Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log question - Hoping to post log but...


  • Please log in to reply
19 replies to this topic

#1 SmartasaRock

SmartasaRock

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 20 March 2014 - 12:34 AM

I got this message that told me there was an error and to send it to merijn@spywareinfo.com. Do you know if that's legit?

McAfee site advisor says the site might be dangerous. But I figured you guys work with this program all the time and you'd know best. If you think I should just tell you the error message I got and post the log I will do that, okay? Thanks for your time. My mother' computer has been seriously compromised and I think it's a fake virus cleaner type virus. It's driving her nut!


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

BC AdBot (Login to Remove)

 


#2 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 20 March 2014 - 12:28 PM

Wow, nobody know?


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:37 PM

Posted 20 March 2014 - 06:48 PM

Hi SmartasaRock

Wow, nobody know?

We don't stand around waiting for reports to come in..... we do have day jobs.
Patience is a virtue.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

I got this message that told me there was an error and to send it to merijn@spywareinfo.com.

Merijn used to own HijackThis, but sold it on to Trend Micro.
We don't recommend the program now as it's too far out of date and gives us next to nothing to work with.

Let's do this properly and get some worthwhile information:

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#4 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 21 March 2014 - 06:59 AM

Okay, listen, that wasn't impatience for free help which I am very appreciative to get. That was me being a little surprised, knowing it's a pretty active forum and thinking the thread had been seen by several people. Okay? I'm very thankful for anyone taking the time to help me.

 

Here is the first scan, I X'd out the user name wherever it was for privacy concerns. If that hurts the diagnosis, please tell me. But the last time I went through something like this it was suggested to me. Will post Additional shortly.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by xxxxxxxx (administrator) on MYROOMPC on 21-03-2014 06:34:26
Running from C:\Users\xxxxxxxx\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\View-Password\ViewPassword154.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2539544 2014-03-15] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\xxxxxxxx\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\MountPoints2: G - "G:\Autorun.exe"
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\MountPoints2: {4c097870-3f3b-11e3-be91-a41f728e7644} - "H:\TLBootstrap_WPP.exe"
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\MountPoints2: {ed33947f-31ac-11e3-be89-a41f728e7644} - "D:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\MountPoints2: {ed3394e3-31ac-11e3-be89-a41f728e7644} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2620629052-1917373982-2926386685-1001\...\MountPoints2: {faa8341e-018f-11e3-be66-806e6f6e6963} - "E:\Autorun.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={424885AC-C0AB-4EE3-A77D-F0BF73B4D4EE}&mid=3d14ca14e57f40e682ea6bb627629743-c70295281d4747dd94e85c5dea39112bfbd73c7e&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-03-15 16:58:43&v=18.0.0.248&pid=safeguard&sg=&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
URLSearchHook: HKLM-x32 - KeyBar 2 Toolbar - {bc09c55d-0375-4dcc-836e-0e3c8addfbda} - C:\Program Files (x86)\KeyBar_2\prxtbKeyB.dll (Conduit Ltd.)
URLSearchHook: HKCU - KeyBar 2 Toolbar - {bc09c55d-0375-4dcc-836e-0e3c8addfbda} - C:\Program Files (x86)\KeyBar_2\prxtbKeyB.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {866EF638-6B26-4678-9617-ACCFA54E8F9C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {866EF638-6B26-4678-9617-ACCFA54E8F9C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {724AF45D-069E-412C-A73C-4457C0B18291} URL =
SearchScopes: HKLM-x32 - {866EF638-6B26-4678-9617-ACCFA54E8F9C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={424885AC-C0AB-4EE3-A77D-F0BF73B4D4EE}&mid=3d14ca14e57f40e682ea6bb627629743-c70295281d4747dd94e85c5dea39112bfbd73c7e&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-03-15 16:58:43&v=18.0.0.248&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {724AF45D-069E-412C-A73C-4457C0B18291} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3316071&CUI=UN40237384371370137&UM=2
SearchScopes: HKCU - {866EF638-6B26-4678-9617-ACCFA54E8F9C} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={424885AC-C0AB-4EE3-A77D-F0BF73B4D4EE}&mid=3d14ca14e57f40e682ea6bb627629743-c70295281d4747dd94e85c5dea39112bfbd73c7e&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-03-15 16:58:43&v=18.0.0.248&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO-x32: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: KeyBar 2 Toolbar - {bc09c55d-0375-4dcc-836e-0e3c8addfbda} - C:\Program Files (x86)\KeyBar_2\prxtbKeyB.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - KeyBar 2 Toolbar - {bc09c55d-0375-4dcc-836e-0e3c8addfbda} - C:\Program Files (x86)\KeyBar_2\prxtbKeyB.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {BC09C55D-0375-4DCC-836E-0E3C8ADDFBDA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bica8gcm.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7B735d8435-5c5a-4a89-a62e-3869c07d3753%7D&mid=3d14ca14e57f40e682ea6bb627629743-c70295281d4747dd94e85c5dea39112bfbd73c7e&ds=hk018&coid=avgtbdishk&cmpid=&v=18.0.0.248&lang=en&pr=sa&d=2014-03-15%2016%3A58%3A43&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bica8gcm.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bica8gcm.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Plus-HD-2.2 - C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bica8gcm.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-03-06]
FF Extension: NoScript - C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bica8gcm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-15]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248 [2014-03-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-10]

