Device\USBPDO-6                                                                                                                                                                                                                          fffffa80037fb2c0
Device   \Driver\usbuhci \Device\USBFDO-4                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbuhci \Device\USBFDO-0                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbehci \Device\USBPDO-2                                                                                                                                                                                                                          fffffa80037fb2c0
Device   \Driver\usbuhci \Device\USBFDO-5                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbuhci \Device\USBPDO-3                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbuhci \Device\USBFDO-1                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                                                                   fffffa80027c82c0
Device   \Driver\usbehci \Device\USBFDO-6                                                                                                                                                                                                                          fffffa80037fb2c0
Device   \Driver\NetBT \Device\NetBT_Tcpip_{AFFD4F8B-2AB2-4C10-A062-304D10871679}                                                                                                                                                                                  fffffa80027c82c0
Device   \Driver\usbuhci \Device\USBPDO-4                                                                                                                                                                                                                          fffffa80037412c0
Device   \Driver\usbehci \Device\USBFDO-2                                                                                                                                                                                                                          fffffa80037fb2c0
Device   \Driver\usbuhci \Device\USBPDO-0                                                                                                                                                                                                                          fffffa80037412c0
 
---- Threads - GMER 2.1 ----
 
Thread   System [4:4448]                                                                                                                                                                                                                                           fffffa80029d6a78
Thread   C:\Windows\System32\svchost.exe [860:884]                                                                                                                                                                                                                 000007fefbf2dc50
Thread   C:\Windows\System32\svchost.exe [860:888]                                                                                                                                                                                                                 000007fefbf428b0
Thread   C:\Windows\System32\svchost.exe [860:368]                                                                                                                                                                                                                 000007fefad8f2f4
Thread   C:\Windows\System32\svchost.exe [860:476]                                                                                                                                                                                                                 000007fefb3a6204
Thread   C:\Windows\System32\svchost.exe [860:1080]                                                                                                                                                                                                                000007fefac12070
Thread   C:\Windows\System32\svchost.exe [860:1104]                                                                                                                                                                                                                000007fefa935428
Thread   C:\Windows\System32\svchost.exe [860:4604]                                                                                                                                                                                                                000007fef8f25fd0
Thread   C:\Windows\System32\svchost.exe [860:4656]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [860:4648]                                                                                                                                                                                                                000007fef2bc6b8c
Thread   C:\Windows\System32\svchost.exe [860:4740]                                                                                                                                                                                                                000007fef2bc1d88
Thread   C:\Windows\System32\svchost.exe [860:3592]                                                                                                                                                                                                                000007fefbf2d604
Thread   C:\Windows\System32\svchost.exe [860:1964]                                                                                                                                                                                                                000007fefbf2d604
Thread   C:\Windows\System32\svchost.exe [860:3780]                                                                                                                                                                                                                000007fefbf2d604
Thread   C:\Windows\System32\svchost.exe [900:440]                                                                                                                                                                                                                 000007fefad8f2f4
Thread   C:\Windows\System32\svchost.exe [900:444]                                                                                                                                                                                                                 000007fefb3a6204
Thread   C:\Windows\System32\svchost.exe [900:1040]                                                                                                                                                                                                                000007fefa98331c
Thread   C:\Windows\System32\svchost.exe [900:1068]                                                                                                                                                                                                                000007fef85488f8
Thread   C:\Windows\System32\svchost.exe [900:2376]                                                                                                                                                                                                                000007fef51120c0
Thread   C:\Windows\System32\svchost.exe [900:2400]                                                                                                                                                                                                                000007fef51126a8
Thread   C:\Windows\System32\svchost.exe [900:2404]                                                                                                                                                                                                                000007fef51129dc
Thread   C:\Windows\System32\svchost.exe [900:4508]                                                                                                                                                                                                                000007fef70844e0
Thread   C:\Windows\System32\svchost.exe [900:4692]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [900:4696]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [900:4700]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [900:4704]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [900:4708]                                                                                                                                                                                                                000007feff09c608
Thread   C:\Windows\System32\svchost.exe [900:5092]                                                                                                                                                                                                                000007feea5a8a4c
Thread   C:\Windows\System32\svchost.exe [900:1124]                                                                                                                                                                                                                000007fef709d710
Thread   C:\Windows\system32\svchost.exe [940:5112]                                                                                                                                                                                                                000007fef50f6ed4
Thread   C:\Windows\system32\svchost.exe [940:1912]                                                                                                                                                                                                                000007fef50f6b8c
Thread   C:\Windows\system32\svchost.exe [964:2936]                                                                                                                                                                                                                000007fef7bb5124
Thread   C:\Windows\system32\svchost.exe [964:4884]                                                                                                                                                                                                                000007feee38506c
