SpyWare BeWare! ASAP
March 27, 2017, 01:23:24 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: need help removing www.longfintuna.com  (Read 2299 times)
0 Members and 1 Guest are viewing this topic.
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« on: September 22, 2013, 11:11:35 AM »

i have windows 8.1 preview and when i try to run DDS.scr i get the error message: "DDS was not meant to run in compatibility mode. the program shall now exit." what should i do? my comp is infected with www.longfintuna.net and i can seem to remove it, or even find it for that matter.
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #1 on: September 22, 2013, 11:37:40 AM »

Welcome to the forum, please run this scan:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Then......


Please download and run  RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)


MrC

Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #2 on: September 22, 2013, 12:09:38 PM »

here are the first two logs you requested. i will send  the roguekiller log momentarily:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by geekm_000 (administrator) on WINDOWS-D7RCE9T on 22-09-2013 10:01:16
Running from C:\Users\geekm_000\Desktop\FarBar Recovery Tool
Windows 8.1 Preview (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
(InstallShield Software Corporation) c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
(InstallShield Software Corporation) C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.3.9431.0_x64__8wekyb3d8bbwe\LiveComm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 0
HKCU\...\Run: [Facebook Update] - C:\Users\geekm_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-09] (Facebook Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-11] (Google Inc.)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-02] (cyberlink)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - 
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-05] (AVAST Software)
Startup: C:\Users\geekm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=54D67A94233FD8DE
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\geekm_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Bazaar Friend - C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\Extensions\addon@bazaarfriend.com
FF Extension: InfoBird Pro - C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\Extensions\addon@infobirdpro.com
FF Extension: BargainJoy - C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}
FF Extension: Bargain Workbench - C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}
FF Extension: WebToSave - C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\Extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://xfinity.comcast.net/?cid=mtmh12072012"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (interneTIFF (QuickTime Compatible)) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npitifffree.dll (Innomage Enterprises, Inc)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\geekm_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (HP Product Detection Plugin) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.28.1_0
CHR Extension: (Angry Birds) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Simply Solitaire) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmflblfliagionigpmoedjdmmpcjki\1.0.0_0
CHR Extension: (Google Docs) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Angry Birds Space PC) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifjcllbalilaoogngbgeijbnhdgplca\1.0_0
CHR Extension: (Google Search) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Bubble Shooter) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei\1.0.2_0
CHR Extension: (Logitech SetPoint) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Hangman Deluxe !) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfldafmihkemlfaolfgmppbafmappjj\1.4_0
CHR Extension: (avast! Ad Blocker) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (3D Bowling ) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\2.0_0
CHR Extension: (Box Roll 3D) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgenkimpocoaiofpkggpeafknfbmiko\1.1.4_0
CHR Extension: (avast! Online Security) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Traffic Slam 3) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe\1.0_0
CHR Extension: (Bubble Zombie) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdeoongkdlppodoaohbcecldpcmbmke\1.0.0.1_0
CHR Extension: (Google Maps) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Mahjong) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimcabmfjaeoldnchodmelflfjmgaojh\5.0_0
CHR Extension: (Mahjong Solitaire) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Reflexions) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogadgkloelojebogohabcnnbihknaaf\1.0.0_0
CHR Extension: (Origami Player) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn\2.4_0
CHR Extension: (3D Bomb Destroyer) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom\1.0.6_0
CHR Extension: (Spring Mahjong) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl\1.0.0.8_0
CHR Extension: (Psykopaint) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Bloxorz) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang\1.0.0_0
CHR Extension: (Gmail) - C:\Users\GEEKM_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\GEEKM_~1\AppData\Local\newhb2.crx
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\GEEKM_~1\AppData\Local\RealSummerSale.crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\GEEKM_~1\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\geekm_000\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx
CHR HKLM-x32\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\GEEKM_~1\AppData\Local\RealSummerSale.crx