==================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 ViewPassword; C:\Program Files (x86)\View-Password\ViewPassword154.exe [181760 2014-02-20] ()
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-15] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 06:34 - 2014-03-21 06:35 - 00018004 _____ () C:\Users\xxxxxxxx\Downloads\FRST.txt
2014-03-21 06:33 - 2014-03-21 06:34 - 00000000 ____D () C:\FRST
2014-03-21 06:32 - 2014-03-21 06:32 - 02157056 _____ (Farbar) C:\Users\xxxxxxxx\Downloads\FRST64.exe
2014-03-18 07:48 - 2014-03-18 07:51 - 00000000 ____D () C:\1ab3974f446d9029431639
2014-03-17 23:48 - 2014-03-17 23:48 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\PhotoScape
2014-03-17 23:47 - 2014-03-17 23:48 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-03-17 23:47 - 2014-03-17 23:47 - 00001037 _____ () C:\Users\xxxxxxxx\Desktop\PhotoScape.lnk
2014-03-17 23:37 - 2014-03-17 23:42 - 21331096 _____ (Mooii) C:\Users\xxxxxxxx\Downloads\PhotoScape_V3.6.5.exe
2014-03-17 23:31 - 2014-03-18 12:59 - 00000976 _____ () C:\Users\xxxxxxxx\Desktop\hijackthis.log
2014-03-15 17:17 - 2014-03-15 17:33 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-15 17:17 - 2014-03-15 17:17 - 00002283 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-03-15 17:17 - 2014-03-15 17:17 - 00000000 ____D () C:\Program Files\WinZip
2014-03-15 16:59 - 2014-03-15 16:59 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Local\AVG SafeGuard toolbar
2014-03-15 16:58 - 2014-03-15 16:58 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-15 16:58 - 2014-03-15 16:58 - 00003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-03-15 16:39 - 2014-03-15 16:40 - 00420784 _____ (WinZip Computing) C:\Users\xxxxxxxx\Downloads\WinZip180.exe
2014-03-14 13:02 - 2014-03-14 13:02 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 09:10 - 2014-02-23 03:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 09:10 - 2014-02-23 03:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 09:10 - 2014-02-23 03:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 09:10 - 2014-02-23 03:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 09:10 - 2014-02-23 03:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 09:10 - 2014-02-23 03:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 09:10 - 2014-02-23 03:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 09:10 - 2014-02-23 03:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 09:10 - 2014-02-23 03:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 09:10 - 2014-02-23 01:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 09:10 - 2014-02-23 01:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 09:10 - 2014-02-23 01:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 09:09 - 2014-02-23 03:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 09:09 - 2014-02-23 03:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 09:09 - 2014-02-23 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 09:09 - 2014-02-23 03:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 09:09 - 2014-02-23 03:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 09:09 - 2014-02-23 03:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 09:09 - 2014-02-23 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 09:09 - 2014-02-23 01:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 09:09 - 2014-02-23 01:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 09:09 - 2014-02-23 01:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 09:09 - 2014-02-23 01:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 09:09 - 2014-02-23 01:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 09:09 - 2014-02-23 01:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 09:09 - 2014-02-23 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 09:09 - 2014-02-23 01:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 09:09 - 2014-02-22 23:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 08:59 - 2013-12-07 01:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 08:59 - 2013-12-07 00:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 08:39 - 2013-10-25 02:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 08:39 - 2013-10-24 17:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 08:38 - 2014-02-07 23:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 08:27 - 2014-02-05 18:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 08:27 - 2014-02-05 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 08:26 - 2014-01-30 19:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 08:26 - 2014-01-30 19:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-24 21:20 - 2014-02-24 21:20 - 00251392 _____ () C:\Users\xxxxxxxx\Downloads\hijackthis_sfx.exe
2014-02-20 22:39 - 2014-02-21 10:52 - 00000000 ____D () C:\ProgramData\Systweak
2014-02-20 22:39 - 2014-02-20 22:39 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-02-20 22:39 - 2012-07-25 13:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-02-20 22:36 - 2014-03-21 06:24 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-02-20 22:36 - 2014-03-21 06:24 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\System Speedup
2014-02-20 22:36 - 2014-03-20 15:02 - 00000308 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-02-20 22:36 - 2014-03-12 21:36 - 00000316 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-02-20 22:36 - 2014-02-21 10:52 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\systweak
2014-02-20 22:36 - 2014-02-20 22:36 - 00003332 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-02-20 22:36 - 2014-02-20 22:36 - 00003044 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-02-20 22:36 - 2014-02-20 22:36 - 00002888 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-02-20 22:36 - 2014-02-20 22:36 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-20 22:36 - 2013-12-13 18:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe
2014-02-20 21:52 - 2014-03-21 06:22 - 00000428 _____ () C:\Windows\Tasks\View Password Update.job
2014-02-20 21:52 - 2014-03-21 06:22 - 00000416 _____ () C:\Windows\Tasks\View Password_wd.job
2014-02-20 21:52 - 2014-02-27 09:26 - 00000000 ____D () C:\Program Files (x86)\View-Password
2014-02-20 21:52 - 2014-02-20 21:52 - 00003074 _____ () C:\Windows\System32\Tasks\View Password Update
2014-02-20 21:52 - 2014-02-20 21:52 - 00003002 _____ () C:\Windows\System32\Tasks\View Password_wd

