Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware PWS:Win32/Zbot Issues


  • This topic is locked This topic is locked
21 replies to this topic

#1 jfparla

jfparla

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 19 May 2014 - 03:15 PM

I'm  working  on  a Windows 7 64bit computer that reports the Zbot malware was removed. There are several issues that have appeared since then.

 

MSE reports a restart is required to remove appdata/roaming/acemvewe/xaomoh.exe  After restarting the same message reappears. I reinstalled MSE but the restart required continues.

 

The list of programs in Control Panel > Programs and Features is missing many installed pgms but CCleaner can show them.

 

MS Outlook can send link or page for one user but not for the other. changing default email program to Outlook does not apply.

Attached Files


Edited by jfparla, 19 May 2014 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 22 May 2014 - 12:44 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi jfparla,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 22 May 2014 - 01:53 PM

Hi Toffee

Thanks for your response...here are the 2 files from FRST

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Joan (administrator) on JOAN-PC on 22-05-2014 11:45:18
Running from E:\BP4Perlis\TOOLS
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgQEpbJCCswVoeukz7-SPC_CrhIs-hCEtwf1GKfhCm8rkgy9eBp3qERYdKPc7Xh7rUNneUABSMQ_lBR_qLGdMCY5rhRTaVneR2BdtbSFFtU6IheAJKI97rgl93XQoHA4k,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgQEpbJCCswVoeukz7-SPC_CrhIs-hCEtwf1GKfhCm8rkgy9eBp3qERYdKPc7Xh7rUNneUABSMQ_lBR_qLGdMCY5rhRTaVneR2BdtbSFFtU6IheAJKI97rgl93XQoHA4k,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {A983B7E4-4D84-49C4-8CC2-9B33683F11C6} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.2-1307
SearchScopes: HKCU - {BEC0CE29-B610-4EF7-A0EC-8DECE333D0CF} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Seymour\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF Extension: Speed Analysis 2 - C:\Users\Seymour\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-06-24]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SweetPacks A15) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg [2013-10-25]
CHR Extension: (Google Wallet) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR HKCU\...\Chrome\Extension: [gdajbhgjikacgjmhlaelpmljbelkmbdg] - C:\Users\Joan\AppData\Local\CRE\gdajbhgjikacgjmhlaelpmljbelkmbdg.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [gdajbhgjikacgjmhlaelpmljbelkmbdg] - C:\Users\Joan\AppData\Local\CRE\gdajbhgjikacgjmhlaelpmljbelkmbdg.crx [2013-10-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-01-08] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-22 11:42 - 2014-05-22 11:45 - 00000000 ____D () C:\FRST
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 13:00 - 2014-05-19 13:05 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 10:56 - 2014-05-22 11:40 - 00051906 _____ () C:\Windows\setupact.log
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 10:41 - 2014-05-19 17:00 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 3163983906.job
2014-05-19 10:41 - 2014-05-19 10:41 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 3163983906
2014-05-19 10:41 - 2014-05-19 10:41 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Acemvewe
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 09:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 09:09 - 2014-05-22 11:33 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-19 06:47 - 2014-05-19 06:47 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ciazfi
2014-05-19 06:27 - 2014-05-19 06:27 - 00012326 _____ () C:\Users\Joan\AppData\Local\kwlcufjn
2014-05-19 06:26 - 2014-05-19 10:19 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ypasluf
2014-05-19 06:26 - 2014-05-19 06:26 - 00068314 _____ () C:\Users\Joan\AppData\Local\dvemrend
2014-05-19 06:25 - 2014-05-19 06:25 - 00147456 _____ () C:\Users\Joan\AppData\Local\cetnjibx.exe
2014-05-19 06:24 - 2014-05-19 06:24 - 00650598 _____ () C:\Users\Joan\AppData\Local\ksppahmg
2014-05-19 06:24 - 2014-05-19 06:24 - 00000000 _____ () C:\Users\Joan\AppData\Roaming\SharedSettings.ccs
2014-05-19 06:22 - 2014-05-19 06:22 - 00212480 _____ () C:\Users\Joan\AppData\Local\lsphtucu.exe
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:38 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:38 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:38 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:38 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:31 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:31 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:31 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:31 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:31 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:31 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:31 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:31 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:31 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:20 - 2014-05-16 08:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-06 09:17 - 2014-05-06 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-06 09:16 - 2014-05-16 08:25 - 00000000 ____D () C:\ProgramData\Western Digital
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList
2014-04-22 21:30 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 21:30 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 21:30 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 21:30 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 21:29 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 21:29 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 21:29 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 21:29 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 21:29 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 21:29 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 21:29 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 21:29 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 21:29 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 21:29 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 21:29 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 21:29 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 21:29 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 21:29 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 21:29 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 21:29 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 21:29 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 21:29 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 21:29 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 21:29 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 21:29 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 21:29 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 21:29 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 21:29 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 21:29 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 21:29 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 21:29 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 21:29 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 21:29 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 21:29 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 21:29 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 21:29 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 21:29 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 21:29 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 21:29 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 21:29 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 21:29 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 21:29 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 21:29 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 21:29 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-22 11:45 - 2014-05-22 11:42 - 00000000 ____D () C:\FRST
2014-05-22 11:44 - 2012-08-06 14:51 - 01934015 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 11:43 - 2012-04-17 16:04 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-22 11:43 - 2011-04-16 14:39 - 00000000 ____D () C:\ProgramData\Kodak
2014-05-22 11:41 - 2009-07-13 22:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 11:40 - 2014-05-19 10:56 - 00051906 _____ () C:\Windows\setupact.log
2014-05-22 11:40 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 11:40 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 11:39 - 2013-12-31 16:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 11:33 - 2014-05-19 09:09 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-22 11:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 17:09 - 2014-03-17 22:09 - 00000300 _____ () C:\Windows\Tasks\MySearchDial.job
2014-05-19 17:00 - 2014-05-19 10:41 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 3163983906.job
2014-05-19 16:32 - 2012-12-24 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 16:18 - 2013-12-31 16:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 15:58 - 2010-08-03 06:35 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9195FBFD-80A3-4030-A510-C24DD00D3271}
2014-05-19 14:00 - 2012-04-17 16:04 - 00003534 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-19 14:00 - 2012-04-17 16:04 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-19 13:05 - 2014-05-19 13:00 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 11:18 - 2012-08-06 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:52 - 2010-05-07 01:26 - 00000000 ____D () C:\ProgramData\Roxio
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 10:41 - 2014-05-19 10:41 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 3163983906
2014-05-19 10:41 - 2014-05-19 10:41 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Acemvewe
2014-05-19 10:19 - 2014-05-19 06:26 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ypasluf
2014-05-19 10:19 - 2012-07-02 13:36 - 00000000 ____D () C:\Windows\en
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-02-03 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 06:47 - 2014-05-19 06:47 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ciazfi
2014-05-19 06:27 - 2014-05-19 06:27 - 00012326 _____ () C:\Users\Joan\AppData\Local\kwlcufjn
2014-05-19 06:26 - 2014-05-19 06:26 - 00068314 _____ () C:\Users\Joan\AppData\Local\dvemrend
2014-05-19 06:25 - 2014-05-19 06:25 - 00147456 _____ () C:\Users\Joan\AppData\Local\cetnjibx.exe
2014-05-19 06:24 - 2014-05-19 06:24 - 00650598 _____ () C:\Users\Joan\AppData\Local\ksppahmg
2014-05-19 06:24 - 2014-05-19 06:24 - 00000000 _____ () C:\Users\Joan\AppData\Roaming\SharedSettings.ccs
2014-05-19 06:22 - 2014-05-19 06:22 - 00212480 _____ () C:\Users\Joan\AppData\Local\lsphtucu.exe
2014-05-16 15:33 - 2013-01-08 15:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 08:26 - 2014-05-06 09:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-16 08:25 - 2014-05-06 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 06:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 05:44 - 2010-05-24 01:06 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 05:44 - 2010-05-24 01:03 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 23:38 - 2010-05-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 23:37 - 2013-08-14 23:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:35 - 2012-08-06 16:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:04 - 2012-12-24 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:03 - 2012-12-24 08:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:03 - 2012-12-24 08:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:20 - 2013-12-31 16:38 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-13 09:14 - 2012-04-17 16:04 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-13 07:44 - 2012-04-17 16:04 - 00004270 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-08 14:13 - 2013-12-31 16:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:13 - 2013-12-31 16:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:07 - 2012-08-06 15:47 - 00776282 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:32 - 2009-07-13 22:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 09:23 - 2014-05-06 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-05 22:35 - 2011-04-20 17:18 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{906C7FBD-FA52-436C-B51A-8800E5274033}
2014-05-05 21:40 - 2014-05-14 23:38 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-14 23:38 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-14 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-14 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:38 - 2010-05-26 21:17 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Adobe
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList
2014-04-23 04:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3d2542d.exe
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3ed6a3c.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 03:41