Thread   C:\Windows\system32\svchost.exe [964:1396]                                                                                                                                                                                                                000007fef4af1c20
Thread   C:\Windows\system32\svchost.exe [964:2940]                                                                                                                                                                                                                000007fef4af1c20
Thread   C:\Windows\system32\svchost.exe [964:1056]                                                                                                                                                                                                                000007fefb001ab0
Thread   C:\Windows\system32\svchost.exe [964:4232]                                                                                                                                                                                                                000007fefac24164
Thread   C:\Windows\system32\svchost.exe [344:1060]                                                                                                                                                                                                                000007fefaa88274
Thread   C:\Windows\system32\svchost.exe [344:1320]                                                                                                                                                                                                                000007fefaa88274
Thread   C:\Windows\System32\spoolsv.exe [1192:1780]                                                                                                                                                                                                               000007fef8da10c8
Thread   C:\Windows\System32\spoolsv.exe [1192:1836]                                                                                                                                                                                                               000007fef8506144
Thread   C:\Windows\System32\spoolsv.exe [1192:1840]                                                                                                                                                                                                               000007fef8f25fd0
Thread   C:\Windows\System32\spoolsv.exe [1192:1844]                                                                                                                                                                                                               000007fef84e3438
Thread   C:\Windows\System32\spoolsv.exe [1192:1848]                                                                                                                                                                                                               000007fef8f263ec
Thread   C:\Windows\System32\spoolsv.exe [1192:1856]                                                                                                                                                                                                               000007fef97e5e5c
Thread   C:\Windows\System32\spoolsv.exe [1192:1896]                                                                                                                                                                                                               000007fef9895074
Thread   C:\Windows\system32\svchost.exe [1264:1288]                                                                                                                                                                                                               000007fefc9f1a70
Thread   C:\Windows\system32\svchost.exe [1264:1296]                                                                                                                                                                                                               000007fefc9f1a70
Thread   C:\Windows\system32\svchost.exe [1264:1312]                                                                                                                                                                                                               000007fefc9f1a70
Thread   C:\Windows\system32\svchost.exe [1264:1360]                                                                                                                                                                                                               000007fefa372c70
Thread   C:\Windows\system32\svchost.exe [1264:1416]                                                                                                                                                                                                               000007fefa37fb40
Thread   C:\Windows\system32\svchost.exe [1264:1544]                                                                                                                                                                                                               000007fefa391d20
Thread   C:\Windows\system32\svchost.exe [1264:1548]                                                                                                                                                                                                               000007fefa37f6f0
Thread   C:\Windows\system32\svchost.exe [1264:1704]                                                                                                                                                                                                               000007fef92e35c0
Thread   C:\Windows\system32\svchost.exe [1264:1720]                                                                                                                                                                                                               000007fef92e5600
Thread   C:\Windows\system32\svchost.exe [1264:2416]                                                                                                                                                                                                               000007fef5072888
Thread   C:\Windows\system32\svchost.exe [1264:2420]                                                                                                                                                                                                               000007fef5062940
Thread   C:\Windows\system32\svchost.exe [1264:1560]                                                                                                                                                                                                               000007fef5072a40
Thread   C:\Windows\system32\taskhost.exe [1328:1728]                                                                                                                                                                                                              000007fef91a1f38
Thread   C:\Windows\system32\taskhost.exe [1328:1832]                                                                                                                                                                                                              000007fefa312740
Thread   C:\Windows\system32\taskhost.exe [1328:1992]                                                                                                                                                                                                              000007fef7cc1010
Thread   C:\Windows\system32\taskhost.exe [1328:2928]                                                                                                                                                                                                              000007fef80e5170
Thread   C:\Windows\system32\Dwm.exe [1456:1512]                                                                                                                                                                                                                   000007fefa18f0d8
Thread   C:\Windows\system32\Dwm.exe [1456:1528]                                                                                                                                                                                                                   000007fef9c3abf0
Thread   C:\Windows\system32\svchost.exe [1688:2536]                                                                                                                                                                                                               000007fef5098470
Thread   C:\Windows\system32\svchost.exe [1688:2540]                                                                                                                                                                                                               000007fef50a2418
Thread   C:\Windows\system32\svchost.exe [1688:4520]                                                                                                                                                                                                               000007feee62f130
Thread   C:\Windows\system32\svchost.exe [1688:4352]                                                                                                                                                                                                               000007feee624734
Thread   C:\Windows\system32\svchost.exe [1688:3552]                                                                                                                                                                                                               000007feee624734
Thread   C:\Windows\System32\svchost.exe [4664:4360]                                                                                                                                                                                                               000007fef80e5170
Thread   C:\Windows\System32\svchost.exe [4664:1220]                                                                                                                                                                                                               000007fef7bb9874
---- Processes - GMER 2.1 ----
 