==================== One Month Modified Files and Folders =======

2014-03-21 06:35 - 2014-03-21 06:34 - 00018004 _____ () C:\Users\xxxxxxxx\Downloads\FRST.txt
2014-03-21 06:34 - 2014-03-21 06:33 - 00000000 ____D () C:\FRST
2014-03-21 06:32 - 2014-03-21 06:32 - 02157056 _____ (Farbar) C:\Users\xxxxxxxx\Downloads\FRST64.exe
2014-03-21 06:27 - 2013-08-10 03:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-03-21 06:24 - 2014-02-20 22:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-03-21 06:24 - 2014-02-20 22:36 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\System Speedup
2014-03-21 06:22 - 2014-02-20 21:52 - 00000428 _____ () C:\Windows\Tasks\View Password Update.job
2014-03-21 06:22 - 2014-02-20 21:52 - 00000416 _____ () C:\Windows\Tasks\View Password_wd.job
2014-03-21 06:22 - 2013-09-10 14:15 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 06:19 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-20 21:46 - 2013-08-26 21:38 - 00000545 _____ () C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website
2014-03-20 21:37 - 2013-09-10 14:15 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 20:52 - 2013-08-16 18:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 18:11 - 2013-08-10 02:48 - 01529518 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 15:02 - 2014-02-20 22:36 - 00000308 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-03-20 08:30 - 2012-07-26 02:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 15:23 - 2013-08-16 17:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2620629052-1917373982-2926386685-1001
2014-03-18 13:01 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 13:00 - 2013-08-10 02:39 - 00133650 _____ () C:\Windows\PFRO.log
2014-03-18 13:00 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-18 12:59 - 2014-03-17 23:31 - 00000976 _____ () C:\Users\xxxxxxxx\Desktop\hijackthis.log
2014-03-18 09:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 07:51 - 2014-03-18 07:48 - 00000000 ____D () C:\1ab3974f446d9029431639
2014-03-18 07:51 - 2013-08-18 09:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 07:49 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-18 07:48 - 2013-08-18 09:11 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 23:48 - 2014-03-17 23:48 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\PhotoScape
2014-03-17 23:48 - 2014-03-17 23:47 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-03-17 23:47 - 2014-03-17 23:47 - 00001037 _____ () C:\Users\xxxxxxxx\Desktop\PhotoScape.lnk
2014-03-17 23:42 - 2014-03-17 23:37 - 21331096 _____ (Mooii) C:\Users\xxxxxxxx\Downloads\PhotoScape_V3.6.5.exe
2014-03-17 23:30 - 2013-08-16 16:58 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Local\VirtualStore
2014-03-15 17:33 - 2014-03-15 17:17 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-15 17:17 - 2014-03-15 17:17 - 00002283 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-03-15 17:17 - 2014-03-15 17:17 - 00000000 ____D () C:\Program Files\WinZip
2014-03-15 16:59 - 2014-03-15 16:59 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Local\AVG SafeGuard toolbar
2014-03-15 16:58 - 2014-03-15 16:58 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-15 16:58 - 2014-03-15 16:58 - 00003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-03-15 16:58 - 2014-03-15 16:58 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-03-15 16:40 - 2014-03-15 16:39 - 00420784 _____ (WinZip Computing) C:\Users\xxxxxxxx\Downloads\WinZip180.exe
2014-03-14 13:02 - 2014-03-14 13:02 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:02 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-03-13 15:44 - 2013-08-16 16:59 - 00000000 ___RD () C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 15:44 - 2013-08-16 16:59 - 00000000 ___RD () C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 12:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 12:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 12:26 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-12 21:36 - 2014-02-20 22:36 - 00000316 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-03-11 12:53 - 2013-08-16 18:33 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-04 17:52 - 2012-07-26 03:14 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 17:52 - 2012-07-26 03:14 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-27 09:26 - 2014-02-20 21:52 - 00000000 ____D () C:\Program Files (x86)\View-Password
2014-02-24 21:20 - 2014-02-24 21:20 - 00251392 _____ () C:\Users\xxxxxxxx\Downloads\hijackthis_sfx.exe
2014-02-23 03:13 - 2014-03-12 09:10 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 03:13 - 2014-03-12 09:10 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 03:13 - 2014-03-12 09:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 03:13 - 2014-03-12 09:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 03:13 - 2014-03-12 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 03:12 - 2014-03-12 09:10 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 03:12 - 2014-03-12 09:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 03:12 - 2014-03-12 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 03:11 - 2014-03-12 09:10 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 03:11 - 2014-03-12 09:10 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 03:11 - 2014-03-12 09:10 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 03:11 - 2014-03-12 09:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 03:11 - 2014-03-12 09:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 03:11 - 2014-03-12 09:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 03:11 - 2014-03-12 09:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 03:11 - 2014-03-12 09:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 01:54 - 2014-03-12 09:10 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:54 - 2014-03-12 09:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:54 - 2014-03-12 09:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:53 - 2014-03-12 09:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 01:53 - 2014-03-12 09:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:53 - 2014-03-12 09:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 01:53 - 2014-03-12 09:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 01:53 - 2014-03-12 09:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:53 - 2014-03-12 09:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 01:35 - 2014-03-12 09:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 01:31 - 2014-03-12 09:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-22 23:06 - 2014-03-12 09:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-21 10:52 - 2014-02-20 22:39 - 00000000 ____D () C:\ProgramData\Systweak
2014-02-21 10:52 - 2014-02-20 22:36 - 00000000 ____D () C:\Users\xxxxxxxx\AppData\Roaming\systweak
2014-02-20 22:39 - 2014-02-20 22:39 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-02-20 22:36 - 2014-02-20 22:36 - 00003332 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-02-20 22:36 - 2014-02-20 22:36 - 00003044 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-02-20 22:36 - 2014-02-20 22:36 - 00002888 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-02-20 22:36 - 2014-02-20 22:36 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-20 21:52 - 2014-02-20 21:52 - 00003074 _____ () C:\Windows\System32\Tasks\View Password Update
2014-02-20 21:52 - 2014-02-20 21:52 - 00003002 _____ () C:\Windows\System32\Tasks\View Password_wd
2014-02-20 17:24 - 2013-08-10 03:03 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-20 17:24 - 2013-08-10 03:03 - 00000000 ____D () C:\Program Files\My Dell