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Joan at 2014-05-22 11:46:26
Running from E:\BP4Perlis\TOOLS
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.39 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.39 - PC-Doctor, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (HKLM-x32\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version:  - )
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6E936B32-5120-412E-AC87-C1D3651E531F}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

18-04-2014 04:20:56 Windows Update
21-04-2014 13:25:54 Installed Java 7 Update 55
21-04-2014 22:02:57 Windows Update
23-04-2014 04:29:31 Windows Update
26-04-2014 22:33:13 Windows Update
30-04-2014 00:23:51 Windows Update
03-05-2014 05:21:23 Windows Update
06-05-2014 16:19:59 WD SmartWare Installer
06-05-2014 16:29:34 Installed WD Drive Utilities
06-05-2014 17:02:46 Windows Update
06-05-2014 17:31:45 Windows Backup
06-05-2014 17:49:38 Windows Backup
07-05-2014 02:01:39 Windows Update
10-05-2014 21:27:16 Windows Update
12-05-2014 03:50:28 Windows Backup
13-05-2014 23:01:20 Windows Update
15-05-2014 06:31:45 Windows Update
16-05-2014 15:23:39 WD SmartWare Installer
16-05-2014 15:26:22 WD SmartWare Installer
18-05-2014 19:35:58 Windows Update
19-05-2014 03:13:28 Windows Backup
19-05-2014 18:00:28 Removed Bing Rewards Client Installer
19-05-2014 18:01:20 Removed C4USelfUpdater.
19-05-2014 18:01:56 Removed center.
19-05-2014 18:02:38 Removed D3DX10
19-05-2014 18:03:25 Removed HPDiagnosticAlert
19-05-2014 18:03:48 Removed ImagXpress
19-05-2014 18:04:20 Removed Junk Mail filter update
19-05-2014 18:04:45 Removed Mesh Runtime
22-05-2014 18:44:14 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07AEC6A9-A9B1-4762-ADFD-40B1955BD38E} - System32\Tasks\Plus-HD-9.5-enabler => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-enabler.exe <==== ATTENTION
Task: {0DDD83B0-37EB-48A6-9294-E3298CCE3884} - System32\Tasks\{57C50E1B-1569-46AF-B129-AE0F48CACC1D} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {0FE2E223-211F-49CE-AE28-75068325E169} - System32\Tasks\{16BF21F9-AB51-4116-B348-0C34190E5702} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {119E1876-E64E-4B3B-B390-D96C05D1DFB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-31] (Google Inc.)
Task: {1E7FA62D-5122-4EBD-8CE5-0DA5EA776BF7} - System32\Tasks\Security Center Update - 3163983906 => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [2013-07-28] () <==== ATTENTION
Task: {202FF662-1D44-40EA-B1CA-CA6B1BCA8EA8} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-12] (PC-Doctor, Inc.)
Task: {247A0E74-07D8-4D72-B167-645A7E9A283C} - System32\Tasks\{E6715B48-42F6-4C57-B30F-58F23691DC1E} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {283D6A43-05AD-44BF-8EE1-0402B9EDA112} - System32\Tasks\RealCreateProcessScheduledTask32081512S-1-5-21-2218131082-3251598230-3116958278-1004 => c:\program files (x86)\real\realplayer\update\realsched.exe
Task: {2A76F7B3-EA93-48AA-8C3A-7B5D63DAC833} - System32\Tasks\{510EB2A6-3A39-4116-B1E6-3F8B5B0C4135} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {2F53EE31-84BD-43A7-AA7C-314CE64E28F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {370010D3-8559-4A34-B8B6-EAD1087556D4} - System32\Tasks\{229D2779-6750-4130-A276-D257C932AA34} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {5446598A-C671-4BB6-ABCF-E8A0A65DADA9} - System32\Tasks\Plus-HD-9.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-firefoxinstaller.exe <==== ATTENTION
Task: {60870FF6-5FC0-44B5-8F7E-D1430B097CC4} - System32\Tasks\MySearchDial => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {68204996-519C-4FE6-AAC6-105239505BDC} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe <==== ATTENTION
Task: {691D21AE-4F45-445F-B12F-5B4AFFE54F50} - System32\Tasks\RealCreateProcessScheduledTask31472858S-1-5-21-2218131082-3251598230-3116958278-1000 => C:\program files (x86)\real\realplayer\update\realsched.exe
Task: {6A963422-B277-4A2D-98CE-25BF3019C32A} - System32\Tasks\{E76EB9CE-F556-4E61-A49F-68EB26EABEAE} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {723F1D81-99E3-4EAA-BF6F-9A4BA0ED4440} - System32\Tasks\RealCreateProcessScheduledTask31461283S-1-5-21-2218131082-3251598230-3116958278-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe
Task: {76E6D0AE-0FB7-4738-92F1-AC36D646E3F7} - \SidebarExecute No Task File <==== ATTENTION
Task: {78523282-C64F-46E9-88E3-FE14B713FD34} - System32\Tasks\{BCC16D3C-4CC3-4B3F-8BEE-F2B3F12C2460} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {7ADC5CCD-60B1-4AFF-935D-B91E12671700} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7E6D5FAE-8431-4795-B384-22FEE4EA7154} - System32\Tasks\{7890D638-9F2A-4A60-83F4-83F510EB4220} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {7EB692CB-25E8-4130-95B4-7AD12CEC1044} - System32\Tasks\Plus-HD-9.5-updater => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-updater.exe <==== ATTENTION
Task: {84199CB3-453E-490E-A204-6708C22CB04F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-12] (PC-Doctor, Inc.)
Task: {866D8991-218A-4068-B83B-92869C18D83E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8C4AA0D9-0E43-4B13-8072-26049E2221DE} - System32\Tasks\{97D5E537-653A-4600-95F7-4583C59AA1E5} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {9864FC0D-4D6C-4025-B6E2-746FCA44BBD0} - System32\Tasks\Plus-HD-9.5-codedownloader => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-codedownloader.exe <==== ATTENTION
Task: {98AB5F0F-A39E-4417-B438-67EA3CDDD608} - System32\Tasks\{757922E2-B3BF-4653-A176-7AFE06CA7442} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {9944DAEA-7E8C-4FFB-A250-5894A01BD920} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {9E60D6F9-E8F7-473E-996E-258D4298B5FD} - System32\Tasks\media enhance-updater => C:\Program Files (x86)\media enhance\media enhance-updater.exe <==== ATTENTION
Task: {A137A2FD-74BA-4D46-8E47-D3441FF2D7E4} - System32\Tasks\Regwork => C:\Program Files (x86)\RegWork\RegWork.exe
Task: {AAF15A6D-2073-4EBF-9BC2-04267B71C7A5} - System32\Tasks\{6198735D-68B1-46B1-AC49-E875A75976C3} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {AC74A883-87F4-48C1-A0F6-BCC66DD05B99} - System32\Tasks\{044B1531-0B29-41BA-A63F-DAFA273C6F1E} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {AEBBDE32-A169-4A15-A2D6-A3E9BAFE8EFF} - System32\Tasks\{D14F83D9-1DF4-4E6D-A4DC-2443FAE0EDEF} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {B5032EAA-29A1-414C-ABE6-8CC78EFE24AB} - System32\Tasks\RealCreateProcessScheduledTask32053806S-1-5-21-2218131082-3251598230-3116958278-1004 => c:\program files (x86)\real\realplayer\update\realsched.exe
Task: {B5C5A541-DBAF-430D-88E3-A287D9C3FD1E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2218131082-3251598230-3116958278-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B760F827-EEEA-496D-88B4-215E0924A78D} - System32\Tasks\{CFBF5BCA-7C67-4662-919F-DA5A6584B70C} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {B780A1CD-A356-4C94-A8A9-4260E3832BFF} - System32\Tasks\{600F2104-96E8-4310-B4EB-AF10932B1F52} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {BDBF06DD-A0CF-4D99-B161-0FBA38290C82} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2218131082-3251598230-3116958278-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C534199B-5EAF-444E-A17A-1C3C56D97B62} - System32\Tasks\RealCreateProcessScheduledTask31459754S-1-5-21-2218131082-3251598230-3116958278-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe
Task: {C57E2362-FBA2-4633-9BD7-C8B33790C0AE} - System32\Tasks\{723E6FDA-0BA5-4E84-9C4D-0B52FF3C4B9F} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {CDDF91C3-482F-48B1-A9A0-D130DA9A0295} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2218131082-3251598230-3116958278-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D22807A4-B483-4B6A-AFFE-A03D8D0EFC64} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-04-12] (PC-Doctor, Inc.)
Task: {D78CD6C5-6252-4C0D-B772-DB310D37D883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-31] (Google Inc.)
Task: {D9167C7C-55E7-4112-9DF6-D2EE41DD427A} - System32\Tasks\media enhance-enabler => C:\Program Files (x86)\media enhance\media enhance-enabler.exe <==== ATTENTION
Task: {DA37EC6A-944F-436D-A943-8AEED6A268F8} - System32\Tasks\RealCreateProcessScheduledTask29267425S-1-5-21-2218131082-3251598230-3116958278-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe
Task: {DE901DCD-6823-4D41-95E5-B90EABAB4F00} - System32\Tasks\{43BC70FC-29ED-4AE4-BD4F-9C7560FD333F} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {E5EA13F1-85C8-47C7-BF02-DF445635AB37} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2218131082-3251598230-3116958278-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F6D19698-0D02-4EB2-A681-B062E6A82BF8} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe [2010-05-07] (Sun Microsystems, Inc.)
Task: {F92D0714-9383-48FF-A7D8-8008F83FD6A6} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe <==== ATTENTION
Task: {FD1596AF-2087-4C56-AAD7-9AF8D43F7CF2} - System32\Tasks\Plus-HD-9.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-chromeinstaller.exe <==== ATTENTION
Task: {FF541199-87A7-4D69-BABA-9FF0826A6BAC} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files (x86)\RegWork\RegWork.exe
Task: C:\Windows\Tasks\Security Center Update - 3163983906.job => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe <==== ATTENTION
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-07-28 12:55 - 2013-07-28 12:55 - 00311296 _____ () C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-07 01:14 - 2009-10-02 11:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Joan\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Walgreens PictureMover.lnk => C:\Windows\pss\Walgreens PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Joan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Able2Extract PDF Converter 8.0 PDF Notifier => C:\Program Files (x86)\Investintech.com Inc\Able2Extract 8.0\Able2ExtractNotify.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: kmqsfthu => "C:\Users\Joan\AppData\Local\cetnjibx.exe"
MSCONFIG\startupreg: Luuwulu => C:\Users\Joan\AppData\Roaming\Ypasluf\hoqyykx.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: qaplsckp => "C:\Users\Joan\AppData\Local\lsphtucu.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReadingFanatic_6x Browser Plugin Loader 64 => C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbrmon64.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Seymour\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Tv-Plug-In => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui

