Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Mezit!inf detected, have to manually remove?


  • This topic is locked This topic is locked
17 replies to this topic

#1 Needsomehelpplease

Needsomehelpplease

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 19 April 2014 - 11:09 PM

My father's computer runs Norton antivirus, and today it detected "W32.Mezit!inf" and instructed him to manually remove it. It gave no further info and did not explain how to manually remove it. I'm relatively well versed in how to run basic antivirus programs and protect my computer, but have no experience hunting for or removing something like this manually. I first downloaded Malwarebytes and ran it, but that didn't get rid of it, so I searched online and there are a couple threads on the Norton forums where people are being directed to malware removal forums, and bleepingcomputer.com was linked.

 

So here I am!

 

Looking around the Norton antivirus detection menu, in "File Insight" clicking locate lists two files:

 

C:\Users\kara\AppData\LocalLow\wxqtxe.dll

C:\Users\kara\AppData\LocalLow\ysxwu.dll

 

It gives no further info or instructions. I have no idea if it's safe to attempt to delete these files or if this would actually help to remove the issue. So I've come here since you guys seem to know what you're doing!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by kara at 23:52:28 on 2014-04-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2700 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MumboJumbo Toolbar: {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
TB: MumboJumbo Toolbar: {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\kara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB59E38A-9B66-41EC-80BF-384A1C18433C} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: MumboJumbo Toolbar: {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-TB: MumboJumbo Toolbar: {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
x64-Run: [LXCTCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1502000.026\symds64.sys [2014-3-22 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1502000.026\symefa64.sys [2014-3-22 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [2014-4-15 1525976]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys [2014-3-22 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSviA64.sys [2014-4-18 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1502000.026\ironx64.sys [2014-3-22 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1502000.026\symnets.sys [2014-3-22 593112]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe [2014-3-22 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-19 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-1 137648]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-19 119512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-19 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-8-27 35840]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-19 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-2-14 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-20 00:41:39 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-20 00:41:28 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-20 00:41:28 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-20 00:41:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-20 00:41:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-20 00:41:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 02:43:09 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-04-09 02:43:09 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-27 21:33:19 -------- d-----w- C:\Users\kara\AppData\Local\Windows Live
2014-03-27 21:33:00 -------- d-----w- C:\Users\kara\AppData\Local\{8383A152-8D63-48CD-B098-504E8308F819}
2014-03-22 16:22:14 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symnets.sys
2014-03-22 16:22:14 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symelam.sys
2014-03-22 16:22:13 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\srtsp64.sys
2014-03-22 16:22:13 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symds64.sys
2014-03-22 16:22:13 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\srtspx64.sys
2014-03-22 16:22:13 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\ironx64.sys
2014-03-22 16:22:13 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys
2014-03-22 16:22:13 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symefa64.sys
2014-03-22 16:21:59 -------- d-----w- C:\Windows\System32\drivers\NISx64\1502000.026
.
==================== Find3M  ====================
.
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-01-25 23:17:53 477 ----a-w- C:\Program Files (x86)\0125201218175310.bat
.
============= FINISH: 23:52:42.98 ===============

 

 

Attached File  attach.txt   7.57KB   2 downloads
 



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 21 April 2014 - 03:47 AM

Hi Needsomehelpplease and Welcome to BleepingComputer.

I am currently looking though your logs and will advice you on what to do in my next reply.

Edited by seedy21, 21 April 2014 - 03:47 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 21 April 2014 - 10:27 AM

Hello Needsomehelpplease

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

MumboJumbo Toolbar

Step 2

Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 April 2014 - 06:09 PM

Hey, thanks for responding! I may be going over to my Dad's house tonight. If I do I can perform those instructions. If I don't I should be over there tomorrow night.

Just wanted to let you know I haven't gone AWOL, and please don't lock this thread! I should be able to get you the new info by tomorrow night (The 23rd)!

#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 23 April 2014 - 02:26 AM

Great. Thank you for the Update :thumbup2:


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 April 2014 - 08:45 PM

So I've been unable to get out to my Dad's place, but I absolutely will be tomorrow. I'll get the new info up then, sorry about the delays.