Process  C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (*** suspicious ***) @ C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1860] (Music Manager/Google Inc.)(2013-06-20 23:52:00)  0000000000360000
Library  C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll (*** suspicious ***) @ C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1860](2013-01-10 20:01:26)                                 0000000010000000
Library  C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\QtGui4.dll (*** suspicious ***) @ C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1860](2013-01-10 20:01:22)                                    0000000065000000
 
---- EOF - GMER 2.1 ----
 
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run the following in the order listed and post logs..

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.018 - Report created 13/02/2014 at 23:32:11

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Marissa The Gr8 - MARISSATHEGR8

# Running from : C:\Users\Marissa The Gr8\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\Program Files (x86)\adawaretb

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Marissa The Gr8\AppData\Local\Conduit

Folder Deleted : C:\Users\Marissa The Gr8\AppData\LocalLow\Conduit

File Deleted : C:\END

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Toolbar Cleaner

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

 

*************************

 

AdwCleaner[R0].txt - [1786 octets] - [13/02/2014 23:30:01]

AdwCleaner[s0].txt - [1557 octets] - [13/02/2014 23:32:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1617 octets] ##########

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Home Premium x64

Ran by Marissa The Gr8 on Fri 02/14/2014 at  0:00:04.89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

 

    Value Name          Type                             Value Data                     

========================================================================================

    BackgroundContainer    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30CDA4D3-37C3-4071-9829-ED84949B7275}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Marissa The Gr8\appdata\local\adawarebp"

Successfully deleted: [Folder] "C:\Users\Marissa The Gr8\appdata\local\cre"

Successfully deleted: [Empty Folder] C:\Users\Marissa The Gr8\appdata\local\{48439650-9885-4FC5-AC05-7A8C6B6AB7D8}

Successfully deleted: [Empty Folder] C:\Users\Marissa The Gr8\appdata\local\{9A39590C-3280-4A87-8472-242EE3907050}

Successfully deleted: [Empty Folder] C:\Users\Marissa The Gr8\appdata\local\{9D13E622-B652-47C3-892B-BC996FF1E7CD}

Successfully deleted: [Empty Folder] C:\Users\Marissa The Gr8\appdata\local\{F296DE93-E659-4713-9B1E-65A7B4726495}

Successfully deleted: [Empty Folder] C:\Users\Marissa The Gr8\appdata\local\{F6E99F21-84B3-4DA7-8AC7-BC7E66FA0479}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/14/2014 at  0:12:58.88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

----------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.14.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Marissa The Gr8 :: MARISSATHEGR8 [administrator]

 

Protection: Disabled

 

2/14/2014 12:17:16 AM

mbam-log-2014-02-14 (00-17-16).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 367032

Time elapsed: 50 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

--------------------------------------------------------------------------------

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01

Ran by Marissa The Gr8 (administrator) on MARISSATHEGR8 on 14-02-2014 01:43:31

Running from C:\Users\Marissa The Gr8\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

(Google Inc.) C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

(Spotify Ltd) C:\Users\Marissa The Gr8\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Addition.txt