==================== Faulty Device Manager Devices =============

Name: McAfee NDIS Light Filter
Description: McAfee NDIS Light Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfenlfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 03:37:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x005c5009
Faulting process id: 0x17ec
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 03:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x005c5009
Faulting process id: 0x1958
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 03:06:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: mshtml.dll, version: 11.0.9600.17107, time stamp: 0x536855c9
Exception code: 0xc0000005
Fault offset: 0x000da390
Faulting process id: 0x810
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 02:51:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0x40000015
Fault offset: 0x005c2fa9
Faulting process id: 0xdac
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 01:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x9bc
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 01:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1714
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 11:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x8b8
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 11:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xaomoh.exe, version: 1.0.0.2, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0xe64
Faulting application start time: 0xxaomoh.exe0
Faulting application path: xaomoh.exe1
Faulting module path: xaomoh.exe2
Report Id: xaomoh.exe3

Error: (05/19/2014 11:04:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: Joan-PC)
Description: Product: ImagXpress -- This .msi file cannot be executed. Please start Setup.exe to install this application

Error: (05/19/2014 09:56:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hoqyykx.exe, version: 1.0.0.1, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x14bc
Faulting application start time: 0xhoqyykx.exe0
Faulting application path: hoqyykx.exe1
Faulting module path: hoqyykx.exe2
Report Id: hoqyykx.exe3

System errors:
=============
Error: (05/22/2014 11:44:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/22/2014 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/22/2014 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/22/2014 11:44:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/22/2014 11:44:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/22/2014 11:33:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (05/19/2014 02:42:31 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE -Embedding740{0006F020-0000-0000-C000-000000000046}

Error: (05/19/2014 02:39:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (05/19/2014 01:40:26 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE -Embedding740{0006F020-0000-0000-C000-000000000046}

Error: (05/19/2014 01:32:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (04/05/2014 05:00:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 208 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/11/2014 08:07:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 299 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (03/10/2014 09:06:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 118 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/26/2014 02:25:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 106 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/21/2014 03:32:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/05/2014 10:05:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 304 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (12/06/2013 09:30:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1302 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (11/30/2013 11:30:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/26/2013 09:47:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 67 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (09/05/2013 09:34:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 334 seconds with 300 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 6103.08 MB
Available physical RAM: 3878.99 MB
Total Pagefile: 12204.34 MB
Available Pagefile: 9685.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:460.73 GB) (Free:345.14 GB) NTFS
Drive e: (CENTON USB) (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5B8501A)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=461 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 8 GB) (Disk ID: 73696420)
No partition Table on disk 5.

==================== End Of Log ============================

 