Some content of TEMP:
====================
C:\Users\jxxxxxxxx\AppData\Local\Temp\EAD3766.exe
C:\Users\xxxxxxxx\AppData\Local\Temp\EADE2E4.exe
C:\Users\xxxxxxxx\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\xxxxxxxx\AppData\Local\Temp\oi_{039F9A26-1175-43B4-8691-1851C9CAFE31}.exe
C:\Users\xxxxxxxx\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-18 07:48

==================== End Of Log ============================


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#5 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 21 March 2014 - 07:03 AM

Here's the additional, with the user name X'd out the same way:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by xxxxxxxx at 2014-03-21 06:35:29
Running from C:\Users\xxxxxxxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon 1Button App for Windows Taskbar (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.2 - Amazon)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.0.0.248 - AVG Technologies)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
lucky leap 3.0.0 (HKLM\...\lucky leap) (Version: 3.0.0 - luckyleap)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.750 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Torntv 2 (HKLM-x32\...\Torntv 2) (Version: 1.27.153.8 - installdaddy) <==== ATTENTION
View Password (HKLM-x32\...\0ba83585-9f57-4c3c-86f2-b347c7278840) (Version:  - View Password)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )

==================== Restore Points  =========================

02-03-2014 15:34:20 Scheduled Checkpoint
10-03-2014 14:32:31 Scheduled Checkpoint
18-03-2014 12:47:52 Windows Update