#7 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 24 April 2014 - 07:25 PM

So first of all, when I booted up this computer I A) Installed Firefox, since it's my preferred browser, and B) Updated Quicktime and Norton's definitions, since both were out of date. I then opened up this thread and saw your advisory to install and change nothing, so I apologize for that. If you want me to start over and re-do the first two logs I provided, I can. Just let me know.

 

For now, I deleted the toolbar you told me to, and here are the two new logs:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by kara (administrator) on KARA-HP on 24-04-2014 20:16:48
Running from C:\Users\kara\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxctcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [lxctmon.exe] => C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] => C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Lexmark 5400 Series] => C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-237544562-3502362092-499376639-1001\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2014-02-06] (Oberon Media )
HKU\S-1-5-21-237544562-3502362092-499376639-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-05] (Google Inc.)
HKU\S-1-5-21-237544562-3502362092-499376639-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe [524680 2013-10-31] (Adobe Systems Incorporated)
HKU\S-1-5-21-237544562-3502362092-499376639-1001\...\MountPoints2: {a6ebc57c-4d70-11e3-84cc-2c27d73d4dca} - H:\TLBootstrap_WPP.exe
Startup: C:\Users\kara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {E04E4CA9-5990-4E2B-8637-C3B4BD527470} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {E04E4CA9-5990-4E2B-8637-C3B4BD527470} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3322520&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6442EC6E-444C-41DD-9BA5-54509892674E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3322520&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6442EC6E-444C-41DD-9BA5-54509892674E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.mumbojumbo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19890,0,25,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {E04E4CA9-5990-4E2B-8637-C3B4BD527470} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\kara\AppData\Roaming\Mozilla\Firefox\Profiles\0ijjfooz.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-30]

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR Extension: (Angry Birds) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-11]
CHR Extension: (Google Docs) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Google Search) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Minecraft HD) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\diepdlaemgmbmggljnmmkncgekfjjgba [2014-01-15]
CHR Extension: (Blond-Amsterdam) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\femfpcmcjhpakggkmkapohhllkgdkkca [2014-02-12]
CHR Extension: (Isoball 3) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-01-11]
CHR Extension: (Blocks) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnglanfhhkanekkdmakmbegnojgpmnm [2014-01-12]
CHR Extension: (History Eraser App) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2014-01-12]
CHR Extension: (Pop, Pop, Win!) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbghebmoaofincenahdohhpkljnkbbcn [2014-01-11]
CHR Extension: (Poppit) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-23]
CHR Extension: (Norton Identity Protection) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-14]
CHR Extension: (WeatherBug) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (Click&Clean App) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-01-12]
CHR Extension: (Gmail) - C:\Users\kara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-22]

==================== Services (Whitelisted) =================

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\Windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140424.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140424.009\ENG64.SYS [126040 2014-03-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140424.009\EX64.SYS [2099288 2014-03-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-24 20:16 - 2014-04-24 20:18 - 00022377 _____ () C:\Users\kara\Desktop\FRST.txt
2014-04-24 20:15 - 2014-04-24 20:16 - 00000000 ____D () C:\FRST
2014-04-24 20:14 - 2014-04-24 20:15 - 02061824 _____ (Farbar) C:\Users\kara\Desktop\FRST64.exe
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-24 20:08 - 2014-04-24 20:08 - 41945432 _____ (Apple Inc.) C:\Users\kara\Downloads\QuickTimeInstaller(1).exe
2014-04-24 20:05 - 2014-04-24 20:06 - 41945432 _____ (Apple Inc.) C:\Users\kara\Downloads\QuickTimeInstaller.exe
2014-04-24 20:05 - 2014-04-24 20:05 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 20:05 - 2014-04-24 20:05 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 20:05 - 2014-04-24 20:05 - 00000000 ____D () C:\Users\kara\AppData\Local\Mozilla
2014-04-24 20:04 - 2014-04-24 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 20:04 - 2014-04-24 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-24 20:04 - 2014-04-24 20:04 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-19 23:52 - 2014-04-19 23:53 - 00019154 _____ () C:\Users\kara\Desktop\dds.txt
2014-04-19 23:52 - 2014-04-19 23:53 - 00007750 _____ () C:\Users\kara\Desktop\attach.txt
2014-04-19 20:41 - 2014-04-19 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 20:41 - 2014-04-19 20:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 20:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 20:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 20:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 20:40 - 2014-04-19 20:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kara\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 22:43 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 22:43 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 22:43 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 22:43 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 22:42 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 22:42 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 22:42 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 22:42 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 22:42 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 22:42 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 22:42 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 22:42 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 22:42 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 22:42 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 22:42 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 22:42 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 22:42 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 22:42 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 22:42 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 22:42 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 22:42 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-27 17:33 - 2014-03-27 17:33 - 00000000 ____D () C:\Users\kara\AppData\Local\Windows Live
2014-03-27 17:33 - 2014-03-27 17:33 - 00000000 ____D () C:\Users\kara\AppData\Local\{8383A152-8D63-48CD-B098-504E8308F819}