Link to post
Share on other sites

im sorry "/ I am also getting a run .dll error when I restart. Its in the background app that was removed. Idk if you can see what Im talking about lol.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Marissa The Gr8 (administrator) on MARISSATHEGR8 on 14-02-2014 01:43:31
Running from C:\Users\Marissa The Gr8\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Google Inc.) C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Marissa The Gr8\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellComms] - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [sTToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-26] (Microsoft Corporation)
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\Run: [MusicManager] - C:\Users\Marissa The Gr8\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-20] (Google Inc.)
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\Run: [spotify Web Helper] - C:\Users\Marissa The Gr8\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-13] (Spotify Ltd)
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: G - G:\setup.exe -a
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: {1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} - G:\setup.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {29146ABB-526F-472C-9168-63D1741EEC33} URL = 
SearchScopes: HKCU - {414B715D-1530-421C-9224-8A96AC1D0545} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {91DE835F-EE1B-4216-90B3-4C2FB2BF94B2} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]
CHR Extension: (YouTube) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]
CHR Extension: (Google Search) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]
CHR Extension: (Crackle) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-09-20]
CHR Extension: (Google Wallet) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Marissa The Gr8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]
CHR HKCU\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\Marissa The Gr8\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\Marissa The Gr8\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-07-29]
 
==================== Services (Whitelisted) =================
 
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-26] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-12] (Duplex Secure Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-14 01:43 - 2014-02-14 01:44 - 00013152 _____ () C:\Users\Marissa The Gr8\Downloads\FRST.txt
2014-02-14 01:43 - 2014-02-14 01:43 - 00000000 ____D () C:\FRST
2014-02-14 01:42 - 2014-02-14 01:42 - 02152960 _____ (Farbar) C:\Users\Marissa The Gr8\Downloads\FRST64.exe
2014-02-14 01:39 - 2014-02-14 01:39 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\adawarebp
2014-02-14 00:14 - 2014-02-14 00:14 - 01037530 _____ (Thisisu) C:\Users\Marissa The Gr8\Downloads\JRT (1).exe
2014-02-14 00:12 - 2014-02-14 00:12 - 00002383 _____ () C:\Users\Marissa The Gr8\Desktop\JRT.txt
2014-02-14 00:00 - 2014-02-14 00:00 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 23:56 - 2014-02-13 23:56 - 01037530 _____ (Thisisu) C:\Users\Marissa The Gr8\Downloads\JRT.exe
2014-02-13 23:32 - 2014-02-14 01:37 - 00005476 _____ () C:\Users\Marissa The Gr8\Desktop\AdwCleaner[s0].txt
2014-02-13 23:29 - 2014-02-14 00:15 - 00000000 ____D () C:\AdwCleaner
2014-02-13 23:29 - 2014-02-13 23:29 - 00012488 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140213_232908.reg
2014-02-13 23:23 - 2014-02-13 23:23 - 01166132 _____ () C:\Users\Marissa The Gr8\Downloads\AdwCleaner.exe
2014-02-13 00:02 - 2014-02-13 23:37 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Spotify
2014-02-13 00:02 - 2014-02-13 23:35 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\Spotify
2014-02-13 00:02 - 2014-02-13 00:02 - 00001864 _____ () C:\Users\Marissa The Gr8\Desktop\Spotify.lnk
2014-02-13 00:02 - 2014-02-13 00:02 - 00001850 _____ () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\Apple Computer