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {138688C0-6CF8-4F80-A19F-CBF707529C86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
Task: {199D8601-8D3B-49BD-8443-257637721613} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E483BAF-EF4D-43AB-88B2-3104F9828123} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {22BD944B-02B9-45AE-AC07-E50AA31B4D0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {359F6B31-741D-43CA-BE69-C60D2AC23146} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {3BE30823-7713-45CC-AFC9-1563BD49C667} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {3CA86999-4E49-4405-A45F-01CDA3254D4E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4704DFDB-F6CD-4514-AD26-3EA9FB956367} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {5BDB8028-090F-453A-BD42-E63CB325D73F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
Task: {79B1E62E-5A1F-4EF5-89F4-BCC0B127A73A} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {7A761C2D-A579-4E57-9A8F-33B69BD3756A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {81FD9F63-CA73-47DD-8A15-7432F464CBC5} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\xxxxxxxx\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {91A7B72E-3A3A-40AE-80F1-A648DA954889} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {95F35D35-FC59-4875-BFD1-84B54E7F011B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A80D8738-0EF2-46EA-8CB8-06042367CFFD} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D6196D49-D0B9-4F24-B786-16D3578B3FA9} - System32\Tasks\View Password Update => C:\Program Files (x86)\View-Password\View-Password.exe [2014-02-20] ()
Task: {EA707B6E-5463-4BAE-8BDA-FACE7FEDEFAD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EC2DD166-05CA-4DFF-9F3A-A57D2F8795BF} - System32\Tasks\View Password_wd => C:\Program Files (x86)\View-Password\ViewPassword_wd.exe
Task: {EEAFCB85-1BC6-4616-8F4B-02ED3EE9ABA2} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {EEBBC3E4-74D2-4FAF-930B-DD317181125D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {F120B4B3-1D7C-47F2-939B-7129AF9D3454} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\Windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\Windows\Tasks\View Password Update.job => C:\Program Files (x86)\View-Password\View-Password.exe
Task: C:\Windows\Tasks\View Password_wd.job => C:\Program Files (x86)\View-Password\ViewPassword_wd.exe

==================== Loaded Modules (whitelisted) =============

2013-08-10 03:07 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-20 21:52 - 2014-02-20 21:52 - 00181760 _____ () C:\Program Files (x86)\View-Password\ViewPassword154.exe
2014-03-15 16:58 - 2014-03-15 16:58 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2013-08-10 03:09 - 2013-04-19 17:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-08-10 03:09 - 2013-04-19 17:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-08-10 03:09 - 2013-04-19 17:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-08-10 03:04 - 2013-04-02 15:42 - 00176024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-08-10 03:09 - 2012-07-25 15:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 17:37 - 2013-09-19 17:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 17:32 - 2013-09-19 17:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-03-15 16:58 - 2014-03-15 16:58 - 02539544 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-02-13 13:11 - 2014-02-13 13:11 - 01179136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2013-08-10 03:09 - 2013-04-19 17:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-06-20 16:35 - 2013-06-20 16:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-03-15 16:58 - 2014-03-15 16:58 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2014-02-13 13:10 - 2014-02-13 13:10 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2013-08-10 03:01 - 2012-07-18 14:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-14 19:46 - 2014-02-14 19:46 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-15 16:58 - 2014-03-15 16:58 - 00684056 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0\NativeBrowserApi.dll
2013-08-10 03:06 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-10 03:09 - 2013-05-02 18:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news1582055302
AlternateDataStreams: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages534221023
AlternateDataStreams: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events2002947179
AlternateDataStreams: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-1449898924

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2014 06:29:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: McSmtFwk.exe, version: 4.8.704.0, time stamp: 0x51f7f8d2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000bb4730
Faulting process id: 0x1fdfc
Faulting application start time: 0xMcSmtFwk.exe0
Faulting application path: McSmtFwk.exe1
Faulting module path: McSmtFwk.exe2
Report Id: McSmtFwk.exe3
Faulting package full name: McSmtFwk.exe4
Faulting package-relative application ID: McSmtFwk.exe5

Error: (03/20/2014 09:29:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x51af4d57
Faulting module name: Windows.UI.Xaml.dll, version: 6.2.9200.16674, time stamp: 0x51f0576e
Exception code: 0xc0000005
Fault offset: 0x000f9d7e
Faulting process id: 0x1bd48
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (03/20/2014 09:29:24 AM) (Source: .NET Runtime) (User: )
Description: Application: Solitaire.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 5F7C9D7E
Stack:

Error: (03/19/2014 10:18:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x51af4d57
Faulting module name: Windows.UI.Xaml.dll, version: 6.2.9200.16674, time stamp: 0x51f0576e
Exception code: 0xc000027b
Fault offset: 0x00563c2b
Faulting process id: 0x6a94
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (03/19/2014 10:17:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x51af4d57
Faulting module name: Windows.UI.Xaml.dll, version: 6.2.9200.16674, time stamp: 0x51f0576e
Exception code: 0xc000027b
Fault offset: 0x00563c2b
Faulting process id: 0x6850
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (03/19/2014 10:17:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x51af4d57
Faulting module name: Windows.UI.Xaml.dll, version: 6.2.9200.16674, time stamp: 0x51f0576e
Exception code: 0xc000027b
Fault offset: 0x00563c2b
Faulting process id: 0xace4
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (03/19/2014 10:17:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: myroompc)
Description: App Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App did not launch within its allotted time.