==================== One Month Modified Files and Folders =======

2014-04-24 20:18 - 2014-04-24 20:16 - 00022377 _____ () C:\Users\kara\Desktop\FRST.txt
2014-04-24 20:18 - 2013-01-01 01:51 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkara
2014-04-24 20:18 - 2012-03-18 19:22 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForkara.job
2014-04-24 20:16 - 2014-04-24 20:15 - 00000000 ____D () C:\FRST
2014-04-24 20:15 - 2014-04-24 20:14 - 02061824 _____ (Farbar) C:\Users\kara\Desktop\FRST64.exe
2014-04-24 20:13 - 2011-09-05 20:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-24 20:12 - 2011-09-05 19:59 - 00000000 ____D () C:\Users\kara\AppData\Roaming\HP Support Assistant
2014-04-24 20:12 - 2011-08-28 14:56 - 00000000 ____D () C:\Users\kara\AppData\Roaming\HpUpdate
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-24 20:10 - 2014-04-24 20:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-24 20:08 - 2014-04-24 20:08 - 41945432 _____ (Apple Inc.) C:\Users\kara\Downloads\QuickTimeInstaller(1).exe
2014-04-24 20:07 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 20:07 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 20:06 - 2014-04-24 20:05 - 41945432 _____ (Apple Inc.) C:\Users\kara\Downloads\QuickTimeInstaller.exe
2014-04-24 20:05 - 2014-04-24 20:05 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 20:05 - 2014-04-24 20:05 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 20:05 - 2014-04-24 20:05 - 00000000 ____D () C:\Users\kara\AppData\Local\Mozilla
2014-04-24 20:05 - 2014-04-24 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 20:05 - 2014-04-24 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-24 20:05 - 2011-08-27 15:19 - 00000000 ____D () C:\Users\kara\AppData\Roaming\Mozilla
2014-04-24 20:04 - 2014-04-24 20:04 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 20:04 - 2011-08-27 15:07 - 01318781 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 20:00 - 2011-12-05 02:16 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 20:00 - 2011-08-29 17:51 - 00000000 ____D () C:\Program Files\Lx_cats
2014-04-24 19:59 - 2011-07-19 21:58 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-24 19:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 19:59 - 2009-07-14 00:51 - 00106400 _____ () C:\Windows\setupact.log
2014-04-19 23:53 - 2014-04-19 23:52 - 00019154 _____ () C:\Users\kara\Desktop\dds.txt
2014-04-19 23:53 - 2014-04-19 23:52 - 00007750 _____ () C:\Users\kara\Desktop\attach.txt
2014-04-19 23:37 - 2011-12-05 02:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 21:42 - 2013-03-05 12:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-19 21:41 - 2014-04-19 20:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 21:39 - 2010-11-20 23:47 - 00281842 _____ () C:\Windows\PFRO.log
2014-04-19 21:38 - 2012-02-13 21:03 - 00000000 ____D () C:\Program Files (x86)\FunWebProducts
2014-04-19 20:41 - 2014-04-19 20:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 20:41 - 2014-04-19 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 20:41 - 2014-04-19 20:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kara\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 14:51 - 2011-08-27 14:18 - 00000000 ____D () C:\Users\kara\AppData\Local\VirtualStore
2014-04-13 23:51 - 2011-07-19 21:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-04-11 21:58 - 2009-07-14 01:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-09 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 03:25 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 03:03 - 2011-08-27 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-03 09:51 - 2014-04-19 20:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 20:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 20:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:16 - 2014-04-08 22:43 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 21:13 - 2014-04-08 22:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 20:13 - 2014-04-08 22:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 19:57 - 2014-04-08 22:43 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 04:26 - 2011-12-05 02:16 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 04:26 - 2011-12-05 02:16 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 01:00 - 2011-12-05 02:16 - 00000000 ____D () C:\Users\kara\AppData\Local\Google
2014-03-27 17:33 - 2014-03-27 17:33 - 00000000 ____D () C:\Users\kara\AppData\Local\Windows Live
2014-03-27 17:33 - 2014-03-27 17:33 - 00000000 ____D () C:\Users\kara\AppData\Local\{8383A152-8D63-48CD-B098-504E8308F819}