Thanks for your expertise

jfparla



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 23 May 2014 - 11:44 AM

Hi jfparla,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
C:\Users\Joan\AppData\Roaming\Acemvewe
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-05-19 10:41 - 2014-05-19 17:00 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 3163983906.job
2014-05-19 10:41 - 2014-05-19 10:41 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 3163983906
2014-05-19 06:47 - 2014-05-19 06:47 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ciazfi
2014-05-19 06:27 - 2014-05-19 06:27 - 00012326 _____ () C:\Users\Joan\AppData\Local\kwlcufjn
2014-05-19 06:26 - 2014-05-19 10:19 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ypasluf
2014-05-19 06:26 - 2014-05-19 06:26 - 00068314 _____ () C:\Users\Joan\AppData\Local\dvemrend
2014-05-19 06:25 - 2014-05-19 06:25 - 00147456 _____ () C:\Users\Joan\AppData\Local\cetnjibx.exe
2014-05-19 06:24 - 2014-05-19 06:24 - 00650598 _____ () C:\Users\Joan\AppData\Local\ksppahmg
2014-05-19 06:24 - 2014-05-19 06:24 - 00000000 _____ () C:\Users\Joan\AppData\Roaming\SharedSettings.ccs
2014-05-19 06:22 - 2014-05-19 06:22 - 00212480 _____ () C:\Users\Joan\AppData\Local\lsphtucu.exe
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3d2542d.exe
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3ed6a3c.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {1E7FA62D-5122-4EBD-8CE5-0DA5EA776BF7} - System32\Tasks\Security Center Update - 3163983906 => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [2013-07-28] () <==== ATTENTION
Task: {76E6D0AE-0FB7-4738-92F1-AC36D646E3F7} - \SidebarExecute No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3163983906.job => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe <==== ATTENTION
Task: {07AEC6A9-A9B1-4762-ADFD-40B1955BD38E} - System32\Tasks\Plus-HD-9.5-enabler => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-enabler.exe <==== ATTENTION
Task: {5446598A-C671-4BB6-ABCF-E8A0A65DADA9} - System32\Tasks\Plus-HD-9.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-firefoxinstaller.exe <==== ATTENTION
Task: {60870FF6-5FC0-44B5-8F7E-D1430B097CC4} - System32\Tasks\MySearchDial => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {68204996-519C-4FE6-AAC6-105239505BDC} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe <==== ATTENTION
Task: {7EB692CB-25E8-4130-95B4-7AD12CEC1044} - System32\Tasks\Plus-HD-9.5-updater => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-updater.exe <==== ATTENTION
Task: {9864FC0D-4D6C-4025-B6E2-746FCA44BBD0} - System32\Tasks\Plus-HD-9.5-codedownloader => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-codedownloader.exe <==== ATTENTION
Task: {9E60D6F9-E8F7-473E-996E-258D4298B5FD} - System32\Tasks\media enhance-updater => C:\Program Files (x86)\media enhance\media enhance-updater.exe <==== ATTENTION
Task: {D9167C7C-55E7-4112-9DF6-D2EE41DD427A} - System32\Tasks\media enhance-enabler => C:\Program Files (x86)\media enhance\media enhance-enabler.exe <==== ATTENTION
Task: {F92D0714-9383-48FF-A7D8-8008F83FD6A6} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe <==== ATTENTION
Task: {FD1596AF-2087-4C56-AAD7-9AF8D43F7CF2} - System32\Tasks\Plus-HD-9.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-chromeinstaller.exe <==== ATTENTION
Task: {FF541199-87A7-4D69-BABA-9FF0826A6BAC} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Seymour\AppData\Roaming\MYSEAR~1
C:\Program Files (x86)\Plus-HD-9.5
C:\Program Files (x86)\media enhance
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • Fixlog.txt

xXToffeeXx~


Edited by xXToffeeXx, 23 May 2014 - 11:44 AM.
Added backdoor warning

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 May 2014 - 12:26 PM

TOFFEE

 

Please provide link for AdwCleaner

 

jfparla



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 23 May 2014 - 12:28 PM

Hi jfparla,
 
Whoops, sorry. Try these instruction for AdwCleaner:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 May 2014 - 01:11 PM

Toffee...

 

AdwCleaner report

 

# AdwCleaner v3.210 - Report created 23/05/2014 at 10:54:50
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joan - JOAN-PC
# Running from : C:\Users\Joan\AppData\Local\Temp\Temp1_84a30e08725b063010cf5d68a19853fd_adwcleaner_3.210.zip\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Mega Browse
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\QuotationCafe_45EI
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Users\Joan\AppData\Local\Conduit
Folder Deleted : C:\Users\Joan\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Joan\AppData\LocalLow\blekko
Folder Deleted : C:\Users\Joan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Joan\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Joan\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Joan\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Joan\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Joan\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Joan\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Joan\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Joan\Documents\Optimizer Pro
Folder Deleted : C:\Users\Seymour\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\CouponXplorer_5z
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Seymour\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Seymour\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Seymour\Documents\Optimizer Pro
Folder Deleted : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
Folder Deleted : C:\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
[!] Folder Deleted : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
[!] Folder Deleted : C:\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\END
File Deleted : C:\Users\Joan\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Seymour\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle\Soft-Now bundle.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7828DB55-A8EE-42C0-8D72-738CA9B3E48F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B57B062-F035-4FA2-95A4-AFCD5C8A9FD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E29C446-AC83-49C9-800D-A8459A05900D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://blekko.com/ws/?source=3971d482&tbp=rbox&u=2085aeb1000000000000a4badbf0e564&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2391419
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QK&apn_dtid=YYYYYYM3US&apn_uid=B8531397-A231-4E40-879C-0768ADEFF443&apn_sauid=E82DC054-59DA-4B42-9078-1C59F8BB07B0
Deleted [Search Provider] : hxxp://mystart.smilebox.com/?loc=SB_DS&search={searchTerms}&a=6OymGiNdT9
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=404337F2-DA93-4782-82C1-CB6C8062E3BF&apn_ptnrs=TV&apn_sauid=7BA0880D-50DD-4ECB-8FD7-8F3F618ACBC7&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=9EDA0FCF-64EE-473E-BFFD-CE9A1A8C1B82&SearchSource=58&CUI=&UM=5&UP=SPAF8A91E0-BCDA-44DB-845D-CF251CF369B1&q={searchTerms}&SSPV=

[ File : C:\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324314&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP8D923AEF-AC48-4670-95EE-9F76514884D6&q={searchTerms}&SSPV=
Deleted [Extension] : gdajbhgjikacgjmhlaelpmljbelkmbdg
Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo
Deleted [Extension] : olnkgiapbjhdboldbhkagdodklkphaip

*************************

AdwCleaner[R0].txt - [20731 octets] - [23/05/2014 10:43:46]
AdwCleaner[S0].txt - [19679 octets] - [23/05/2014 10:54:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19740 octets] ##########