Error: (03/19/2014 10:17:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x51af4d57
Faulting module name: Windows.UI.Xaml.dll, version: 6.2.9200.16674, time stamp: 0x51f0576e
Exception code: 0xc000027b
Fault offset: 0x00563c2b
Faulting process id: 0x5d20
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (03/19/2014 08:59:21 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16843 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c880

Start Time: 01cf4370ba154510

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a860d7d8-af6e-11e3-bee7-a41f728e7644

Faulting package full name:

Faulting package-relative application ID:

Error: (03/18/2014 09:14:51 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16843 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11a8

Start Time: 01cf42d43350e53a

Termination Time: 28

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 3ded8592-af0c-11e3-bee7-a41f728e7644

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (03/21/2014 06:22:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/20/2014 00:58:43 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 00:32:33 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 11:51:07 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 10:57:28 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 08:29:15 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 04:29:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/20/2014 03:57:52 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/19/2014 05:46:29 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (03/19/2014 04:08:48 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (03/21/2014 06:29:54 AM) (Source: Application Error)(User: )
Description: McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000000bb47301fdfc01cf43c43fb9c0d9C:\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknown1f5f881d-b0ec-11e3-bee7-a41f728e7644

Error: (03/20/2014 09:29:25 AM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.051af4d57Windows.UI.Xaml.dll6.2.9200.1667451f0576ec0000005000f9d7e1bd4801cf44329bf85406C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe\Solitaire.exeC:\Windows\System32\Windows.UI.Xaml.dll08bf4af3-b03c-11e3-bee7-a41f728e7644Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbweApp

Error: (03/20/2014 09:29:24 AM) (Source: .NET Runtime)(User: )
Description: Application: Solitaire.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 5F7C9D7E
Stack:

Error: (03/19/2014 10:18:00 AM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.051af4d57Windows.UI.Xaml.dll6.2.9200.1667451f0576ec000027b00563c2b6a9401cf4386675b2b8bC:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe\Solitaire.exeC:\Windows\System32\Windows.UI.Xaml.dlla809ae5c-af79-11e3-bee7-a41f728e7644Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbweApp

Error: (03/19/2014 10:17:47 AM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.051af4d57Windows.UI.Xaml.dll6.2.9200.1667451f0576ec000027b00563c2b685001cf43865eda0703C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe\Solitaire.exeC:\Windows\System32\Windows.UI.Xaml.dlla054691d-af79-11e3-bee7-a41f728e7644Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbweApp

Error: (03/19/2014 10:17:35 AM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.051af4d57Windows.UI.Xaml.dll6.2.9200.1667451f0576ec000027b00563c2bace401cf438657f45c7dC:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe\Solitaire.exeC:\Windows\System32\Windows.UI.Xaml.dll98ebb045-af79-11e3-bee7-a41f728e7644Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbweApp

Error: (03/19/2014 10:17:27 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: myroompc)
Description: Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App

Error: (03/19/2014 10:17:20 AM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.051af4d57Windows.UI.Xaml.dll6.2.9200.1667451f0576ec000027b00563c2b5d2001cf43864d545894C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe\Solitaire.exeC:\Windows\System32\Windows.UI.Xaml.dll9044f832-af79-11e3-bee7-a41f728e7644Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbweApp

Error: (03/19/2014 08:59:21 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16843c88001cf4370ba15451016C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa860d7d8-af6e-11e3-bee7-a41f728e7644

Error: (03/18/2014 09:14:51 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1684311a801cf42d43350e53a28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE3ded8592-af0c-11e3-bee7-a41f728e7644


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3967.58 MB
Available physical RAM: 2263.44 MB
Total Pagefile: 5055.58 MB
Available Pagefile: 2889.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.52 GB) (Free:394.84 GB) NTFS
Drive e: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 06287B5A)

Partition: GPT Partition Type.

==================== End Of Log ============================


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:37 PM

Posted 21 March 2014 - 01:56 PM

Hi SmartasaRock

That was me being a little surprised, knowing it's a pretty active forum and thinking the thread had been seen by several people.