Some content of TEMP:
====================
C:\Users\kara\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\kara\AppData\Local\Temp\tmp29E.exe
C:\Users\kara\AppData\Local\Temp\tmp3D3F.exe
C:\Users\kara\AppData\Local\Temp\tmp3F50.exe
C:\Users\kara\AppData\Local\Temp\tmp421E.exe
C:\Users\kara\AppData\Local\Temp\tmp6CCD.exe
C:\Users\kara\AppData\Local\Temp\tmp86AC.exe
C:\Users\kara\AppData\Local\Temp\tmp8C01.exe
C:\Users\kara\AppData\Local\Temp\tmp8F9F.exe
C:\Users\kara\AppData\Local\Temp\tmpA237.exe
C:\Users\kara\AppData\Local\Temp\tmpA60E.exe
C:\Users\kara\AppData\Local\Temp\tmpA6C9.exe
C:\Users\kara\AppData\Local\Temp\tmpB1E3.exe
C:\Users\kara\AppData\Local\Temp\tmpB682.exe
C:\Users\kara\AppData\Local\Temp\tmpBB62.exe
C:\Users\kara\AppData\Local\Temp\tmpBB68.exe
C:\Users\kara\AppData\Local\Temp\tmpBBD0.exe
C:\Users\kara\AppData\Local\Temp\tmpBCF7.exe
C:\Users\kara\AppData\Local\Temp\tmpC57F.exe
C:\Users\kara\AppData\Local\Temp\tmpCB69.exe
C:\Users\kara\AppData\Local\Temp\tmpCF5C.exe
C:\Users\kara\AppData\Local\Temp\tmpDFC3.exe
C:\Users\kara\AppData\Local\Temp\tmpE0EB.exe
C:\Users\kara\AppData\Local\Temp\tmpE2A0.exe
C:\Users\kara\AppData\Local\Temp\tmpE4F7.exe
C:\Users\kara\AppData\Local\Temp\tmpE523.exe
C:\Users\kara\AppData\Local\Temp\tmpE687.exe
C:\Users\kara\AppData\Local\Temp\tmpEFBA.exe
C:\Users\kara\AppData\Local\Temp\tmpFA74.exe
C:\Users\kara\AppData\Local\Temp\tzl8rv1i.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:54

==================== End Of Log ============================

 

 

 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by kara at 2014-04-24 20:18:24
Running from C:\Users\kara\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cubis Creatures (x32 Version: 3.0.2.51 - WildTangent) Hidden
Cubis Gold (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110094687}) (Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Druids - Battle of Magic (HKLM-x32\...\510008090) (Version:  - Oberon Media)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
Garmin Lifetime Updater (HKLM-x32\...\{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}) (Version: 2.1.7 - Garmin)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Luxor (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version:  - Oberon Media)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 en-US)) (Version: 12.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

18-03-2014 03:10:26 HPSF Restore Point
25-03-2014 13:49:52 Scheduled Checkpoint
02-04-2014 22:08:13 Scheduled Checkpoint
09-04-2014 07:00:34 Windows Update
16-04-2014 19:31:31 Scheduled Checkpoint
18-04-2014 22:19:51 HPSF Restore Point
25-04-2014 00:09:37 Installed QuickTime 7