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Joan at 2014-05-23 11:09:49 Run:1
Running from E:\BP4Perlis\TOOLS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
C:\Users\Joan\AppData\Roaming\Acemvewe
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Udkeufqaysniek] => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [311296 2013-07-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-05-19 10:41 - 2014-05-19 17:00 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 3163983906.job
2014-05-19 10:41 - 2014-05-19 10:41 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 3163983906
2014-05-19 06:47 - 2014-05-19 06:47 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ciazfi
2014-05-19 06:27 - 2014-05-19 06:27 - 00012326 _____ () C:\Users\Joan\AppData\Local\kwlcufjn
2014-05-19 06:26 - 2014-05-19 10:19 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Ypasluf
2014-05-19 06:26 - 2014-05-19 06:26 - 00068314 _____ () C:\Users\Joan\AppData\Local\dvemrend
2014-05-19 06:25 - 2014-05-19 06:25 - 00147456 _____ () C:\Users\Joan\AppData\Local\cetnjibx.exe
2014-05-19 06:24 - 2014-05-19 06:24 - 00650598 _____ () C:\Users\Joan\AppData\Local\ksppahmg
2014-05-19 06:24 - 2014-05-19 06:24 - 00000000 _____ () C:\Users\Joan\AppData\Roaming\SharedSettings.ccs
2014-05-19 06:22 - 2014-05-19 06:22 - 00212480 _____ () C:\Users\Joan\AppData\Local\lsphtucu.exe
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3d2542d.exe
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3ed6a3c.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {1E7FA62D-5122-4EBD-8CE5-0DA5EA776BF7} - System32\Tasks\Security Center Update - 3163983906 => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe [2013-07-28] () <==== ATTENTION
Task: {76E6D0AE-0FB7-4738-92F1-AC36D646E3F7} - \SidebarExecute No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3163983906.job => C:\Users\Joan\AppData\Roaming\Acemvewe\xaomoh.exe <==== ATTENTION
Task: {07AEC6A9-A9B1-4762-ADFD-40B1955BD38E} - System32\Tasks\Plus-HD-9.5-enabler => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-enabler.exe <==== ATTENTION
Task: {5446598A-C671-4BB6-ABCF-E8A0A65DADA9} - System32\Tasks\Plus-HD-9.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-firefoxinstaller.exe <==== ATTENTION
Task: {60870FF6-5FC0-44B5-8F7E-D1430B097CC4} - System32\Tasks\MySearchDial => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {68204996-519C-4FE6-AAC6-105239505BDC} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe <==== ATTENTION
Task: {7EB692CB-25E8-4130-95B4-7AD12CEC1044} - System32\Tasks\Plus-HD-9.5-updater => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-updater.exe <==== ATTENTION
Task: {9864FC0D-4D6C-4025-B6E2-746FCA44BBD0} - System32\Tasks\Plus-HD-9.5-codedownloader => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-codedownloader.exe <==== ATTENTION
Task: {9E60D6F9-E8F7-473E-996E-258D4298B5FD} - System32\Tasks\media enhance-updater => C:\Program Files (x86)\media enhance\media enhance-updater.exe <==== ATTENTION
Task: {D9167C7C-55E7-4112-9DF6-D2EE41DD427A} - System32\Tasks\media enhance-enabler => C:\Program Files (x86)\media enhance\media enhance-enabler.exe <==== ATTENTION
Task: {F92D0714-9383-48FF-A7D8-8008F83FD6A6} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe <==== ATTENTION
Task: {FD1596AF-2087-4C56-AAD7-9AF8D43F7CF2} - System32\Tasks\Plus-HD-9.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-chromeinstaller.exe <==== ATTENTION
Task: {FF541199-87A7-4D69-BABA-9FF0826A6BAC} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Seymour\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Seymour\AppData\Roaming\MYSEAR~1
C:\Program Files (x86)\Plus-HD-9.5
C:\Program Files (x86)\media enhance
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Udkeufqaysniek => Value not found.
C:\Users\Joan\AppData\Roaming\Acemvewe => Moved successfully.
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Udkeufqaysniek => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Windows\Tasks\Security Center Update - 3163983906.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Security Center Update - 3163983906" => File/Directory not found.
C:\Users\Joan\AppData\Roaming\Ciazfi => Moved successfully.
C:\Users\Joan\AppData\Local\kwlcufjn => Moved successfully.
C:\Users\Joan\AppData\Roaming\Ypasluf => Moved successfully.
C:\Users\Joan\AppData\Local\dvemrend => Moved successfully.
"C:\Users\Joan\AppData\Local\cetnjibx.exe" => File/Directory not found.
C:\Users\Joan\AppData\Local\ksppahmg => Moved successfully.
C:\Users\Joan\AppData\Roaming\SharedSettings.ccs => Moved successfully.
"C:\Users\Joan\AppData\Local\lsphtucu.exe" => File/Directory not found.
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3d2542d.exe => Moved successfully.
C:\Users\Joan\AppData\Local\Temp\UpdateFlashPlayer_d3ed6a3c.exe => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E7FA62D-5122-4EBD-8CE5-0DA5EA776BF7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7FA62D-5122-4EBD-8CE5-0DA5EA776BF7} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3163983906 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3163983906 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76E6D0AE-0FB7-4738-92F1-AC36D646E3F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76E6D0AE-0FB7-4738-92F1-AC36D646E3F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute => Key deleted successfully.
C:\Windows\Tasks\Security Center Update - 3163983906.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07AEC6A9-A9B1-4762-ADFD-40B1955BD38E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07AEC6A9-A9B1-4762-ADFD-40B1955BD38E} => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-9.5-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-9.5-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5446598A-C671-4BB6-ABCF-E8A0A65DADA9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5446598A-C671-4BB6-ABCF-E8A0A65DADA9} => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-9.5-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-9.5-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60870FF6-5FC0-44B5-8F7E-D1430B097CC4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60870FF6-5FC0-44B5-8F7E-D1430B097CC4} => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68204996-519C-4FE6-AAC6-105239505BDC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68204996-519C-4FE6-AAC6-105239505BDC} => Key deleted successfully.
C:\Windows\System32\Tasks\media enhance-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\media enhance-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EB692CB-25E8-4130-95B4-7AD12CEC1044} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB692CB-25E8-4130-95B4-7AD12CEC1044} => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-9.5-updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-9.5-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9864FC0D-4D6C-4025-B6E2-746FCA44BBD0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9864FC0D-4D6C-4025-B6E2-746FCA44BBD0} => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-9.5-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-9.5-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E60D6F9-E8F7-473E-996E-258D4298B5FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E60D6F9-E8F7-473E-996E-258D4298B5FD} => Key deleted successfully.
C:\Windows\System32\Tasks\media enhance-updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\media enhance-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9167C7C-55E7-4112-9DF6-D2EE41DD427A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9167C7C-55E7-4112-9DF6-D2EE41DD427A} => Key deleted successfully.
C:\Windows\System32\Tasks\media enhance-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\media enhance-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F92D0714-9383-48FF-A7D8-8008F83FD6A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F92D0714-9383-48FF-A7D8-8008F83FD6A6} => Key deleted successfully.
C:\Windows\System32\Tasks\media enhance-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\media enhance-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD1596AF-2087-4C56-AAD7-9AF8D43F7CF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1596AF-2087-4C56-AAD7-9AF8D43F7CF2} => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-9.5-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-9.5-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF541199-87A7-4D69-BABA-9FF0826A6BAC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF541199-87A7-4D69-BABA-9FF0826A6BAC} => Key deleted successfully.
C:\Windows\System32\Tasks\media enhance-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\media enhance-codedownloader => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job not found.
"C:\Users\Seymour\AppData\Roaming\MYSEAR~1" => File/Directory not found.
"C:\Program Files (x86)\Plus-HD-9.5" => File/Directory not found.
"C:\Program Files (x86)\media enhance" => File/Directory not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

==== End of Fixlog ====



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 23 May 2014 - 02:07 PM

Hi jfparla,
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------
 
Does MSE still detect that file?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • New FRST log
  • Whether MSE still detects that file

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 May 2014 - 02:54 PM

Hi Toffee

 