==================== Services (Whitelisted) =================

S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [546304 2013-06-15] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1249280 2013-06-15] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-05] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink)
R2 HPSLPSVC; C:\Users\GEEKM_~1\AppData\Local\Temp\7zS65BB\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114176 2013-06-15] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [431104 2013-06-15] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [150016 2013-06-15] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [129024 2013-06-15] (Microsoft Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 smphost; C:\Windows\System32\smphost.dll [13312 2013-06-15] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [516096 2013-06-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [345336 2013-06-15] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [24576 2013-06-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-06-15] (Microsoft Corporation)
R3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1292288 2013-06-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [788240 2013-06-15] (PMC-Sierra)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [77312 2013-06-15] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-05] (AVAST Software)
R1 aswFW; C:\WINDOWS\system32\drivers\aswFW.sys [131232 2013-08-05] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-05] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [276992 2013-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-05] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-05] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-05] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-05] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dot4; C:\Windows\System32\drivers\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [650736 2013-06-05] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [37640 2013-06-15] (Microsoft Corporation)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81672 2013-06-15] (LSI Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-06-15] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [88064 2013-06-15] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [934152 2013-06-15] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [138752 2013-06-15] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56584 2013-06-15] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [27912 2013-06-15] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [126216 2013-06-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-22 10:00 - 2013-09-22 10:00 - 00000000 ____D C:\FRST
2013-09-22 09:58 - 2013-09-22 09:58 - 00922112 _____ C:\Users\geekm_000\Desktop\RogueKiller.exe
2013-09-22 09:54 - 2013-09-22 09:57 - 00000000 ____D C:\Users\geekm_000\Desktop\FarBar Recovery Tool
2013-09-22 08:22 - 2013-09-22 08:22 - 00688992 _____ (Swearware) C:\Users\geekm_000\Desktop\dds.com
2013-09-22 07:36 - 2013-09-22 07:36 - 00049676 _____ C:\Users\geekm_000\Downloads\How to Remove Web.longfintuna.net Popup Ads Completely    Anvisoft KnowledgeBase.htm
2013-09-21 00:05 - 2013-09-21 00:05 - 00009066 _____ C:\Users\geekm_000\Desktop\MyStudentData.txt
2013-09-20 00:51 - 2013-09-20 00:51 - 00361117 _____ C:\Users\geekm_000\AppData\Local\newhb2.crx
2013-09-15 10:00 - 2013-09-15 10:01 - 00283736 _____ C:\WINDOWS\Minidump\091513-13093-01.dmp
2013-09-15 09:10 - 2013-09-15 09:10 - 00000162 ____H C:\Users\geekm_000\Desktop\~$lf-help groups for drug addiction  NA and Other Support Groups.htm
2013-09-10 22:35 - 2013-08-12 20:38 - 16981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-09-10 22:35 - 2013-08-12 20:30 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-10 22:35 - 2013-08-12 19:31 - 05636608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-10 22:35 - 2013-08-12 19:28 - 04247040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-09-10 22:35 - 2013-08-12 19:11 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-10 22:35 - 2013-08-12 19:04 - 11087360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-09-10 22:35 - 2013-08-12 18:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-10 22:35 - 2013-08-12 18:28 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-10 22:35 - 2013-08-12 18:22 - 01788928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-09-10 22:35 - 2013-08-12 18:22 - 01140224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-09-09 11:18 - 2013-09-09 11:18 - 00008802 _____ C:\Users\geekm_000\Desktop\Sports facility in Beaverton looking for event staff.htm
2013-09-09 10:28 - 2013-09-09 10:28 - 00036773 _____ C:\Users\geekm_000\Desktop\Edfinancial - Manage My Account - Home.htm
2013-09-03 15:16 - 2013-09-15 10:00 - 596159138 _____ C:\WINDOWS\MEMORY.DMP
2013-09-03 15:16 - 2013-09-03 15:16 - 00283736 _____ C:\WINDOWS\Minidump\090313-14609-01.dmp
2013-08-30 01:10 - 2013-08-30 01:10 - 00001940 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-08-30 01:10 - 2013-08-05 23:16 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00276992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00189936 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00131232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFW.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 01:10 - 2013-08-05 23:16 - 00022600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2013-08-30 01:10 - 2013-08-05 23:15 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:40 - 2013-09-15 10:00 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-29 18:40 - 2013-08-29 18:40 - 00275496 _____ C:\WINDOWS\Minidump\082913-16281-01.dmp
2013-08-29 07:14 - 2013-08-29 07:14 - 00000000 ___HD C:\$SysReset
2013-08-29 05:31 - 2013-08-30 01:10 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-08-29 05:31 - 2013-08-30 01:09 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-29 05:31 - 2013-08-05 23:15 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-29 05:30 - 2013-08-30 01:09 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-27 13:04 - 2013-08-27 13:04 - 00051746 _____ C:\Users\geekm_000\Desktop\Publication 970 (2012), Tax Benefits for Education.htm
2013-08-27 12:58 - 2013-08-27 12:58 - 00013141 _____ C:\Users\geekm_000\Desktop\Confirmation - FAFSA on the Web - Federal Student Aid.htm
2013-08-26 13:18 - 2013-08-26 13:18 - 00000214 _____ C:\Users\geekm_000\Downloads\Upcoming_Paid_Studies.vcf
2013-08-24 04:11 - 2013-08-29 08:34 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-24 04:11 - 2013-08-29 08:34 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-24 04:11 - 2013-08-24 04:11 - 00001111 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-08-24 03:57 - 2013-08-24 04:26 - 00188014 _____ C:\WINDOWS\hpoins13.dat
2013-08-24 03:57 - 2012-09-26 06:18 - 00000462 ____N C:\WINDOWS\hpomdl13.dat
2013-08-23 18:21 - 2013-08-23 18:21 - 00000000 ____D C:\ProgramData\softthinks
2013-08-23 18:21 - 2013-05-23 18:37 - 00000094 ____H C:\DBAR_Ver.txt
2013-08-23 14:37 - 2013-08-29 08:33 - 00000000 ____D C:\Users\geekm_000\hp printer tools
2013-08-23 14:11 - 2013-08-23 14:22 - 02444958 _____ C:\Users\geekm_000\AppData\Local[j0002]-[p01].bmp
2013-08-23 14:07 - 2013-08-24 04:27 - 00002058 _____ C:\Users\geekm_000\Desktop\HPPSDr.lnk
2013-08-23 11:45 - 2013-08-23 11:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