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {30400E78-2BE9-415A-9092-858AFF23B598} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {50CC002E-1E24-4477-9ACA-734C331F6300} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {7999C964-D5D0-4284-8B95-1532715D7A6C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {7E207DF6-F010-42D0-9938-859A6D5C6CB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {974DD49C-94AD-489D-94CB-BA36C3719E5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9CE90174-A7FA-4689-B852-A3F2F31703EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05] (Google Inc.)
Task: {9DB7E998-BBC0-439A-844F-6E29F811B280} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A9E21A6A-7063-404A-9A6C-2CD238F76BEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {C6D428E3-410E-436E-9848-3C1A8B03D058} - System32\Tasks\HPCeeScheduleForkara => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D505BA21-26E0-4CAA-904F-C6C59D857A03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {DF589D61-E130-4D31-A75E-161A66384B35} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DF937CA2-C4D4-43DB-90BB-ED0AE701E21C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {FF83BEBB-9BFE-467C-9350-64553BBC4C21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkara.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2006-08-08 16:21 - 2006-08-08 16:21 - 00732160 _____ () C:\Windows\system32\lxctdrs.dll
2006-08-14 17:17 - 2006-08-14 17:17 - 00025088 _____ () C:\Windows\system32\lxctcaps.dll
2006-05-03 14:31 - 2006-05-03 14:31 - 00054784 _____ () C:\Windows\system32\lxctcnv4.dll
2011-08-29 17:51 - 2006-11-22 10:11 - 00291760 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
2011-08-29 17:51 - 2006-10-18 07:24 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2011-08-29 17:51 - 2006-10-18 05:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2011-08-29 17:51 - 2006-11-13 04:40 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2011-08-29 17:51 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
2011-08-29 17:51 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
2011-08-29 17:51 - 2006-08-08 15:58 - 00692224 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctDRS.dll
2011-08-29 17:51 - 2006-08-14 17:17 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctcaps.dll
2011-08-29 17:51 - 2006-05-03 14:31 - 00061440 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctcnv4.dll
2011-08-29 17:51 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll
2011-08-29 17:55 - 2006-08-09 14:37 - 00184320 _____ () C:\Program Files\Lexmark Toolbar\toolband.dll
2011-08-29 17:55 - 2006-08-09 14:38 - 00151552 _____ () C:\Program Files\Lexmark Toolbar\resource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0A435166
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:A78E4C4C
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B34A7CD6
AlternateDataStreams: C:\ProgramData\Temp:D27A7718
AlternateDataStreams: C:\ProgramData\Temp:DB365884

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 08:01:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 09:41:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 03:52:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/18/2014 02:10:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 00:30:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/16/2014 02:01:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 07:39:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 01:42:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1480bae0
Faulting process id: 0x994
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/14/2014 07:11:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/14/2014 00:34:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (04/10/2014 00:56:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (04/07/2014 01:56:19 AM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (03/30/2014 05:15:45 PM) (Source: Service Control Manager) (User: )
Description: The lxct_device service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (04/24/2014 08:01:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 09:41:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 03:52:33 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/18/2014 02:10:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 00:30:39 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/16/2014 02:01:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 07:39:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 01:42:35 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399unknown0.0.0.000000000c00000051480bae099401cf586ac70547d2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownbea5f7cc-c460-11e3-8400-2c27d73d4dca

Error: (04/14/2014 07:11:18 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/14/2014 00:34:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4061.24 MB
Available physical RAM: 2177.77 MB
Total Pagefile: 8120.66 MB
Available Pagefile: 6102.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:687.47 GB) (Free:619.38 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.06 GB) (Free:1.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A8CB5F5A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Needsomehelpplease, 24 April 2014 - 07:25 PM.


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 25 April 2014 - 04:18 PM

Hi Needsomehelpplease
 

so I apologize for that. If you want me to start over and re-do the first two logs I provided, I can. Just let me know.


Thank you please don't make anymore changes.

