Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome (browser.exe) processes - Another Victim


  • This topic is locked This topic is locked
7 replies to this topic

#1 jakesmith

jakesmith

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 30 August 2014 - 11:18 PM

Hello,

 

I have the fake google chrome malware on my laptop. I followed the steps in the following link but with no success. http://www.bleepingcomputer.com/forums/t/546245/fake-google-chrome-browserexe-processes-i-have-it-as-well/

 

I would greatly appreciate some help.

Thank you.

 

Jake

 

EDIT: I just restored my computer to 6 hours earlier. So far I have not seen any fake google chrome pop ups. 

I am running a McAfee Scan to see if there's anything else. 

Is it possible that the malware was removed simply by restoring my system to before the incident occurred?


Edited by jakesmith, 30 August 2014 - 11:47 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 31 August 2014 - 04:25 AM

Hello Jake,

let's check the current state of your computer with a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 jakesmith

jakesmith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 August 2014 - 10:32 AM

Okay. Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014
Ran by Jake (administrator) on JAKE-HP on 31-08-2014 11:26:51
Running from C:\Users\Jake\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(S p i g o t, I n c.) C:\Users\Jake\AppData\Roaming\Search Protection\SearchProtection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe
(Microsoft Corporation) C:\6a475987780a56af9bb966\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-553285794-1825894960-1134312060-1000\...\Run: [SearchProtection] => C:\Users\Jake\AppData\Roaming\Search Protection\SearchProtection.EXE [1109352 2014-08-22] (S p i g o t, I n c.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {97E914D2-1B50-4327-BA7C-D170812E74C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {97E914D2-1B50-4327-BA7C-D170812E74C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {9C0CF8AF-AF85-4618-9740-5FC1FCACF2F1} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {97E914D2-1B50-4327-BA7C-D170812E74C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {9C0CF8AF-AF85-4618-9740-5FC1FCACF2F1} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-28]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-27] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S2 0203611409352260mcinstcleanup; C:\Windows\TEMP\020361~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-16] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2978520 2013-10-07] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 11:26 - 2014-08-31 11:28 - 00017221 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-08-31 11:26 - 2014-08-31 11:26 - 02104320 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-08-31 11:26 - 2014-08-31 11:26 - 00000000 ____D () C:\FRST
2014-08-31 11:25 - 2014-08-31 11:25 - 00000000 ____D () C:\6a475987780a56af9bb966
2014-08-31 11:24 - 2014-08-31 11:24 - 02104320 _____ (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2014-08-31 10:32 - 2014-08-31 10:32 - 00000000 ____D () C:\Users\Jake\Documents\Avatar
2014-08-31 10:22 - 2014-08-31 10:22 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\CyberLink
2014-08-31 10:18 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-31 10:18 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-31 10:18 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-31 10:18 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-31 10:18 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-31 10:18 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-31 10:18 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-31 10:18 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-31 10:17 - 2014-08-31 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 01:35 - 2014-08-31 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-30 23:49 - 2014-08-30 23:49 - 00003934 _____ () C:\Users\Jake\Documents\fixlist.txt
2014-08-30 23:34 - 2014-08-30 23:34 - 00018719 _____ () C:\ComboFix.txt
2014-08-30 23:22 - 2014-08-30 23:34 - 00000000 ____D () C:\Qoobox
2014-08-30 23:22 - 2014-08-30 23:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 22:52 - 2014-08-30 22:52 - 00000000 _____ () C:\autoexec.bat
2014-08-30 22:49 - 2014-08-30 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 22:44 - 2014-08-31 10:34 - 00007606 _____ () C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
2014-08-30 22:44 - 2014-08-31 00:37 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 19:30 - 2014-08-31 10:22 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-30 18:18 - 2014-08-30 18:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Apple Computer
2014-08-30 18:18 - 2014-08-30 18:18 - 00000000 ____D () C:\Users\Jake\AppData\Local\Apple Computer
2014-08-30 18:16 - 2014-08-31 00:37 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-30 18:16 - 2014-08-31 00:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-30 18:16 - 2014-08-31 00:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-30 18:16 - 2014-08-30 18:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 18:15 - 2014-08-30 18:15 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Users\Jake\AppData\Local\Apple
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 18:14 - 2014-08-31 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-08-30 18:14 - 2014-08-30 18:14 - 00003210 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-08-30 18:14 - 2014-08-30 18:14 - 00002498 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-08-30 18:14 - 2014-08-30 18:14 - 00001165 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-08-30 18:14 - 2014-08-30 18:14 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Search Protection