==================== One Month Modified Files and Folders =======

2013-09-22 10:00 - 2013-09-22 10:00 - 00000000 ____D C:\FRST
2013-09-22 10:00 - 2013-06-15 22:37 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-22 09:58 - 2013-09-22 09:58 - 00922112 _____ C:\Users\geekm_000\Desktop\RogueKiller.exe
2013-09-22 09:57 - 2013-09-22 09:54 - 00000000 ____D C:\Users\geekm_000\Desktop\FarBar Recovery Tool
2013-09-22 09:51 - 2013-06-05 03:34 - 00000332 _____ C:\WINDOWS\Tasks\DSite.job
2013-09-22 09:14 - 2013-07-21 13:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-22 09:07 - 2013-02-09 07:41 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 08:47 - 2013-02-09 21:42 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2735410427-1977332909-363250235-1002UA.job
2013-09-22 08:22 - 2013-09-22 08:22 - 00688992 _____ (Swearware) C:\Users\geekm_000\Desktop\dds.com
2013-09-22 07:42 - 2013-07-17 10:20 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5FD8720-9793-4724-A387-9DB60086B0A9}
2013-09-22 07:36 - 2013-09-22 07:36 - 00049676 _____ C:\Users\geekm_000\Downloads\How to Remove Web.longfintuna.net Popup Ads Completely    Anvisoft KnowledgeBase.htm
2013-09-22 05:57 - 2013-02-08 19:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2735410427-1977332909-363250235-1002
2013-09-22 05:48 - 2013-07-20 10:28 - 02095464 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-22 05:47 - 2013-06-15 22:37 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-09-22 01:25 - 2013-07-16 03:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-22 00:51 - 2013-07-27 00:51 - 00000107 _____ C:\Users\geekm_000\AppData\Roaming\WB.CFG
2013-09-22 00:51 - 2013-06-14 00:51 - 00000005 _____ C:\Users\geekm_000\AppData\Roaming\WBPU-TTL.DAT
2013-09-21 20:47 - 2013-02-09 21:42 - 00000954 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2735410427-1977332909-363250235-1002Core.job
2013-09-21 20:40 - 2012-12-18 01:59 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-09-21 15:07 - 2013-02-09 07:42 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 15:07 - 2013-02-09 07:41 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 03:01 - 2012-12-18 02:03 - 00000000 ____D C:\ProgramData\PCDr
2013-09-21 00:05 - 2013-09-21 00:05 - 00009066 _____ C:\Users\geekm_000\Desktop\MyStudentData.txt
2013-09-20 12:57 - 2013-08-07 07:31 - 00000000 ____D C:\Users\geekm_000\AppData\Local\Windows Live
2013-09-20 00:51 - 2013-09-20 00:51 - 00361117 _____ C:\Users\geekm_000\AppData\Local\newhb2.crx
2013-09-19 14:13 - 2013-02-10 15:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2013-09-15 10:01 - 2013-09-15 10:00 - 00283736 _____ C:\WINDOWS\Minidump\091513-13093-01.dmp
2013-09-15 10:01 - 2013-07-27 23:40 - 00151858 _____ C:\WINDOWS\setupact.log
2013-09-15 10:01 - 2013-07-16 04:05 - 00000000 __RDO C:\Users\geekm_000\SkyDrive
2013-09-15 10:01 - 2013-07-16 03:41 - 00000000 ____D C:\Users\geekm_000
2013-09-15 10:01 - 2013-06-15 21:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-15 10:00 - 2013-09-03 15:16 - 596159138 _____ C:\WINDOWS\MEMORY.DMP
2013-09-15 10:00 - 2013-08-29 18:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-15 09:10 - 2013-09-15 09:10 - 00000162 ____H C:\Users\geekm_000\Desktop\~$lf-help groups for drug addiction  NA and Other Support Groups.htm
2013-09-13 23:54 - 2013-08-03 10:34 - 00038500 _____ C:\WINDOWS\PFRO.log