Thanks for your quick response. Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Joan (administrator) on JOAN-PC on 23-05-2014 12:41:56
Running from E:\BP4Perlis\TOOLS
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-05-14] (Crawler, LLC)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer:
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A983B7E4-4D84-49C4-8CC2-9B33683F11C6} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.2-1307
SearchScopes: HKCU - {BEC0CE29-B610-4EF7-A0EC-8DECE333D0CF} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-05-14] (Crawler, LLC)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-01-08] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-23 11:10 - 2014-05-23 11:12 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 10:56 - 2014-05-23 10:56 - 00001066 _____ () C:\Windows\PFRO.log
2014-05-23 10:43 - 2014-05-23 10:55 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 10:38 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-23 10:38 - 2014-05-23 10:38 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000969 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2014-05-23 10:37 - 2014-05-23 10:37 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-22 11:42 - 2014-05-23 12:41 - 00000000 ____D () C:\FRST
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 13:00 - 2014-05-19 13:05 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 10:56 - 2014-05-23 10:56 - 00059198 _____ () C:\Windows\setupact.log
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 09:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:38 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:38 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:38 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:38 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:31 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:31 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:31 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:31 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:31 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:31 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:31 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:31 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:31 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:20 - 2014-05-16 08:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-06 09:17 - 2014-05-06 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-06 09:16 - 2014-05-16 08:25 - 00000000 ____D () C:\ProgramData\Western Digital
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-05-23 12:41 - 2014-05-22 11:42 - 00000000 ____D () C:\FRST
2014-05-23 12:38 - 2012-04-17 16:04 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-23 12:32 - 2012-12-24 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 12:18 - 2013-12-31 16:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 11:48 - 2011-04-16 14:39 - 00000000 ____D () C:\ProgramData\Kodak
2014-05-23 11:12 - 2014-05-23 11:10 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 11:05 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 11:05 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 11:03 - 2010-08-03 06:35 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9195FBFD-80A3-4030-A510-C24DD00D3271}
2014-05-23 11:01 - 2012-08-06 14:51 - 01973381 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 10:57 - 2013-12-31 16:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 10:56 - 2014-05-23 10:56 - 00001066 _____ () C:\Windows\PFRO.log
2014-05-23 10:56 - 2014-05-19 10:56 - 00059198 _____ () C:\Windows\setupact.log
2014-05-23 10:56 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 10:55 - 2014-05-23 10:43 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:55 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-23 10:38 - 2014-05-23 10:38 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000969 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2014-05-23 10:37 - 2014-05-23 10:37 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-23 10:18 - 2013-12-31 16:38 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 11:41 - 2009-07-13 22:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 14:00 - 2012-04-17 16:04 - 00003534 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-19 14:00 - 2012-04-17 16:04 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-19 13:05 - 2014-05-19 13:00 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 11:18 - 2012-08-06 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:52 - 2010-05-07 01:26 - 00000000 ____D () C:\ProgramData\Roxio
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 10:19 - 2012-07-02 13:36 - 00000000 ____D () C:\Windows\en
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-02-03 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 15:33 - 2013-01-08 15:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 08:26 - 2014-05-06 09:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-16 08:25 - 2014-05-06 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 06:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 05:44 - 2010-05-24 01:06 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 05:44 - 2010-05-24 01:03 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 23:38 - 2010-05-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 23:37 - 2013-08-14 23:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:35 - 2012-08-06 16:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:04 - 2012-12-24 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:03 - 2012-12-24 08:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:03 - 2012-12-24 08:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:14 - 2012-04-17 16:04 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-13 07:44 - 2012-04-17 16:04 - 00004270 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-08 14:13 - 2013-12-31 16:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:13 - 2013-12-31 16:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:07 - 2012-08-06 15:47 - 00776282 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:32 - 2009-07-13 22:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 09:23 - 2014-05-06 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-05 22:35 - 2011-04-20 17:18 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{906C7FBD-FA52-436C-B51A-8800E5274033}
2014-05-05 21:40 - 2014-05-14 23:38 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-14 23:38 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-14 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-14 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:38 - 2010-05-26 21:17 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Adobe
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList
2014-04-23 04:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\Temp\nsmB627.exe
C:\Users\Joan\AppData\Local\Temp\nsx91D1.exe
C:\Users\Joan\AppData\Local\Temp\nsx9490.exe
C:\Users\Joan\AppData\Local\Temp\nsxB359.exe
C:\Users\Joan\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 03:41

==================== End Of Log ============================

 

MSE reports no threats now but Zbot.AJB was quarantined 2 hours ago.

 

Thanks again

 

jfparla



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 24 May 2014 - 02:26 PM

Hi jfparla,
 
I noticed there were some Mcafee leftovers in your logs, so please download and run the McAfee Consumer Product Removal (MCPR) tool. Follow the prompts presented, and reboot after the tool has finished.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-05-14] (Crawler, LLC)
C:\Program Files (x86)\PCTechHotline
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
ProxyServer: 
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A983B7E4-4D84-49C4-8CC2-9B33683F11C6} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.2-1307
SearchScopes: HKCU - {BEC0CE29-B610-4EF7-A0EC-8DECE333D0CF} URL =
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-05-14] (Crawler, LLC)
2014-05-23 10:38 - 2014-05-23 10:38 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000969 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2014-05-23 10:37 - 2014-05-23 10:37 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
C:\Users\Joan\AppData\Local\Temp\nsmB627.exe
C:\Users\Joan\AppData\Local\Temp\nsx91D1.exe
C:\Users\Joan\AppData\Local\Temp\nsx9490.exe
C:\Users\Joan\AppData\Local\Temp\nsxB359.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------

This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

--------------
 
How is your computer running now?
 
--------------
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Malwarebytes log
  • ESET log
  • New FRST.txt
  • How your computer is running now

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 24 May 2014 - 05:03 PM

Hi Toffee

 

Here is the fixlog.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Joan (administrator) on JOAN-PC on 23-05-2014 12:41:56
Running from E:\BP4Perlis\TOOLS
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-05-14] (Crawler, LLC)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer:
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0FtD0EyDyCyE0A0E0BtCtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0CyCzyyDyDtBtG0AyC0FyBtG0CyDyD0EtGzytA0CyDtGyCtDyCzztCyDtBzztDyEyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0D0CyE0FtD0FtGyEtAtB0BtGtCtB0C0AtGyByC0F0EtGtCyEtCzytC0BzyyC0C0E0DyD2Q&cr=981130552&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A983B7E4-4D84-49C4-8CC2-9B33683F11C6} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.2-1307
SearchScopes: HKCU - {BEC0CE29-B610-4EF7-A0EC-8DECE333D0CF} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-05-14] (Crawler, LLC)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-01-08] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-23 11:10 - 2014-05-23 11:12 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 10:56 - 2014-05-23 10:56 - 00001066 _____ () C:\Windows\PFRO.log
2014-05-23 10:43 - 2014-05-23 10:55 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 10:38 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-23 10:38 - 2014-05-23 10:38 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000969 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2014-05-23 10:37 - 2014-05-23 10:37 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-22 11:42 - 2014-05-23 12:41 - 00000000 ____D () C:\FRST
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 13:00 - 2014-05-19 13:05 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 10:56 - 2014-05-23 10:56 - 00059198 _____ () C:\Windows\setupact.log
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 09:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:38 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:38 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:38 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:38 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:31 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:31 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:31 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:31 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:31 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:31 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:31 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:31 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:31 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:20 - 2014-05-16 08:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-06 09:17 - 2014-05-06 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-06 09:16 - 2014-05-16 08:25 - 00000000 ____D () C:\ProgramData\Western Digital
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-05-23 12:41 - 2014-05-22 11:42 - 00000000 ____D () C:\FRST
2014-05-23 12:38 - 2012-04-17 16:04 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-23 12:32 - 2012-12-24 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 12:18 - 2013-12-31 16:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 11:48 - 2011-04-16 14:39 - 00000000 ____D () C:\ProgramData\Kodak
2014-05-23 11:12 - 2014-05-23 11:10 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 11:05 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 11:05 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 11:03 - 2010-08-03 06:35 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9195FBFD-80A3-4030-A510-C24DD00D3271}
2014-05-23 11:01 - 2012-08-06 14:51 - 01973381 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 10:57 - 2013-12-31 16:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 10:56 - 2014-05-23 10:56 - 00001066 _____ () C:\Windows\PFRO.log
2014-05-23 10:56 - 2014-05-19 10:56 - 00059198 _____ () C:\Windows\setupact.log
2014-05-23 10:56 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 10:55 - 2014-05-23 10:43 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:55 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-23 10:38 - 2014-05-23 10:38 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000969 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2014-05-23 10:38 - 2014-05-23 10:38 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2014-05-23 10:37 - 2014-05-23 10:37 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-23 10:18 - 2013-12-31 16:38 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 11:41 - 2009-07-13 22:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 14:00 - 2012-04-17 16:04 - 00003534 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-19 14:00 - 2012-04-17 16:04 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-19 13:05 - 2014-05-19 13:00 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 11:18 - 2012-08-06 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:52 - 2010-05-07 01:26 - 00000000 ____D () C:\ProgramData\Roxio
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 10:19 - 2012-07-02 13:36 - 00000000 ____D () C:\Windows\en
2014-05-19 09:55 - 2014-05-19 09:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-02-03 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 15:33 - 2013-01-08 15:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 08:26 - 2014-05-06 09:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-16 08:25 - 2014-05-06 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 06:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 05:44 - 2010-05-24 01:06 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 05:44 - 2010-05-24 01:03 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 23:38 - 2010-05-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 23:37 - 2013-08-14 23:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:35 - 2012-08-06 16:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:04 - 2012-12-24 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:03 - 2012-12-24 08:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:03 - 2012-12-24 08:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:14 - 2012-04-17 16:04 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-13 07:44 - 2012-04-17 16:04 - 00004270 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-08 14:13 - 2013-12-31 16:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:13 - 2013-12-31 16:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:07 - 2012-08-06 15:47 - 00776282 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:32 - 2009-07-13 22:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 09:23 - 2014-05-06 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-05 22:35 - 2011-04-20 17:18 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{906C7FBD-FA52-436C-B51A-8800E5274033}
2014-05-05 21:40 - 2014-05-14 23:38 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-14 23:38 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-14 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-14 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:38 - 2010-05-26 21:17 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Adobe
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieUserList
2014-04-23 07:51 - 2014-04-23 07:51 - 00000000 __SHD () C:\Users\Seymour\AppData\Local\EmieSiteList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieUserList
2014-04-23 05:05 - 2014-04-23 05:05 - 00000000 __SHD () C:\Users\Joan\AppData\Local\EmieSiteList
2014-04-23 04:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\Temp\nsmB627.exe
C:\Users\Joan\AppData\Local\Temp\nsx91D1.exe
C:\Users\Joan\AppData\Local\Temp\nsx9490.exe
C:\Users\Joan\AppData\Local\Temp\nsxB359.exe
C:\Users\Joan\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 03:41