2014-02-12 23:46 - 2014-02-12 23:46 - 00026440 _____ () C:\Users\Marissa The Gr8\Desktop\gmer.log
2014-02-12 23:09 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Marissa The Gr8\Desktop\gmer.exe
2014-02-12 22:23 - 2014-02-12 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 22:22 - 2014-02-12 22:22 - 00000000 ____D () C:\Users\Marissa The Gr8\Documents\MWB Chameleon
2014-02-12 22:21 - 2014-02-12 22:40 - 00000000 ____D () C:\Users\Marissa The Gr8\Desktop\mbar
2014-02-12 22:21 - 2014-02-12 22:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 22:13 - 2014-02-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 22:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 21:56 - 2014-02-12 21:56 - 00015573 _____ () C:\Users\Marissa The Gr8\Desktop\dds.txt
2014-02-12 21:56 - 2014-02-12 21:56 - 00010233 _____ () C:\Users\Marissa The Gr8\Desktop\attach.txt
2014-02-12 21:40 - 2014-02-12 21:40 - 00000928 _____ () C:\Users\Marissa The Gr8\Desktop\My Videos - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000953 _____ () C:\Users\Marissa The Gr8\Desktop\My Documents - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000942 _____ () C:\Users\Marissa The Gr8\Desktop\My Pictures - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000925 _____ () C:\Users\Marissa The Gr8\Desktop\My Music - Shortcut.lnk
2014-02-12 21:14 - 2014-02-12 21:14 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-02-12 18:23 - 2014-02-12 21:29 - 00000000 ____D () C:\Windows\pss
2014-02-12 18:07 - 2014-02-14 01:38 - 00007286 _____ () C:\Windows\PFRO.log
2014-02-12 18:07 - 2014-02-14 01:38 - 00000448 _____ () C:\Windows\setupact.log
2014-02-12 18:07 - 2014-02-12 18:07 - 00284064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 18:07 - 2014-02-12 18:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 17:42 - 2014-02-12 17:42 - 00059488 _____ () C:\Users\Marissa The Gr8\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 16:34 - 2014-02-12 16:35 - 00001108 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140212_163453.reg
2014-02-07 17:42 - 2014-02-07 17:42 - 00062040 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140207_174216.reg
2014-01-31 11:54 - 2014-02-13 23:34 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\WeatherBug
2014-01-31 11:54 - 2014-01-31 11:54 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\WeatherBug
2014-01-31 11:52 - 2014-01-31 11:52 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
2014-01-31 11:52 - 2014-01-31 11:52 - 00000000 ____D () C:\Program Files (x86)\AWS
2014-01-30 19:46 - 2014-01-30 19:46 - 00055434 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140130_194613.reg
2014-01-30 19:46 - 2014-01-30 19:46 - 00005894 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140130_194640.reg
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files\iTunes
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-27 21:58 - 2014-01-27 21:58 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Motorola
2014-01-27 21:57 - 2014-02-12 18:07 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-01-27 21:57 - 2014-01-27 21:57 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-01-23 15:42 - 2014-01-23 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-01-23 02:59 - 2014-01-23 18:30 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\DropboxMaster
2014-01-23 02:59 - 2014-01-23 02:59 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-23 02:58 - 2014-01-27 13:46 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Dropbox
2014-01-19 13:30 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-19 13:30 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-19 13:30 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-19 13:30 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-17 15:31 - 2014-01-17 15:31 - 00021378 _____ () C:\Users\Marissa The Gr8\The Hobbit The Desolation of Smaug.torrent
 