2013-09-13 23:49 - 2013-06-15 20:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-09-10 23:47 - 2013-02-09 14:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 10:14 - 2013-07-21 13:48 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-09-09 11:18 - 2013-09-09 11:18 - 00008802 _____ C:\Users\geekm_000\Desktop\Sports facility in Beaverton looking for event staff.htm
2013-09-09 10:28 - 2013-09-09 10:28 - 00036773 _____ C:\Users\geekm_000\Desktop\Edfinancial - Manage My Account - Home.htm
2013-09-07 02:48 - 2013-08-21 05:48 - 00000000 ____D C:\Users\geekm_000\AppData\Local\CrashDumps
2013-09-05 13:22 - 2013-06-15 22:38 - 00702968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-09-05 13:22 - 2013-06-15 22:38 - 00111608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-03 15:16 - 2013-09-03 15:16 - 00283736 _____ C:\WINDOWS\Minidump\090313-14609-01.dmp
2013-08-30 01:13 - 2013-02-09 07:57 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-08-30 01:10 - 2013-08-30 01:10 - 00001940 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-08-30 01:10 - 2013-08-29 05:31 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-08-30 01:09 - 2013-08-29 05:31 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-30 01:09 - 2013-08-29 05:30 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-29 18:49 - 2012-07-25 22:26 - 00000234 _____ C:\WINDOWS\win.ini
2013-08-29 18:40 - 2013-08-29 18:40 - 00275496 _____ C:\WINDOWS\Minidump\082913-16281-01.dmp
2013-08-29 08:34 - 2013-08-24 04:11 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-29 08:34 - 2013-08-24 04:11 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-29 08:34 - 2013-08-20 23:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-29 08:34 - 2013-07-21 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-29 08:34 - 2013-02-13 17:26 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-29 08:34 - 2013-02-09 12:15 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-29 08:33 - 2013-08-23 14:37 - 00000000 ____D C:\Users\geekm_000\hp printer tools
2013-08-29 08:33 - 2013-06-15 22:37 - 00000000 ____D C:\WINDOWS\system32\spp
2013-08-29 08:33 - 2013-06-09 12:34 - 00000000 ____D C:\Users\geekm_000\AppData\Roaming\MediaMonkey
2013-08-29 07:14 - 2013-08-29 07:14 - 00000000 ___HD C:\$SysReset
2013-08-27 13:04 - 2013-08-27 13:04 - 00051746 _____ C:\Users\geekm_000\Desktop\Publication 970 (2012), Tax Benefits for Education.htm
2013-08-27 12:58 - 2013-08-27 12:58 - 00013141 _____ C:\Users\geekm_000\Desktop\Confirmation - FAFSA on the Web - Federal Student Aid.htm
2013-08-26 13:18 - 2013-08-26 13:18 - 00000214 _____ C:\Users\geekm_000\Downloads\Upcoming_Paid_Studies.vcf
2013-08-24 04:27 - 2013-08-23 14:07 - 00002058 _____ C:\Users\geekm_000\Desktop\HPPSDr.lnk
2013-08-24 04:26 - 2013-08-24 03:57 - 00188014 _____ C:\WINDOWS\hpoins13.dat
2013-08-24 04:11 - 2013-08-24 04:11 - 00001111 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-08-24 03:57 - 2013-02-09 12:08 - 00003238 _____ C:\ProgramData\hpzinstall.log
2013-08-23 18:21 - 2013-08-23 18:21 - 00000000 ____D C:\ProgramData\softthinks
2013-08-23 18:21 - 2013-02-09 04:49 - 00000000 ____D C:\Users\geekm_000\AppData\Local\softthinks
2013-08-23 16:06 - 2012-12-18 01:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-23 14:22 - 2013-08-23 14:11 - 02444958 _____ C:\Users\geekm_000\AppData\Local[j0002]-[p01].bmp
2013-08-23 11:45 - 2013-08-23 11:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2013-06-15 15:48] - [2013-06-15 15:48] - 0558080 ____A (Microsoft Corporation) DEB887EA2EBEDF01644A200B4BDB181B