2014-08-30 18:14 - 2014-08-30 18:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 18:13 - 2014-08-30 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\OpenCandy
2014-08-30 18:12 - 2014-08-31 00:38 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\uTorrent
2014-08-30 15:26 - 2014-08-30 15:33 - 00000000 ____D () C:\Users\Jake\Desktop\School
2014-08-30 05:23 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-30 05:23 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-30 00:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-29 19:15 - 2014-08-29 19:15 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-08-29 19:12 - 2014-08-30 17:51 - 00000000 ____D () C:\Users\Jake\Documents\mac
2014-08-29 19:11 - 2014-08-29 19:11 - 00006148 ____H () C:\Users\Public\Documents\.DS_Store
2014-08-29 19:11 - 2014-08-29 19:11 - 00006148 ____H () C:\Users\Public\.DS_Store
2014-08-29 19:00 - 2014-08-29 19:00 - 00000000 ____D () C:\Users\Jake\Documents\folderz
2014-08-29 18:44 - 2014-08-31 10:22 - 00000000 ____D () C:\Users\Jake\Documents\Youcam
2014-08-29 18:44 - 2014-08-29 18:44 - 00058016 _____ () C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 18:44 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Macromedia
2014-08-29 18:44 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\AppData\Local\CyberLink
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Synaptics
2014-08-29 18:42 - 2014-08-29 19:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{006D1FDF-0420-42A8-9B9A-247CEB8C505E}
2014-08-29 18:42 - 2014-08-29 19:15 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Adobe
2014-08-29 18:42 - 2014-08-29 18:42 - 00001413 _____ () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\Users\Jake\AppData\Local\VirtualStore
2014-08-29 18:41 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Hewlett-Packard
2014-08-29 18:40 - 2014-08-29 18:40 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\hpqlog
2014-08-29 18:39 - 2014-08-29 18:40 - 00000000 ____D () C:\Users\Jake\AppData\Local\Hewlett-Packard
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\RemEngine
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\Power2Go8
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\Hewlett-Packard_Company
2014-08-29 18:39 - 2013-12-28 10:06 - 00002218 _____ () C:\Users\Public\Desktop\Snapfish.lnk
2014-08-29 18:39 - 2013-12-28 10:03 - 00002266 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-08-29 18:38 - 2014-08-31 00:40 - 00000000 ____D () C:\Users\Jake
2014-08-29 18:38 - 2014-08-29 18:38 - 00000020 ___SH () C:\Users\Jake\ntuser.ini
2014-08-29 18:38 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-29 18:38 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-29 18:38 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-29 18:38 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-29 18:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-29 18:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-29 18:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-29 18:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 18:38 - 2014-03-15 01:21 - 00000000 ___HD () C:\Users\Jake\Documents\hp.system.package.metadata
2014-08-29 18:38 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-29 18:38 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-29 18:37 - 2014-08-31 11:24 - 01070617 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 11:28 - 2014-08-31 11:26 - 00017221 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-08-31 11:26 - 2014-08-31 11:26 - 02104320 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-08-31 11:26 - 2014-08-31 11:26 - 00000000 ____D () C:\FRST
2014-08-31 11:26 - 2009-07-14 01:13 - 00794652 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 11:25 - 2014-08-31 11:25 - 00000000 ____D () C:\6a475987780a56af9bb966
2014-08-31 11:24 - 2014-08-31 11:24 - 02104320 _____ (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2014-08-31 11:24 - 2014-08-29 18:37 - 01070617 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 11:08 - 2014-03-15 01:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 10:56 - 2014-03-15 01:19 - 00774498 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 10:34 - 2014-08-30 22:44 - 00007606 _____ () C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
2014-08-31 10:32 - 2014-08-31 10:32 - 00000000 ____D () C:\Users\Jake\Documents\Avatar
2014-08-31 10:22 - 2014-08-31 10:22 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\CyberLink
2014-08-31 10:22 - 2014-08-30 19:30 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-31 10:22 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\Documents\Youcam
2014-08-31 10:22 - 2013-12-28 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-31 10:17 - 2014-08-31 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 01:35 - 2014-08-31 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-31 01:35 - 2013-12-28 10:11 - 00001844 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-08-31 00:58 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 00:58 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 00:40 - 2014-08-29 18:38 - 00000000 ____D () C:\Users\Jake
2014-08-31 00:40 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-31 00:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 00:39 - 2009-07-14 00:51 - 00040141 _____ () C:\Windows\setupact.log