I can see where you are coming from, but please remember that any member can read your post.... but only a small amount of Staff are authorised to reply to it.
So the amount of views can be misleading when you are waiting for someone to reply to the original post.

I X'd out the user name wherever it was for privacy concerns. If that hurts the diagnosis, please tell me.

Sometimes it doesn't really matter, but in this case it does cause problems.
There are lines that i need to add to a fix, but i need the full path to the file in order to remove it.
Unfortunately this path includes the name...
eg:

Startup: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

adding this to the fix will cause it to fail.

This line is linked to Adware.... of which there are a number on the system.
We'll run some dedicated Adware Removal tools and take a chunk out that way.

Before i change this....

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828

i have to ask if you personally set a proxy on the system.

I see that UTorrent was installed, but doesn't seem to be now, although there are still references in the report.... have you removed it?

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Let's check with FRST again now and see what has been left.

Please run another scan, but this time make sure that the 'Addition.txt' is selected at the bottom of the start screen before clicking 'Scan'.

If it helps, add the reports as attachments so that your personal name is not widely visible to everyone.


In your next reply, please submit:
JRT.txt
AdwCleaner report
and a fresh set of FRST reports.


Thanks.

BBPP6nz.png


#7 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 21 March 2014 - 02:37 PM

Hi SmartasaRock
 

That was me being a little surprised, knowing it's a pretty active forum and thinking the thread had been seen by several people.

I can see where you are coming from, but please remember that any member can read your post.... but only a small amount of Staff are authorised to reply to it.
So the amount of views can be misleading when you are waiting for someone to reply to the original post.

I X'd out the user name wherever it was for privacy concerns. If that hurts the diagnosis, please tell me.

Sometimes it doesn't really matter, but in this case it does cause problems.
There are lines that i need to add to a fix, but i need the full path to the file in order to remove it.
Unfortunately this path includes the name...
eg:

Startup: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

adding this to the fix will cause it to fail.

This line is linked to Adware.... of which there are a number on the system.
We'll run some dedicated Adware Removal tools and take a chunk out that way.

Before i change this....

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828

i have to ask if you personally set a proxy on the system.

I see that UTorrent was installed, but doesn't seem to be now, although there are still references in the report.... have you removed it?

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Let's check with FRST again now and see what has been left.

Please run another scan, but this time make sure that the 'Addition.txt' is selected at the bottom of the start screen before clicking 'Scan'.

If it helps, add the reports as attachments so that your personal name is not widely visible to everyone.


In your next reply, please submit:
JRT.txt
AdwCleaner report
and a fresh set of FRST reports.


Thanks.

 

 

I had absolutely no clue that only certain people could reply. I hang out on a non-computer related forum and carry over some wrong assumptions here I guess.

 

Can I have the thread deleted later if I post the full username in the logs? I only ask because it's got an email-related handle that maybe we don't want to have out on the Internet. It's not a like a full name but still.

 

I think I uninstalled the torrent thing. Recently, a younger relative came into mom's place and he installed an astounding amount of garbage on her new computer-things I'm not at all familiar with for file sharing and all sorts of apps and filled up nearly the entire amount of free space. I tried taking a lot of it out but the computer is now the equivalent of what hoarders do with their homes. I don't even know where to begin and I have no familiarity with Windows 8 as it, so it's a real mess for my elderly mother to figure anything out.

 

About the proxy: I did something over there years ago, to do with something called OPENDNS. It wasn't to that computer but we get random page messages from it sometimes, blocking things-really regret doing it. It's annoying and over my head, can't get rid of it. I was told to use it because it helped the safety of browsing and I didn't understand it as well as I thought. The kid that installed all the junk on the computer might have done something proxy related on that computer though. I just don't know. I don't even think he knows.


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:37 PM

Posted 21 March 2014 - 05:55 PM

Hi SmartasaRock
 

I had absolutely no clue that only certain people could reply.

Only staff that have graduated from a recognised Malware Removal school are allowed to reply to threads in this forum.
It's done like that for the safety of members posting here.
 

Can I have the thread deleted later if I post the full username in the logs?

My permissions in this forum don't allow that i can delete the thread.... but i can certainly remove the reports after i have read them, if that helps.
If not, i can get one of the 'Mods' to delete the thread for you.
So either way, you will be covered, that's not a problem.

I understand what you are saying about the Proxy and UTorrent.
I will take care of those for you when you post the reports.

Thanks

BBPP6nz.png


#9 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 22 March 2014 - 11:43 AM

 

Hi SmartasaRock
 

That was me being a little surprised, knowing it's a pretty active forum and thinking the thread had been seen by several people.