==================== End Of Log ============================

 

Here is the log from the 2nd mbam run

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/24/2014
Scan Time: 2:43:13 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.08
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329060
Time Elapsed: 10 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESET is running I will send results when complete along with other requested info.

 

Thanks

 

jfparla



#12 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 24 May 2014 - 07:06 PM

Hi Toffee

 

Here are the ESET results

 

AC:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application 
C:\$Recycle.Bin\S-1-5-21-2218131082-3251598230-3116958278-1004\$R5ZSRGL.tmp a variant of MSIL/DomaIQ.X potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2218131082-3251598230-3116958278-1004\$RSDBOXG.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2218131082-3251598230-3116958278-1004\$R4WWXFV\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2218131082-3251598230-3116958278-1004\$R4WWXFV\software\OptimizerPro.exe Win32/SpeedingUpMyPC.I application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-2218131082-3251598230-3116958278-1004\$RB1NUOD\setup.exe multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg\10.21.1.7_2\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdajbhgjikacgjmhlaelpmljbelkmbdg\10.21.1.7_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Seymour\AppData\LocalLow\MyWebSearch\bar\Cache\01C168F8.exe.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Free Easy CD DVD Burner\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup[1]_v4.37.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\expressrip.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\ripsetup_v1.70.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressRip\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\CRE\gdajbhgjikacgjmhlaelpmljbelkmbdg.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AH02QWT0\spstub[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2ZJCOOX\SPDetector[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\SmileBox_EN\ldrtbSmi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\SmileBox_EN\ldrtbSmil.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\SmileBox_EN\tbSmi0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\SmileBox_EN\tbSmi1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\SmileBox_EN\tbSmil.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\Temp\nsh6322.tmp a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Joan\AppData\Local\Temp\nsm70AA\SpSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe\1.0.0_0\background.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe\1.0.0_0\content.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\LocalLow\SmileBox_EN\ldrtbSmi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\LocalLow\SmileBox_EN\ldrtbSmil.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\LocalLow\SmileBox_EN\tbSmi0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Seymour\AppData\LocalLow\SmileBox_EN\tbSmil.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSI3614.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined

 

 

Here is the FRST results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1
Ran by Joan (administrator) on JOAN-PC on 24-05-2014 16:46:32
Running from E:\BP4Perlis\TOOLS
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2218131082-3251598230-3116958278-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Joan\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-01-08] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-24 14:58 - 2014-05-24 14:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-24 14:51 - 2014-05-24 14:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-24 14:37 - 2014-05-24 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 10:56 - 2014-05-24 14:32 - 00204968 _____ () C:\Windows\PFRO.log
2014-05-23 10:43 - 2014-05-23 10:55 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 10:38 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-22 11:42 - 2014-05-24 16:46 - 00000000 ____D () C:\FRST
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 13:00 - 2014-05-19 13:05 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 10:56 - 2014-05-24 14:32 - 00066490 _____ () C:\Windows\setupact.log
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 09:55 - 2014-05-24 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 09:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:38 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:38 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:38 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:38 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:38 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:31 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:31 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:31 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:31 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:31 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:31 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:31 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:31 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:31 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:31 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:31 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:31 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:31 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:31 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:20 - 2014-05-16 08:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-06 09:17 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-06 09:17 - 2014-05-06 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-06 09:16 - 2014-05-16 08:25 - 00000000 ____D () C:\ProgramData\Western Digital

==================== One Month Modified Files and Folders =======

2014-05-24 16:46 - 2014-05-22 11:42 - 00000000 ____D () C:\FRST
2014-05-24 16:38 - 2014-02-10 12:12 - 00000000 ____D () C:\Program Files (x86)\Free Easy CD DVD Burner
2014-05-24 16:38 - 2011-12-14 16:28 - 00000000 ____D () C:\Users\Joan\AppData\Local\SmileBox_EN
2014-05-24 16:35 - 2012-04-17 16:04 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-24 16:32 - 2012-12-24 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 16:18 - 2013-12-31 16:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 14:58 - 2014-05-24 14:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-24 14:53 - 2014-05-24 14:51 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-24 14:43 - 2014-05-24 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 14:40 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 14:40 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 14:37 - 2012-08-06 14:51 - 02028728 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 14:33 - 2013-12-31 16:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 14:32 - 2014-05-23 10:56 - 00204968 _____ () C:\Windows\PFRO.log
2014-05-24 14:32 - 2014-05-19 10:56 - 00066490 _____ () C:\Windows\setupact.log
2014-05-24 14:32 - 2011-04-16 14:39 - 00000000 ____D () C:\ProgramData\Kodak
2014-05-24 14:32 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 14:05 - 2014-05-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 14:05 - 2014-05-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-24 13:59 - 2010-08-03 06:35 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9195FBFD-80A3-4030-A510-C24DD00D3271}
2014-05-23 10:55 - 2014-05-23 10:43 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:55 - 2014-05-23 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-23 10:18 - 2013-12-31 16:38 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 11:41 - 2009-07-13 22:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 14:00 - 2012-04-17 16:04 - 00003534 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-19 14:00 - 2012-04-17 16:04 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-19 13:05 - 2014-05-19 13:00 - 00000000 ____D () C:\Users\Joan\Downloads\BleepngComputer
2014-05-19 13:02 - 2014-05-19 13:02 - 00020218 _____ () C:\Users\Joan\Desktop\dds.txt
2014-05-19 13:02 - 2014-05-19 13:02 - 00008835 _____ () C:\Users\Joan\Desktop\attach.txt
2014-05-19 11:18 - 2014-05-19 11:18 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-19 11:18 - 2014-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-19 11:18 - 2012-08-06 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-19 10:56 - 2014-05-19 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 10:52 - 2010-05-07 01:26 - 00000000 ____D () C:\ProgramData\Roxio
2014-05-19 10:43 - 2014-05-19 10:43 - 00804158 _____ () C:\Users\Joan\Documents\cc_20140519_104341.reg
2014-05-19 10:19 - 2012-07-02 13:36 - 00000000 ____D () C:\Windows\en
2014-05-19 09:55 - 2014-02-03 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 15:33 - 2013-01-08 15:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 08:26 - 2014-05-06 09:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-16 08:25 - 2014-05-16 08:25 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-16 08:25 - 2014-05-06 09:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-16 08:25 - 2014-05-06 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:21 - 2014-05-15 09:21 - 00000000 ___RD () C:\Users\Seymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 06:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 05:44 - 2010-05-24 01:06 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 05:44 - 2010-05-24 01:03 - 00000000 ___RD () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 23:38 - 2010-05-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 23:37 - 2013-08-14 23:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:35 - 2012-08-06 16:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:04 - 2012-12-24 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:03 - 2012-12-24 08:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:03 - 2012-12-24 08:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:14 - 2012-04-17 16:04 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-13 07:44 - 2012-04-17 16:04 - 00004270 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-12 12:48 - 2014-05-12 12:48 - 00027673 _____ () C:\Users\Joan\Documents\Dinner Menu.htm
2014-05-12 12:48 - 2014-05-12 12:48 - 00000000 ____D () C:\Users\Joan\Documents\Dinner Menu_files
2014-05-12 07:26 - 2014-05-19 09:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:13 - 2013-12-31 16:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:13 - 2013-12-31 16:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:07 - 2012-08-06 15:47 - 00776282 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-06 18:12 - 2014-05-06 18:12 - 00000171 _____ () C:\Users\Seymour\Desktop\Google.url
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western_Digital_Technolog
2014-05-06 09:52 - 2014-05-06 09:52 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Western Digital
2014-05-06 09:35 - 2014-05-06 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western_Digital_Technolog
2014-05-06 09:34 - 2014-05-06 09:34 - 00000000 ____D () C:\Users\Joan\AppData\Local\Western Digital
2014-05-06 09:32 - 2014-05-06 09:32 - 00126736 _____ () C:\Users\Joan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 09:32 - 2009-07-13 22:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 09:23 - 2014-05-06 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-05-05 22:35 - 2011-04-20 17:18 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{906C7FBD-FA52-436C-B51A-8800E5274033}
2014-05-05 21:40 - 2014-05-14 23:38 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-14 23:38 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-14 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-14 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-14 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:38 - 2010-05-26 21:17 - 00000000 ____D () C:\Users\Seymour\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Joan\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 03:41