==================== One Month Modified Files and Folders =======
 
2014-02-14 01:44 - 2014-02-14 01:43 - 00013152 _____ () C:\Users\Marissa The Gr8\Downloads\FRST.txt
2014-02-14 01:43 - 2014-02-14 01:43 - 00000000 ____D () C:\FRST
2014-02-14 01:42 - 2014-02-14 01:42 - 02152960 _____ (Farbar) C:\Users\Marissa The Gr8\Downloads\FRST64.exe
2014-02-14 01:42 - 2009-07-13 23:10 - 01940955 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 01:39 - 2014-02-14 01:39 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\adawarebp
2014-02-14 01:39 - 2010-11-16 01:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-14 01:38 - 2014-02-12 18:07 - 00007286 _____ () C:\Windows\PFRO.log
2014-02-14 01:38 - 2014-02-12 18:07 - 00000448 _____ () C:\Windows\setupact.log
2014-02-14 01:38 - 2013-07-25 21:27 - 00000072 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-02-14 01:38 - 2013-07-25 21:23 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\SoftThinks
2014-02-14 01:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 01:37 - 2014-02-13 23:32 - 00005476 _____ () C:\Users\Marissa The Gr8\Desktop\AdwCleaner[s0].txt
2014-02-14 00:15 - 2014-02-13 23:29 - 00000000 ____D () C:\AdwCleaner
2014-02-14 00:14 - 2014-02-14 00:14 - 01037530 _____ (Thisisu) C:\Users\Marissa The Gr8\Downloads\JRT (1).exe
2014-02-14 00:12 - 2014-02-14 00:12 - 00002383 _____ () C:\Users\Marissa The Gr8\Desktop\JRT.txt
2014-02-14 00:00 - 2014-02-14 00:00 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 00:00 - 2010-11-16 03:02 - 00000000 ____D () C:\dell
2014-02-13 23:57 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 23:57 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 23:56 - 2014-02-13 23:56 - 01037530 _____ (Thisisu) C:\Users\Marissa The Gr8\Downloads\JRT.exe
2014-02-13 23:50 - 2013-07-25 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 23:37 - 2014-02-13 00:02 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Spotify
2014-02-13 23:35 - 2014-02-13 00:02 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\Spotify
2014-02-13 23:35 - 2013-07-25 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-13 23:35 - 2013-07-25 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-13 23:35 - 2013-07-25 22:36 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-13 23:34 - 2014-01-31 11:54 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\WeatherBug
2014-02-13 23:33 - 2013-07-29 23:33 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 23:33 - 2013-07-29 23:33 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 23:29 - 2014-02-13 23:29 - 00012488 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140213_232908.reg
2014-02-13 23:28 - 2013-08-02 01:29 - 00000000 ____D () C:\ProgramData\Origin
2014-02-13 23:28 - 2013-08-01 21:32 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-13 23:28 - 2010-11-16 01:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-13 23:24 - 2013-11-06 22:18 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
2014-02-13 23:24 - 2013-11-06 22:18 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-02-13 23:23 - 2014-02-13 23:23 - 01166132 _____ () C:\Users\Marissa The Gr8\Downloads\AdwCleaner.exe
2014-02-13 12:09 - 2013-07-29 23:07 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\Windows Live
2014-02-13 09:03 - 2013-07-29 23:33 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 09:03 - 2013-07-29 23:33 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 00:02 - 2014-02-13 00:02 - 00001864 _____ () C:\Users\Marissa The Gr8\Desktop\Spotify.lnk
2014-02-13 00:02 - 2014-02-13 00:02 - 00001850 _____ () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Local\Apple Computer
2014-02-12 23:50 - 2013-12-01 22:49 - 00003430 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-12 23:46 - 2014-02-12 23:46 - 00026440 _____ () C:\Users\Marissa The Gr8\Desktop\gmer.log
2014-02-12 22:40 - 2014-02-12 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 22:40 - 2014-02-12 22:21 - 00000000 ____D () C:\Users\Marissa The Gr8\Desktop\mbar
2014-02-12 22:22 - 2014-02-12 22:22 - 00000000 ____D () C:\Users\Marissa The Gr8\Documents\MWB Chameleon
2014-02-12 22:21 - 2014-02-12 22:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 22:13 - 2014-02-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 21:56 - 2014-02-12 21:56 - 00015573 _____ () C:\Users\Marissa The Gr8\Desktop\dds.txt
2014-02-12 21:56 - 2014-02-12 21:56 - 00010233 _____ () C:\Users\Marissa The Gr8\Desktop\attach.txt