C:\Windows\System32\wininit.exe
[2013-06-15 15:52] - [2013-06-15 15:52] - 0145408 ____A (Microsoft Corporation) CACA6578AF9C48C29D7BF6AEFAF00599

C:\Windows\explorer.exe
[2013-06-15 15:01] - [2013-06-15 19:25] - 2254384 ____A (Microsoft Corporation) 2CF1204E913AEA5A492D89C153F3345E

C:\Windows\SysWOW64\explorer.exe
[2013-06-15 14:33] - [2013-06-15 18:33] - 2009104 ____A (Microsoft Corporation) 253252BBC9E61728986CB54261F8AECD

C:\Windows\System32\svchost.exe
[2013-06-15 15:48] - [2013-06-15 19:30] - 0037768 ____A (Microsoft Corporation) F7191317F1CD10F35DC74E24C1B71E06

C:\Windows\SysWOW64\svchost.exe
[2013-06-15 15:07] - [2013-06-15 18:38] - 0031552 ____A (Microsoft Corporation) D9F8FA4911FBF85919BA17FFE5B34430

C:\Windows\System32\services.exe
[2013-06-15 20:17] - [2013-06-15 20:17] - 0403408 ____A (Microsoft Corporation) 258527780FC8FFCF0A29F7455073C529

C:\Windows\System32\User32.dll
[2013-06-15 15:50] - [2013-06-15 19:25] - 1513264 ____A (Microsoft Corporation) 42F67E93E2C853A915E73F3A4645E3C9

C:\Windows\SysWOW64\User32.dll
[2013-06-15 15:10] - [2013-06-15 15:10] - 1359360 ____A (Microsoft Corporation) FCDCDEFD5A8BA26FDCD950607162339C

C:\Windows\System32\userinit.exe
[2013-06-15 15:56] - [2013-06-15 15:56] - 0025088 ____A (Microsoft Corporation) 166CB1E28BED6196B5030E91AD932998

C:\Windows\SysWOW64\userinit.exe
[2013-06-15 15:13] - [2013-06-15 15:13] - 0021504 ____A (Microsoft Corporation) 7AFC7764F71DBB1BC5A60EE67FE94C70

C:\Windows\System32\Drivers\volsnap.sys
[2013-06-15 17:36] - [2013-06-15 19:26] - 0312072 ___AC (Microsoft Corporation) 9365B092503F8B0B6C724D1A8E4433D4



LastRegBack: 2013-09-19 06:05

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by geekm_000 at 2013-09-22 10:01:50
Running from C:\Users\geekm_000\Desktop\FarBar Recovery Tool
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.Cool
Acoustica CD/DVD Label Maker (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
AIO_Scan (x32 Version: 130.0.365.000)
ArcSoft Panorama Maker 6 (x32 Version: 6.0.8.85)
Ashampoo Burning Studio 6 FREE v.6.83 (x32 Version: 6.8.3)
AudioLabel (x32 Version: 5.00 (Build 5))
avast! Internet Security (x32 Version: 8.0.1496.0)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.298.000)
C4200 (x32 Version: 140.0.425.000)
c4200_Help (x32 Version: 82.0.210.000)
CCleaner (Version: 4.03)
CD & DVD Label Maker 1.2 (x32)
Click'N Design 3D for AfterBurner(tm) (x32 Version: 4.x)
Conexant SmartAudio HD (Version: 8.50.12.0)
Copy (x32 Version: 140.0.298.000)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904)
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Backup and Recovery - Support Software (x32 Version: 1.5.0.0)
Dell Backup and Recovery (x32 Version: 1.5.0.0)
Destinations (x32 Version: 140.0.253.000)
DeviceDiscovery (x32 Version: 140.0.298.000)
Disketch Disc Label Software (x32)
DocProc (x32 Version: 140.0.185.000)
eReg (x32 Version: 1.20.138.34)
Express Burn (x32)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
forteManager (x32 Version: 3.18)
Google Chrome (x32 Version: 29.0.1547.76)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 140.0.297.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Product Detection (x32 Version: 11.15.0009)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.298.000)
HPSSupply (x32 Version: 140.0.297.000)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
interneTIFF 2013 FREE Version 11 (Firefox/Chrome Browser) (x32 Version: 11.00.00.0)
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
My Dell (Version: 3.3.6261.27)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero Blu-ray Player (x32 Version: 12.0.20014)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800)
Nero Core Components 10 (x32 Version: 2.0.20500.9.16)
Nero Update (x32 Version: 11.0.11800.31.0)
Nikon Message Center 2 (x32 Version: 2.1.0)
Nikon Movie Editor (x32 Version: 2.7.0)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Open It! (x32 Version: 1.1.1)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PhotoPad Image Editor (x32)
PhotoStage Slideshow Producer (x32)
Picture Control Utility x64 (Version: 1.4.11)
Pixillion Image Converter (x32)
Prism Video File Converter (x32)
PS_AIO_Software_min (x32 Version: 140.0.425.000)
Scan (x32 Version: 140.0.253.000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 14.0)
SolutionCenter (x32 Version: 140.0.299.000)
Status (x32 Version: 140.0.342.000)
SyncUP (x32 Version: 1.12.12400.17.102)
SyncUP (x32 Version: 10.2.17000)
SyncUP Help (CHM) (x32 Version: 10.5.11300)
Toolbox (x32 Version: 140.0.596.000)
TrayApp (x32 Version: 140.0.297.000)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
uPlayer (x32 Version: 1.0.0)
ViewNX 2 (Version: 2.7.4)
WebReg (x32 Version: 140.0.297.017)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
WinPatrol (Version: 26.1.2013.0)
Zip Opener Packages (HKCU)
Zip Opener Packages 95 (HKCU)