2014-08-31 00:38 - 2014-08-30 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-08-31 00:38 - 2014-08-30 18:12 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\uTorrent
2014-08-31 00:37 - 2014-08-30 22:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-31 00:37 - 2014-08-30 18:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-31 00:37 - 2014-08-30 18:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-31 00:37 - 2014-08-30 18:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-31 00:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-31 00:35 - 2013-12-28 10:04 - 00000000 ____D () C:\ProgramData\Temp
2014-08-30 23:49 - 2014-08-30 23:49 - 00003934 _____ () C:\Users\Jake\Documents\fixlist.txt
2014-08-30 23:34 - 2014-08-30 23:34 - 00018719 _____ () C:\ComboFix.txt
2014-08-30 23:34 - 2014-08-30 23:22 - 00000000 ____D () C:\Qoobox
2014-08-30 23:32 - 2014-08-30 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 22:52 - 2014-08-30 22:52 - 00000000 _____ () C:\autoexec.bat
2014-08-30 22:49 - 2014-08-30 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 18:20 - 2014-08-30 18:18 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Apple Computer
2014-08-30 18:18 - 2014-08-30 18:18 - 00000000 ____D () C:\Users\Jake\AppData\Local\Apple Computer
2014-08-30 18:16 - 2014-08-30 18:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 18:15 - 2014-08-30 18:15 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Users\Jake\AppData\Local\Apple
2014-08-30 18:15 - 2014-08-30 18:15 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 18:15 - 2013-12-28 09:59 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 18:14 - 2014-08-30 18:14 - 00003210 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-08-30 18:14 - 2014-08-30 18:14 - 00002498 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-08-30 18:14 - 2014-08-30 18:14 - 00001165 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-08-30 18:14 - 2014-08-30 18:14 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Search Protection
2014-08-30 18:14 - 2014-08-30 18:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 18:14 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2014-08-30 18:13 - 2014-08-30 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\OpenCandy
2014-08-30 17:51 - 2014-08-29 19:12 - 00000000 ____D () C:\Users\Jake\Documents\mac
2014-08-30 15:33 - 2014-08-30 15:26 - 00000000 ____D () C:\Users\Jake\Desktop\School
2014-08-30 02:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-30 02:34 - 2007-01-01 21:25 - 00000000 ____D () C:\Windows\Panther
2014-08-30 00:52 - 2013-12-28 10:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-29 23:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-29 19:32 - 2014-08-29 18:42 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{006D1FDF-0420-42A8-9B9A-247CEB8C505E}
2014-08-29 19:15 - 2014-08-29 19:15 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-08-29 19:15 - 2014-08-29 18:42 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Adobe
2014-08-29 19:11 - 2014-08-29 19:11 - 00006148 ____H () C:\Users\Public\Documents\.DS_Store
2014-08-29 19:11 - 2014-08-29 19:11 - 00006148 ____H () C:\Users\Public\.DS_Store
2014-08-29 19:11 - 2013-12-28 11:05 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-08-29 19:00 - 2014-08-29 19:00 - 00000000 ____D () C:\Users\Jake\Documents\folderz
2014-08-29 18:44 - 2014-08-29 18:44 - 00058016 _____ () C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 18:44 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Macromedia
2014-08-29 18:44 - 2014-08-29 18:44 - 00000000 ____D () C:\Users\Jake\AppData\Local\CyberLink
2014-08-29 18:44 - 2014-08-29 18:41 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Hewlett-Packard
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Synaptics
2014-08-29 18:42 - 2014-08-29 18:42 - 00001413 _____ () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\Users\Jake\AppData\Local\VirtualStore
2014-08-29 18:41 - 2011-02-10 15:23 - 00000000 ____D () C:\SWSetup
2014-08-29 18:40 - 2014-08-29 18:40 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\hpqlog
2014-08-29 18:40 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\Hewlett-Packard
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\RemEngine
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\Power2Go8
2014-08-29 18:39 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Jake\AppData\Local\Hewlett-Packard_Company
2014-08-29 18:39 - 2014-03-15 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-08-29 18:39 - 2014-03-15 01:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-08-29 18:39 - 2014-03-15 01:25 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-08-29 18:39 - 2014-03-15 01:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-08-29 18:39 - 2014-03-15 01:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-08-29 18:39 - 2013-12-28 10:03 - 00000000 ___RD () C:\Program Files\Online Services
2014-08-29 18:39 - 2011-02-10 15:23 - 00000000 ___HD () C:\SYSTEM.SAV
2014-08-29 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-08-29 18:39 - 2007-01-01 21:32 - 00000000 ____D () C:\Recovery
2014-08-29 18:38 - 2014-08-29 18:38 - 00000020 ___SH () C:\Users\Jake\ntuser.ini
2014-08-29 18:38 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-06 22:06 - 2014-08-30 05:23 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-30 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Jake\AppData\Local\Temp\uttC2F2.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2007-01-01 21:26