I can see where you are coming from, but please remember that any member can read your post.... but only a small amount of Staff are authorised to reply to it.
So the amount of views can be misleading when you are waiting for someone to reply to the original post.

I X'd out the user name wherever it was for privacy concerns. If that hurts the diagnosis, please tell me.

Sometimes it doesn't really matter, but in this case it does cause problems.
There are lines that i need to add to a fix, but i need the full path to the file in order to remove it.
Unfortunately this path includes the name...
eg:

Startup: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

adding this to the fix will cause it to fail.

This line is linked to Adware.... of which there are a number on the system.
We'll run some dedicated Adware Removal tools and take a chunk out that way.

Before i change this....

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828

i have to ask if you personally set a proxy on the system.

I see that UTorrent was installed, but doesn't seem to be now, although there are still references in the report.... have you removed it?

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Let's check with FRST again now and see what has been left.

Please run another scan, but this time make sure that the 'Addition.txt' is selected at the bottom of the start screen before clicking 'Scan'.

If it helps, add the reports as attachments so that your personal name is not widely visible to everyone.


In your next reply, please submit:
JRT.txt
AdwCleaner report
and a fresh set of FRST reports.


Thanks.

 

 
I had absolutely no clue that only certain people could reply. I hang out on a non-computer related forum and carry over some wrong assumptions here I guess.
 
Can I have the thread deleted later if I post the full username in the logs? I only ask because it's got an email-related handle that maybe we don't want to have out on the Internet. It's not a like a full name but still.
 
I think I uninstalled the torrent thing. Recently, a younger relative came into mom's place and he installed an astounding amount of garbage on her new computer-things I'm not at all familiar with for file sharing and all sorts of apps and filled up nearly the entire amount of free space. I tried taking a lot of it out but the computer is now the equivalent of what hoarders do with their homes. I don't even know where to begin and I have no familiarity with Windows 8 as it, so it's a real mess for my elderly mother to figure anything out.
 
About the proxy: I did something over there years ago, to do with something called OPENDNS. It wasn't to that computer but we get random page messages from it sometimes, blocking things-really regret doing it. It's annoying and over my head, can't get rid of it. I was told to use it because it helped the safety of browsing and I didn't understand it as well as I thought. The kid that installed all the junk on the computer might have done something proxy related on that computer though. I just don't know. I don't even think he knows.

 

 
Okay, sounds good, here goes.

 

The files aren't the same name because I didn't want them confused with the first FRST ones and I didn't run JRT as admin the first time and had to redo it.

 


Edited by Starbuck, 24 March 2014 - 12:02 PM.

Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:37 PM

Posted 22 March 2014 - 04:15 PM

Hi SmartasaRock

Thanks for those reports.
Looks like JRT and AdwCleaner have saved us some work. :)

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to your Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7/Win8, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

In your next reply, please submit:
Fixlog.txt
and let me know how the system is running now.


Thanks.


Edited by Starbuck, 24 March 2014 - 12:04 PM.

BBPP6nz.png


#11 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 23 March 2014 - 01:39 PM

I did the first scans but I'm having trouble with the second. I'm going to try to reinstall it, I guess. It runs and says it's doing things but instead of a few minutes it stayed on for a few hours and I had to assume it stuck. The desktop didn't disappear either, like it said. Two more tries and it said there were less files cleaned but still stuck with the progress bar repeating itself over and over. Let me try to reinstall it anyway. Just letting you know I got it and am working on it.


Edited by SmartasaRock, 23 March 2014 - 01:40 PM.

Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#12 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 23 March 2014 - 02:26 PM

Nope. I downloaded it again and ran it and it just gets non-responsive on me.


Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#13 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 23 March 2014 - 02:30 PM

Forgot, here's the FRST files you asked for.


Edited by Starbuck, 24 March 2014 - 12:05 PM.

Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:37 PM

Posted 23 March 2014 - 03:25 PM

Hi SmartasaRock

Ok, forget about TFC then.
You can right click on the icon and select delete to remove it.
We can sort the Temp files out another way later.

Unfortunately you seem to have clicked on the Scan button instead of the Fix button in FRST.
Please follow the instructions again in post #10 and make sure that the fix button is selected.
The lines we needed to remove are still showing in the latest report you posted.

Thanks.

BBPP6nz.png


#15 SmartasaRock

SmartasaRock
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 23 March 2014 - 05:19 PM

God...I did misread and only scanned again. I'm sorry. My brain is so screwed up this past week. Okay, I fixed, and I got the fixlog but it went to my downloads folder. I know it's the one it just made though because it was time stamped. I've attached it.


Edited by Starbuck, 24 March 2014 - 12:06 PM.

Before you judge me, know that when I do something wrong it's because I'm an idiot, not because I'm evil.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users