2014-02-12 21:40 - 2014-02-12 21:40 - 00000928 _____ () C:\Users\Marissa The Gr8\Desktop\My Videos - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000953 _____ () C:\Users\Marissa The Gr8\Desktop\My Documents - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000942 _____ () C:\Users\Marissa The Gr8\Desktop\My Pictures - Shortcut.lnk
2014-02-12 21:39 - 2014-02-12 21:39 - 00000925 _____ () C:\Users\Marissa The Gr8\Desktop\My Music - Shortcut.lnk
2014-02-12 21:29 - 2014-02-12 18:23 - 00000000 ____D () C:\Windows\pss
2014-02-12 21:14 - 2014-02-12 21:14 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-02-12 18:09 - 2013-07-25 21:50 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\BitComet
2014-02-12 18:07 - 2014-02-12 18:07 - 00284064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 18:07 - 2014-02-12 18:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 18:07 - 2014-01-27 21:57 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-02-12 17:42 - 2014-02-12 17:42 - 00059488 _____ () C:\Users\Marissa The Gr8\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 16:36 - 2013-07-26 02:56 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-12 16:35 - 2014-02-12 16:34 - 00001108 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140212_163453.reg
2014-02-10 01:48 - 2013-07-31 23:41 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\vlc
2014-02-07 17:44 - 2013-07-26 03:01 - 00000000 ____D () C:\Program Files\DivX
2014-02-07 17:44 - 2013-07-26 02:37 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-07 17:42 - 2014-02-07 17:42 - 00062040 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140207_174216.reg
2014-02-07 17:38 - 2013-07-26 02:35 - 00000000 ____D () C:\ProgramData\DivX
2014-02-07 17:09 - 2013-08-23 01:23 - 00004608 _____ () C:\Users\Marissa The Gr8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 15:17 - 2009-07-13 23:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 11:54 - 2014-01-31 11:54 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\WeatherBug
2014-01-31 11:52 - 2014-01-31 11:52 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
2014-01-31 11:52 - 2014-01-31 11:52 - 00000000 ____D () C:\Program Files (x86)\AWS
2014-01-30 19:46 - 2014-01-30 19:46 - 00055434 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140130_194613.reg
2014-01-30 19:46 - 2014-01-30 19:46 - 00005894 _____ () C:\Users\Marissa The Gr8\Documents\cc_20140130_194640.reg
2014-01-30 12:40 - 2010-11-16 02:12 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-01-29 15:47 - 2013-07-26 02:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-29 13:40 - 2010-11-16 02:04 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files\iTunes
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 13:22 - 2014-01-29 13:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-29 13:18 - 2013-09-07 23:20 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 18:36 - 2014-02-12 23:09 - 00380416 _____ () C:\Users\Marissa The Gr8\Desktop\gmer.exe
2014-01-27 21:58 - 2014-01-27 21:58 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Motorola
2014-01-27 21:57 - 2014-01-27 21:57 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-01-27 13:46 - 2014-01-23 02:58 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Dropbox
2014-01-24 23:01 - 2013-07-25 21:23 - 00000000 ___RD () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 18:30 - 2014-01-23 02:59 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\DropboxMaster
2014-01-23 18:30 - 2013-08-31 21:17 - 00000000 ____D () C:\dells
2014-01-23 18:30 - 2013-07-25 21:23 - 00000000 ____D () C:\Users\Marissa The Gr8
2014-01-23 15:42 - 2014-01-23 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-01-23 03:22 - 2013-11-07 18:18 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\iFunBox.NXGen
2014-01-23 02:59 - 2014-01-23 02:59 - 00000000 ____D () C:\Users\Marissa The Gr8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-20 03:05 - 2013-07-26 02:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-20 03:02 - 2013-07-26 01:29 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 15:31 - 2014-01-17 15:31 - 00021378 _____ () C:\Users\Marissa The Gr8\The Hobbit The Desolation of Smaug.torrent
2014-01-17 11:03 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\Marissa The Gr8\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 01:41
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs in next reply, also post a screen shot of the run.dll error you see....