==================== End Of Log ============================

 

 

And here is Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014
Ran by Jake at 2014-08-31 11:29:08
Running from C:\Users\Jake\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33394 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3416 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.2.3302 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{5B6F604A-7144-40C1-B73C-20781779B944}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1113 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protection (HKCU\...\Search Protection) (Version: 9.7.0.4 - Spigot, Inc.) <==== ATTENTION
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-08-2014 22:14:01 Uniblue SpeedUpMyPC installation
30-08-2014 22:15:53 Installed iTunes
31-08-2014 02:45:22 Installed SpyHunter
31-08-2014 03:08:13 Removed SpyHunter
31-08-2014 04:31:44 Restore Operation
31-08-2014 14:17:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {336DA8EF-1B63-4287-BEEF-EFEE7938DFC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {38EDCB81-FFF9-4177-9A67-22EBC536F5A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {4FCBF308-D26E-4166-9D62-681346DF72EB} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {68BA659B-2F2A-4CB3-9D56-26C20A9A5CCB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {93A21798-5D79-4147-8186-1E7B3D6032B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {A231ECA1-8902-42A1-84A4-1E5DC2A1AB46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D02DCCFF-A434-4761-8870-A85855574B40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {D845119C-5DC3-4764-BFBF-FD26E978A4F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {E2235CD1-E077-4929-9CC9-0D1B8D2CD314} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {EB345299-4FD3-4FC9-9963-FD64FBCA48CF} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-28 10:07 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 19:48 - 2013-08-05 19:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-28 09:47 - 2013-09-03 21:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-04-04 01:53 - 2012-04-04 01:53 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jake\Desktop\School:AFP_AFPINFO

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 10:27:39 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070005

Error: (08/31/2014 10:27:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005

Error: (08/31/2014 10:27:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005

Error: (08/31/2014 10:27:22 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/31/2014 00:41:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 00:05:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 00:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/31/2014 00:42:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/31/2014 00:33:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.