Step 1
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2

Please re-run FRST

Type the following in the edit box after "Search:".

wxqtxe.dll;ysxwu.dll

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: wxqtxe.dll;ysxwu.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Attached Files


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 25 April 2014 - 09:00 PM

Here's fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by kara at 2014-04-25 21:50:01 Run:1
Running from C:\Users\kara\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-237544562-3502362092-499376639-1001\...\MountPoints2: {a6ebc57c-4d70-11e3-84cc-2c27d73d4dca} - H:\TLBootstrap_WPP.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3322520&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6442EC6E-444C-41DD-9BA5-54509892674E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3322520&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6442EC6E-444C-41DD-9BA5-54509892674E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.mumbojumbo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO: MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX64.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO-x32: MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX.dll No File
Toolbar: HKLM - MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX64.dll No File
Toolbar: HKLM-x32 - MumboJumbo Toolbar - {b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} - C:\Program Files (x86)\mumbojumbo\encyclopediabritannicagamesbarX.dll No File
C:\Users\kara\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\kara\AppData\Local\Temp\tmp29E.exe
C:\Users\kara\AppData\Local\Temp\tmp3D3F.exe
C:\Users\kara\AppData\Local\Temp\tmp3F50.exe
C:\Users\kara\AppData\Local\Temp\tmp421E.exe
C:\Users\kara\AppData\Local\Temp\tmp6CCD.exe
C:\Users\kara\AppData\Local\Temp\tmp86AC.exe
C:\Users\kara\AppData\Local\Temp\tmp8C01.exe
C:\Users\kara\AppData\Local\Temp\tmp8F9F.exe
C:\Users\kara\AppData\Local\Temp\tmpA237.exe
C:\Users\kara\AppData\Local\Temp\tmpA60E.exe
C:\Users\kara\AppData\Local\Temp\tmpA6C9.exe
C:\Users\kara\AppData\Local\Temp\tmpB1E3.exe
C:\Users\kara\AppData\Local\Temp\tmpB682.exe
C:\Users\kara\AppData\Local\Temp\tmpBB62.exe
C:\Users\kara\AppData\Local\Temp\tmpBB68.exe
C:\Users\kara\AppData\Local\Temp\tmpBBD0.exe
C:\Users\kara\AppData\Local\Temp\tmpBCF7.exe
C:\Users\kara\AppData\Local\Temp\tmpC57F.exe
C:\Users\kara\AppData\Local\Temp\tmpCB69.exe
C:\Users\kara\AppData\Local\Temp\tmpCF5C.exe
C:\Users\kara\AppData\Local\Temp\tmpDFC3.exe
C:\Users\kara\AppData\Local\Temp\tmpE0EB.exe
C:\Users\kara\AppData\Local\Temp\tmpE2A0.exe
C:\Users\kara\AppData\Local\Temp\tmpE4F7.exe
C:\Users\kara\AppData\Local\Temp\tmpE523.exe
C:\Users\kara\AppData\Local\Temp\tmpE687.exe
C:\Users\kara\AppData\Local\Temp\tmpEFBA.exe
C:\Users\kara\AppData\Local\Temp\tmpFA74.exe
C:\Users\kara\AppData\Local\Temp\tzl8rv1i.dll
C:\ProgramData\Temp:0A435166
C:\ProgramData\Temp:981884E7
C:\ProgramData\Temp:A78E4C4C
C:\ProgramData\Temp:B203B914
C:\ProgramData\Temp:B34A7CD6
C:\ProgramData\Temp:D27A7718
C:\ProgramData\Temp:DB365884
C:\Users\kara\AppData\LocalLow\wxqtxe.dll
C:\Users\kara\AppData\LocalLow\ysxwu.dll
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-237544562-3502362092-499376639-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6ebc57c-4d70-11e3-84cc-2c27d73d4dca} => Key deleted successfully.
HKCR\CLSID\{a6ebc57c-4d70-11e3-84cc-2c27d73d4dca} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.
HKCR\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
HKCR\CLSID\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Value deleted successfully.
HKCR\CLSID\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{b2352e52-a24e-44ab-9e7c-ce7ef2e1ad39} => Key deleted successfully.
C:\Users\kara\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp29E.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp3D3F.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp3F50.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp421E.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp6CCD.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp86AC.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp8C01.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmp8F9F.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpA237.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpA60E.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpA6C9.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpB1E3.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpB682.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpBB62.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpBB68.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpBBD0.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpBCF7.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpC57F.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpCB69.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpCF5C.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpDFC3.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpE0EB.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpE2A0.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpE4F7.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpE523.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpE687.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpEFBA.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tmpFA74.exe => Moved successfully.
C:\Users\kara\AppData\Local\Temp\tzl8rv1i.dll => Moved successfully.
Could not move "C:\ProgramData\Temp:0A435166" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:981884E7" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:A78E4C4C" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:B203B914" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:B34A7CD6" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:D27A7718" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Temp:DB365884" => Scheduled to move on reboot.
C:\Users\kara\AppData\LocalLow\wxqtxe.dll => Moved successfully.
C:\Users\kara\AppData\LocalLow\ysxwu.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-25 21:51:56)<=