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01

Ran by Marissa The Gr8 at 2014-02-14 16:51:09 Run:1

Running from C:\Users\Marissa The Gr8\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: G - G:\setup.exe -a

HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: {1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} - G:\setup.exe -a

C:\Users\Marissa The Gr8\AppData\Local\Temp\Quarantine.exe

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

C:\Program Files (x86)\IObit

C:\Users\Marissa The Gr8\AppData\Roaming\BitComet

End

*****************

 

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4075078193-172103510-1471525495-1002 => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} => Key not found.

HKCR\CLSID\{1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} => Key not found.

C:\Users\Marissa The Gr8\AppData\Local\Temp\Quarantine.exe => Moved successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

WinRing0_1_2_0 => Service deleted successfully.

C:\Program Files (x86)\IObit => Moved successfully.

C:\Users\Marissa The Gr8\AppData\Roaming\BitComet => Moved successfully.

 

==== End of Fixlog ====

 

 

 

 


C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

 


 

 


Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Ad-Aware Antivirus   

 Antivirus out of date! (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 51  

  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  

 Adobe Reader XI  

 Google Chrome 32.0.1700.102  

 Google Chrome 32.0.1700.107  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareService.exe 

 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Marissa The Gr8 at 2014-02-14 16:51:09 Run:1
Running from C:\Users\Marissa The Gr8\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: G - G:\setup.exe -a
HKU\S-1-5-21-4075078193-172103510-1471525495-1002\...\MountPoints2: {1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} - G:\setup.exe -a
C:\Users\Marissa The Gr8\AppData\Local\Temp\Quarantine.exe
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
C:\Program Files (x86)\IObit
C:\Users\Marissa The Gr8\AppData\Roaming\BitComet
End
*****************
 
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4075078193-172103510-1471525495-1002 => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} => Key not found.
HKCR\CLSID\{1dc687f7-f6e1-11e2-bb3e-b8ac6fdd6e1b} => Key not found.
C:\Users\Marissa The Gr8\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
WinRing0_1_2_0 => Service deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Users\Marissa The Gr8\AppData\Roaming\BitComet => Moved successfully.
 
==== End of Fixlog ====
 
 
 
C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 
 
Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 

 

post-156519-0-98650600-1392432838_thumb.

Link to post
Share on other sites

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip”

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;
 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites

What is the current status of your system, what concerns or issues remain...

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:RegfindConduitConduit*
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Right now I just have slow internet speeds and an all around slower than usual comp. Before we started the scans, I wouldnt even be able to open a webpage because multiple ones would open like crazy. .

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:24 on 16/02/2014 by Marissa The Gr8
Administrator - Elevation successful
 
========== Regfind ==========
 
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]
"LogicFilePath"="C:\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]
"AppPath"="C:\ProgramData\Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]
"AppName"="conduitutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"C0BC68EF3BCF85344B0B0B4AE1333BDD"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\C0BC68EF3BCF85344B0B0B4AE1333BDD]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]
"LogicFilePath"="C:\Users\Marissa The Gr8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
[HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]
"AppPath"="C:\ProgramData\Conduit"
[HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]
"AppName"="conduitutil.exe"
 
Searching for "Conduit*"
No data found.
 
-= EOF =-
Link to post
Share on other sites

Ok we will remove those entries, Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
 

  • Please download the installer for Registry Backup from either of the following links and save to your desktop.

    http://www.bleepingcomputer.com/download/registry-backup/

     

    http://www.tweaking.com/

  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-

    TCRB-1.jpg

    Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

    TBRB-2.jpg
  • Close Tweaking.com - Registry Backup


Note - There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.


A tutorial for Registry Backup explaining the various features be viewed at the following link

http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325#.UwHFG4VKrRo

 

 

Next,

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg (:Reg)

    :Reg[HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]"LogicFilePath"=-[-HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]"AppPath"=-[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]"C0BC68EF3BCF85344B0B0B4AE1333BDD"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966][-HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\AppDataLow\Software\BackgroundContainer][-HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}]:Filesipconfig /flushdns /cC:\Users\Marissa The Gr8\AppData\Local\ConduitC:\ProgramData\ConduitC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post log from OTM, also give an update on any remaining issues or concerns.....

 

Kevin
 

Link to post
Share on other sites

There are no other concerns, and I want to thank u for ur time with all of this. 

 

 

 

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager\\LogicFilePath deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}\\AppPath deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\ not found.
Registry key HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\AppDataLow\Software\BackgroundContainer\ not found.
Registry key HKEY_USERS\S-1-5-21-4075078193-172103510-1471525495-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F5483F-C9D4-4D7A-B29A-6F7F98E0D3D2}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marissa The Gr8\Downloads\cmd.bat deleted successfully.
C:\Users\Marissa The Gr8\Downloads\cmd.txt deleted successfully.
File/Folder C:\Users\Marissa The Gr8\AppData\Local\Conduit not found.
File/Folder C:\ProgramData\Conduit not found.
LoadLibrary failed for C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Marissa The Gr8
->Temp folder emptied: 946319 bytes
->Temporary Internet Files folder emptied: 2606039 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 73390091 bytes
->Flash cache emptied: 326 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3573952 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4006 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 77.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 02172014_222617
 
Files moved on Reboot...
C:\Users\Marissa The Gr8\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Ok we can clean up, continue as follows please:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST also C:\zoek_backup folder

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Activate UAC
       
  • Remove disinfection tools
       
  • Purge System Restore
       
  • Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any tools or logs remaining on the Desktop or Downloads folder can be deleted......

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if any remaining issues, if none are we ok to close out?

 

Take care,

 

Kevin.... ;)

 

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.