Error: (08/30/2014 11:32:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/30/2014 11:31:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/30/2014 11:29:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/30/2014 11:26:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0203611409352260) service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/30/2014 07:32:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (08/30/2014 05:55:43 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/30/2014 03:25:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/30/2014 02:36:45 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Microsoft Office Sessions:
=========================
Error: (08/31/2014 10:27:39 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070005
SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

Error: (08/31/2014 10:27:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (08/31/2014 10:27:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (08/31/2014 10:27:22 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569

Error: (08/31/2014 01:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/31/2014 00:41:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 00:05:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 00:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-08-30 23:31:37.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-30 23:31:37.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 12222.3 MB
Available physical RAM: 8264.56 MB
Total Pagefile: 24442.77 MB
Available Pagefile: 20498.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.83 GB) (Free:456.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:22.51 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BD31E817)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End Of Log ============================

 

Thank you!!



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 31 August 2014 - 11:05 AM

Hi,

restoring the system seems to have helped.


Step 1

Please uninstall some programs:
  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Search Protection

  • Reboot your computer.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#5 jakesmith

jakesmith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 August 2014 - 03:46 PM

Just finished the ESET scan.

 

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=69831da1847d2e4a879e954630f095d3
# engine=19927
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-31 08:39:41
# local_time=2014-08-31 04:39:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 78916 95813797 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13737192 161061031 0 0
# scanned=159987
# found=9
# cleaned=0
# scan_time=11609
sh=09F3100029D598613397140A43D647014299306D ft=1 fh=a268d817da4d8f67 vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-553285794-1825894960-1134312060-1000\$RCUQ1P4\SpeedUpMyPC\speedupmypc.exe"
sh=F4DF4DE5800676F0376DE9774CBBAB78EADE267C ft=1 fh=dadf6007daad75e1 vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHSTJAA4\SpeedUpMyPC-standalone-setup[1].exe"
sh=44155A2CBE3B1CF590357FCFF41C29B01C037DB5 ft=1 fh=12a89d1ad9aa0136 vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\Users\Jake\AppData\Local\Temp\uttC2F2.tmp.exe"
sh=F4DF4DE5800676F0376DE9774CBBAB78EADE267C ft=1 fh=dadf6007daad75e1 vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\Jake\AppData\Local\Temp\is-U2MR1.tmp\SpeedUpMyPC-standalone-setup.exe"
sh=E353A39225365AD9B250D2FE2F0E549E3B6362F1 ft=1 fh=f0d062cb3803b664 vn="Win32/TrojanDownloader.Tracur.AL trojan" ac=I fn="C:\Users\Jake\AppData\LocalLow\dxugkbz.dll"
sh=2FBD158EFEE6A8B3CAD0841359E70A09324FF551 ft=1 fh=ba8fd794f827ca61 vn="Win32/SpeedUpMyPC.A potentially unwanted application" ac=I fn="C:\Users\Jake\AppData\Roaming\OpenCandy\5E6A5BA55AC74BB7BB70A7447B594817\speedupmypcSP_US.exe"
sh=81563882EF220B78C84DB21BF1632B8E5FCA7ABB ft=1 fh=f20e9c5019e7bb5d vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Jake\AppData\Roaming\OpenCandy\OpenCandy_5E6A5BA55AC74BB7BB70A7447B594817\dlm.exe"
sh=75B960071D9F900FE5F7D33837B2A4498EEAE102 ft=1 fh=c2595724fec5051f vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="C:\Users\Jake\Documents\mac\Downloads\SoftonicDownloader_for_excel-regression-analysis.exe"
sh=C58D4898D40F16ED6730B0BE62CD50AA8CE40C36 ft=1 fh=bb16f35ebcb671ce vn="a variant of Win32/Adware.MediaFinder.F application" ac=I fn="C:\Users\Jake\Documents\mac\Downloads\Your_file_download.exe"
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 31 August 2014 - 04:11 PM

Ok, this looks good, just a few remnants.


Please download this attached Attached File  fixlist.txt   56bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Internet Explorer Version 10
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 12.0




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by aharonov, 31 August 2014 - 04:12 PM.


#7 jakesmith

jakesmith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 August 2014 - 04:25 PM

Great. Thanks for your help, aharonov!

 

Jake



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 31 August 2014 - 05:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users