==================== Restore Points  =========================

06-09-2013 11:56:11 Scheduled Checkpoint
11-09-2013 06:44:57 Windows Update
18-09-2013 12:32:07 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-06-15 20:17 - 2013-06-15 20:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00C09C70-8E65-42F2-B2D8-8DCF10EEC777} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2735410427-1977332909-363250235-1002UA => C:\Users\geekm_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-09] (Facebook Inc.)
Task: {0394935B-5DBE-4826-9827-334B3886A3AD} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {040AA466-D8A0-4752-B320-6FEF4B0433B1} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2735410427-1977332909-363250235-500 => C:\Windows\System32\portabledeviceapi.dll [2013-06-15] (Microsoft Corporation)
Task: {04950C4A-AAD2-4C2B-B40D-474AE7F62201} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {073FDA5A-800B-4E98-8425-B9B3D615313D} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {08FE8991-7AC6-4095-9B19-95D1C29513DC} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-06-15] (Microsoft Corporation)
Task: {0DB37CC8-500D-4B79-9B32-628AEE447A0A} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {17C5AEF1-DB6E-43CF-9A6F-F925BDB9663B} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2013-06-15] (Microsoft Corporation)
Task: {18E0D946-0CCB-4828-90F8-887725F96EF0} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {1B2DE521-838A-4EFE-BA0F-BA9D7F8D9184} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {1B72052E-3B8E-4CF5-BD31-55B1F1305A6F} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {1C414326-3C09-4A20-A169-0EF4C50BC6FA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2735410427-1977332909-363250235-1002Core => C:\Users\geekm_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-09] (Facebook Inc.)
Task: {1CDC688D-E787-46A5-BB75-7ECA1B059943} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1EE4A503-EE28-4FE6-AA54-2E1172E6A479} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {2373BBD4-FCBC-49BE-9A2A-57C7129C12E8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {24B58C30-CDEF-4CDF-B8E8-609833993E70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {284E3782-1EE2-4C86-A764-974E8A5CC7EA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {29194692-B244-4E2B-AA03-2336DF8C57BD} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {2B1BC8B2-20B5-4149-B8CE-9ABE5BE6908C} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {2BA0A72E-7E9C-4228-84E8-F9CD234F65A6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {2BB942FB-9EEC-4B09-96C6-A6750A67CBBE} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {2C249E3B-3524-4079-8FB8-364946A90F05} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {2FC98F63-CE89-4528-9DC1-4ECD3FE8D693} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {3047B310-66E4-4680-BE7D-CA89BF8F3446} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {3335687C-14A4-4039-B734-BEFE9B59E27C} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-15] (Microsoft Corporation)
Task: {3AD92515-9126-4AD6-AAB8-8DA8A3DF4D97} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {3DF8EE62-E164-4398-BD73-65AA7DF1CDC6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe
Task: {41066025-E5D5-437F-A3D9-E28021613E18} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2735410427-1977332909-363250235-1002 => C:\Windows\System32\portabledeviceapi.dll [2013-06-15] (Microsoft Corporation)
Task: {41458A76-CA8F-40EE-A24E-4E1C65934B1F} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2013-06-15] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4D113265-418B-45EF-A8AA-9D5590E69053} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {4ECAEB57-62FB-4D0E-B6A3-5B0044D897F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {52564190-42AB-4819-8C9C-40323ADB1604} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-05] (AVAST Software)
Task: {533B55E2-5676-4162-8943-E1F0B1A1EC54} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {58135C79-42C7-448D-8BE1-A4E7C1068EF8} - System32\Tasks\Microsoft\Windows\AppReadiness\TriggerTask
Task: {6333B11A-D2DA-40EF-8B8C-F96D8C049FA3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {6F945BB9-481C-4116-83B6-4F0EC168E14E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {70DD051C-5FE1-4364-B2D0-C63C90B9B550} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2013-06-15] (Microsoft Corporation)
Task: {72FFFA2E-C2DB-4E38-B85D-7E4B8FE18649} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {73AE7550-FE70-4A2D-9FAC-E887225204C7} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {77F32B49-9D7F-40F7-A8C7-27ACC491FBBD} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {7DD38FB8-B4EA-475F-AD7D-91F92F43975C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2013-06-15] (Microsoft Corporation)
Task: {7EE9CFF0-8992-4B4E-B315-A05907C1FD56} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {808086F3-0E3B-491A-AD55-71E2CFED8701} - System32\Tasks\DealPly => C:\Users\geekm_000\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] ()