"C:\ProgramData\Temp:0A435166" => File could not move.
"C:\ProgramData\Temp:981884E7" => File could not move.
"C:\ProgramData\Temp:A78E4C4C" => File could not move.
"C:\ProgramData\Temp:B203B914" => File could not move.
"C:\ProgramData\Temp:B34A7CD6" => File could not move.
"C:\ProgramData\Temp:D27A7718" => File could not move.
"C:\ProgramData\Temp:DB365884" => File could not move.

==== End of Fixlog ====

 

 

 

And here's Search:

 

Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by kara at 2014-04-25 21:57:12
Running from C:\Users\kara\Desktop
Boot Mode: Normal

================== Search: "wxqtxe.dll;ysxwu.dll" ===================

====== End Of Search ======



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 26 April 2014 - 10:31 AM

Hi Needsomehelpplease

Step 1

Please run a scan with Norton and let me know if it detects any threats and also the locations of the threats.

Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
  •  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program
  • If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program

Copy and paste ESETScanLog.txt in your next reply

Step 3

  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
  • If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
  • When you see a console window, press any key to continue scanning.
  • Wait while it scans.
  • If your firewall alerts you of Security Check, please press 'Allow' or similar.

Edited by seedy21, 26 April 2014 - 10:58 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 28 April 2014 - 12:53 AM

I'll have that all for you tomorrow night! Thanks.

#12 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 28 April 2014 - 10:43 PM

Okay, sorry, wasn't able to get out there today, but I should have it tomorrow. Sorry for the delays, I appreciate the patience.

#13 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 29 April 2014 - 11:08 PM

The Norton scan found W32.Mezit!inf again, and when I go into File Insight it lists:

 

c:\FRST\quarantine\C\Users\kara\AppData\LocalLow\wxqtxe.dll.xbad

c:\frst\quarantine\c\users\kara\appdata\locallow\ysxwu.dll.xbad

 

 

Here's ESETScanLog:

 

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B potentially unsafe application    
C:\Users\All Users\Oberon Media\Initiator\3.0.0.0\cache\83440848b6f88158b0d990ab14d6570cfb501c57\mumbojumbo_en_toolbar_3.2.0.47.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application    
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B potentially unsafe application    deleted - quarantined
C:\ProgramData\Oberon Media\Initiator\3.0.0.0\cache\83440848b6f88158b0d990ab14d6570cfb501c57\mumbojumbo_en_toolbar_3.2.0.47.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application    deleted - quarantined
C:\Users\kara\AppData\LocalLow\FunWebProducts\Installr\Cache\072AFB83.exe    a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application    deleted - quarantined
 

 

And you didn't ask for it, but just in case, here's checkup from Security Check:

 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Mozilla Thunderbird 12.0.1 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:01 PM

Posted 30 April 2014 - 09:28 AM

Hi Needsomehelpplease
 

The Norton scan found W32.Mezit!inf again


Correct, but this time its in the FRST quarantine that we will delete later on.

Step 1

We need to make sure your running the latest version of Thunderbird.

Open up Thunderbird as you would normally
Click on Help and then Check for Updates
If any updates are available please run them .

Step 2

How is your machine running now? Do you have any further issues?

 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 Needsomehelpplease

Needsomehelpplease
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 01 May 2014 - 09:52 PM

When I was on it before, I didn't notice any issues. Since it's my father's computer, I'm not too familiar with how it ran before, but I didn't notice any unusual lag or response times or things like that.

I'll update Thunderbird when I'm over at his house tomorrow. In the meantime, do you think it's safe for him to use regularly? If he can, I can ask him his opinion on how it's running now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users