==================== End Of Log ============================

 

 

MSE seems to be OK

 

These apps were installed during the AdWare scan and still remain

 

PC Fix Speed

PC Tech Hotline

Soft-Now Bundle

 

These pgms show in control panel pgms & features but other pgms like MS Office that were installed months earlier are not listed but do show in CCleaner.

 

 

Thank you

 

jfparla

 



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 25 May 2014 - 02:32 PM

Hi jfparla,
 
Download Windows Repair (All in One) from this site
Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

NOTE 3. Ignore the step number in the pictures as these are old.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart the computer.

p22004342.gif

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22004343.gif

Go to Step 5 and under "System Restore" click on Create button:

p22004346.gif

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif
 
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
--------------

 

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    PC Fix Speed
    PC Tech Hotline
    Soft-Now Bundle
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
ProxyServer: 
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-05-23 10:38 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Do the programs appear in the control panel now?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Windows Repair log
  • Fixlog.txt
  • Do the programs appear in the control panel?

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 May 2014 - 04:30 PM

Hi Toffee

 

I have the info you requested

 

Here is the Windows Repair log

 

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: JOAN-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Joan
Current Profile SID: S-1-5-21-2218131082-3251598230-3116958278-1000
Current Profile Classes: S-1-5-21-2218131082-3251598230-3116958278-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Joan\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:22:01

Process Count: 61
Commit Total: 2.18 GB
Commit Limit: 11.92 GB
Commit Peak: 2.83 GB
Handle Count: 18725
Kernel Total: 519.30 MB
Kernel Paged: 412.25 MB
Kernel Non Paged: 107.05 MB
System Cache: 4.13 GB
Thread Count: 829
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.96 GB
Memory Used: 1.82 GB(30.5251%)
Memory Avail.: 4.14 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.96 GB
Memory Used: 1.51 GB(25.2693%)
Memory Avail.: 4.45 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Start (5/25/2014 1:30:46 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (5/25/2014 1:30:49 PM)
   Running Repair Under Current User Account
   Done (5/25/2014 1:30:57 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (5/25/2014 1:30:58 PM)
   Running Repair Under System Account
   Done (5/25/2014 1:34:56 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (5/25/2014 1:34:56 PM)
   Running Repair Under System Account
   Done (5/25/2014 1:36:04 PM)

03 - Reset Service Permissions
   Start (5/25/2014 1:36:04 PM)
   Running Repair Under System Account
   Done (5/25/2014 1:36:10 PM)

04 - Register System Files
   Start (5/25/2014 1:36:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:36:32 PM)

05 - Repair WMI
   Start (5/25/2014 1:36:32 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Microsoft Security Essentials Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (5/25/2014 1:38:54 PM)

06 - Repair Windows Firewall
   Start (5/25/2014 1:38:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:39:30 PM)

07 - Repair Internet Explorer
   Start (5/25/2014 1:39:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:39:53 PM)

08 - Repair MDAC/MS Jet
   Start (5/25/2014 1:39:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:00 PM)

09 - Repair Hosts File
   Start (5/25/2014 1:40:00 PM)
   Running Repair Under System Account
   Done (5/25/2014 1:40:02 PM)

10 - Remove Policies Set By Infections
   Start (5/25/2014 1:40:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:07 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (5/25/2014 1:40:07 PM)
   Running Repair Under System Account
   Done (5/25/2014 1:40:09 PM)

12 - Repair Icons
   Start (5/25/2014 1:40:10 PM)
   Running Repair Under Current User Account
   Done (5/25/2014 1:40:12 PM)

13 - Repair Winsock & DNS Cache
   Start (5/25/2014 1:40:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:31 PM)

15 - Repair Proxy Settings
   Start (5/25/2014 1:40:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:36 PM)

17 - Repair Windows Updates
   Start (5/25/2014 1:40:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:51 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (5/25/2014 1:40:51 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (5/25/2014 1:40:51 PM)

19 - Repair Volume Shadow Copy Service
   Start (5/25/2014 1:40:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:40:56 PM)

21 - Repair MSI (Windows Installer)
   Start (5/25/2014 1:40:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:05 PM)

23.01 - Repair bat Association
   Start (5/25/2014 1:41:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:10 PM)

23.02 - Repair cmd Association
   Start (5/25/2014 1:41:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:15 PM)

23.03 - Repair com Association
   Start (5/25/2014 1:41:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:20 PM)

23.04 - Repair Directory Association
   Start (5/25/2014 1:41:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:25 PM)

23.05 - Repair Drive Association
   Start (5/25/2014 1:41:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:29 PM)

23.06 - Repair exe Association
   Start (5/25/2014 1:41:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:34 PM)

23.07 - Repair Folder Association
   Start (5/25/2014 1:41:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:40 PM)

23.08 - Repair inf Association
   Start (5/25/2014 1:41:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:44 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (5/25/2014 1:41:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:49 PM)

23.10 - Repair msc Association
   Start (5/25/2014 1:41:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:54 PM)

23.11 - Repair reg Association
   Start (5/25/2014 1:41:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:41:59 PM)

23.12 - Repair scr Association
   Start (5/25/2014 1:41:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:42:04 PM)

24 - Repair Windows Safe Mode
   Start (5/25/2014 1:42:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:42:09 PM)

25 - Repair Print Spooler
   Start (5/25/2014 1:42:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:42:22 PM)

26 - Restore Important Windows Services
   Start (5/25/2014 1:42:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:42:31 PM)

27 - Set Windows Services To Default Startup
   Start (5/25/2014 1:42:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (5/25/2014 1:42:36 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

Cleaning up empty logs...

All Selected Repairs Done.
   Done (5/25/2014 1:42:36 PM)
   Total Repair Time: 00:11:53

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Joan at 2014-05-25 14:13:36 Run:3
Running from E:\BP4Perlis\TOOLS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-05-23 10:38 - 2014-05-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle" => File/Directory not found.

==== End of Fixlog ====

 

The programs do NOT appear in control panel. CCleaner shows many more programs installed including MS Office. The 3 programs were removed by REVO.

 

Thanks for continuing to work with me.

 

jfparla



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:24 AM

Posted 26 May 2014 - 12:08 PM

Hi jfparla,
 
Running MiniRegTool to Export a key:

  • Please download MiniRegTool.zip and save it your clean computer.
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

  • Check the Export keys radio button.
  • Press the Go button.
  • When finished, Miniregtool will generate a log (Result.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Result.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users