Task: {81E853F7-6BE3-4F83-ADB6-6341CA65657E} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {86DB582D-59EB-448C-B819-4A8A60D87252} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2013-06-15] (Microsoft Corporation)
Task: {872B7413-91E4-495A-A143-AB9C6C7A7627} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {89BAF0B4-4897-4A62-97C2-1FE51EAECCF4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {8B700344-4A5E-47F6-8AE4-FD2A75744BF5} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {932C9519-5ED3-4461-8E70-13C5D39F2CAD} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {9958ABF2-4E33-47F8-8E43-DD3554FEC04B} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {9C38423C-7ED4-4A07-800F-24880545799B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9EF5DF04-7A3F-4931-933A-44A80D834D19} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {A2D475F9-945C-4461-8D52-7E2F1C748883} - System32\Tasks\User_Feed_Synchronization-{C5FD8720-9793-4724-A387-9DB60086B0A9} => C:\WINDOWS\system32\msfeedssync.exe [2013-06-15] (Microsoft Corporation)
Task: {A5B60A69-3373-45E3-A87E-E811971B5F4C} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {A62B5049-5191-4FD3-8441-6CE64689A7DE} - System32\Tasks\DSite => C:\Users\geekm_000\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-05] ()
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A9715841-AB9B-4B3A-9692-87890E56B895} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {AABD17A9-01AD-44CC-8439-73CBD737F56D} - System32\Tasks\NCH Software\PhotoStageReminder => C:\Program Files (x86)\NCH Software\PhotoStage\PhotoStage.exe [2012-12-31] (NCH Software)
Task: {AE420812-EF96-402E-AF6D-0C8D79949860} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {AE46FB24-E30C-4775-B8FC-904E39ED4D48} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2013-06-15] (Microsoft Corporation)
Task: {AF680DD8-C74E-4341-A0F9-3C277A1D60A8} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2735410427-1977332909-363250235-500
Task: {C2C5A71F-A5EC-4D1A-B92A-7FB2A626F00E} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {C55B2043-5578-4C54-A92F-5D1D2B3F0BED} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C9EBD69A-2EFB-4017-8264-6D32CE4AEFB9} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {CD77BCD2-A38B-4468-B048-6E3C0303C251} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {D15C4743-048B-470F-84D4-214A2F3A0EA6} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {D1CB60A8-47DE-4FED-B1BA-AF59505B6A7F} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {D4CD94DC-147F-4919-A90C-2E603B85D953} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2735410427-1977332909-363250235-1002
Task: {D601F79C-272D-49F1-A503-04ADEAC9B76A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2013-06-15] (Microsoft Corporation)
Task: {D6AD20F6-AFFD-47F9-A19C-F6DB42070E79} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {D7556347-2315-463D-813F-B40BF69B2CAA} - System32\Tasks\boot to desktop => C:\Windows\System32\explorer
Task: {D8D82993-5802-4A9A-B99A-9CBFC560A4FA} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {DEA9D984-85F1-46B1-9939-D24791EFC458} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {DFE8B2C5-F46B-4F9B-A58E-48B6BCCFF213} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {E01F8BF5-1956-49BF-B770-F8AB63CB02AA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {E0BC623D-2C36-4F2E-8BF9-A6210F1116D9} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E72D32F3-032B-4725-973F-2E9DCE43E7C5} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {E974CA30-7DB4-4907-8C2B-A311572BA839} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {F1DA6E19-D959-4B0E-8D46-EB585F5220FD} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {F28968FE-579E-4128-9D20-69FA4CC8E719} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\system32\AppxDeploymentClient.dll [2013-06-15] (Microsoft Corporation)
Task: {F2B43BC6-1FCC-421C-9DD2-2F6217F7CA0F} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {F750183B-FC93-4D03-B7B9-D60550478E37} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC6AF5AD-A209-4ED5-B3A2-3C07D8EAC601} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FDA39514-5975-4AEB-9E34-9DF6406E633D} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2013-06-15] (Microsoft Corporation)
Task: {FDC7FF18-CEF3-41D8-927C-6B8B8F0AE3C8} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-06-15] (Microsoft Corporation)
Task: {FEAF06BF-C601-4665-A32B-CB10A58609CE} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {FF7F247D-DB06-4999-9A70-CFBC798209EF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\GEEKM_~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2735410427-1977332909-363250235-1002Core.job => C:\Users\geekm_000\AppData\Local\Facebook\Update\Fa
Logged
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #3 on: September 22, 2013, 12:18:30 PM »

thank you for your time, and for your prompt reply. here is the RK scan results:


RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : geekm_000 [Admin rights]
Mode : Scan -- Date : 09/22/2013 10:11:35
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 3
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 3
[V1][SUSP PATH] DSite.job : C:\Users\GEEKM_~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] DealPly : C:\Users\GEEKM_~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND
[V2][SUSP PATH] DSite : C:\Users\GEEKM_~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection : 

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST1000DM003-9YN162 +++++
--- User ---
[MBR] 05e8eff318eb6e36cc88badab76f5281
[BSP] ca6d1972909ab715e9d9c756a73b094d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: \\.\PHYSICALDRIVE1 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09222013_101135.txt >>




Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #4 on: September 22, 2013, 03:37:19 PM »

Please create a new system restore point before continuing.

Lets clean out any adware: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder:  C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC



Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #5 on: September 22, 2013, 06:37:00 PM »

ok here are both reports, so far so good my comp seems to be running smoothly but only time will tell eh? hopefully youll reply with a clean bill of health for me. anyway thanks again for all your time and  help.


# AdwCleaner v3.005 - Report created 22/09/2013 at 16:11:02
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8.1 Preview  (64 bits)
# Username : geekm_000 - WINDOWS-D7RCE9T
# Running from : C:\Users\geekm_000\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\geekm_000\AppData\Local\cre
Folder Deleted : C:\Users\geekm_000\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\geekm_000\AppData\LocalLow\delta
Folder Deleted : C:\Users\geekm_000\AppData\Roaming\Babylon
Folder Deleted : C:\Users\geekm_000\AppData\Roaming\DealPly
Folder Deleted : C:\Users\geekm_000\AppData\Roaming\DSite
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\WINDOWS\System32\Tasks\Dealply
File Deleted : C:\WINDOWS\Tasks\DSite.job
File Deleted : C:\WINDOWS\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9431.0


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\geekm_000\AppData\Roaming\Mozilla\Firefox\Profiles\7lrlgxyj.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\geekm_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [4134 octets] - [22/09/2013 15:54:51]
AdwCleaner[S0].txt - [3627 octets] - [22/09/2013 16:11:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3687 octets] ##########



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.22.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9431.195
geekm_000 :: WINDOWS-D7RCE9T [administrator]

9/22/2013 4:25:33 PM
mbam-log-2013-09-22 (16-25-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204770
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\geekm_000\Downloads\JewelQuest3.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.

(end)
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #6 on: September 22, 2013, 07:10:57 PM »

Is there any improvement?  

If not, run another scan with FRST and post the new log.

Please let me know what browsers are affected.

MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #7 on: September 23, 2013, 04:35:17 PM »

oh yeah BIG improvement! and no more random pop-ups even when i'm not online! thanks a lot for your help, i REALLY appreciate it! i think thats all i need.
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #8 on: September 24, 2013, 07:16:41 AM »

Good.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system.  Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #9 on: September 24, 2013, 08:41:07 PM »

ok i'll perform the requested actions momentarily.
Logged
geekmaster
Jr. Member
**
Offline Offline

Date Registered:August 12, 2006, 03:47:16 AM
Posts: 55


« Reply #10 on: September 24, 2013, 08:46:09 PM »

 Results of screen317's Security Check version 0.99.73 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Internet Security   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player    11.8.800.168 
 Adobe Reader XI 
 Mozilla Firefox (FREE.)
 Google Chrome 29.0.1547.66 
 Google Chrome 29.0.1547.76 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent````````[/u] 
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #11 on: September 25, 2013, 12:35:43 PM »

Looks Good......a little clean up to do:

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.


Good Luck and Thanks for using the forum,  MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!