White Screen Malware HELP PLEASE!

[anthonyg138]

Hello I have run FRST.exe and here is the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01

Ran by Melissa G (administrator) on 21-04-2013 13:22:58

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Minimal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) [236] C:\Windows\system32\cmd.exe

(Microsoft Corporation) [276] C:\Windows\system32\ctfmon.exe

(Microsoft Corporation) [448] C:\Windows\System32\dinotify.exe

(McAfee, Inc.) [708] C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

(Farbar) [964] E:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-16] (Dell)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

HKCU\...\Run: [googletalk] C:\Users\Melissa G\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475072 2009-07-13] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\Melissa G\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-18] (Google Inc.)

HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-03] (Google Inc.)

HKCU\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)

HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [964024 2012-08-31] (Samsung)

HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKCU\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-31] ()

HKCU\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202296 2012-04-25] (Kaspersky Lab ZAO)

HKCU\...\Run: [Adobe CSx Manager] C:\Users\Melissa G\AppData\Roaming\79d903db-c4c4-433e-b3e5-0cef0f481f5ead\ddbccebecefffead.exe [106496 2013-04-18] ()

HKCU\...\Run: [intel] C:\Users\Melissa G\AppData\Roaming\ugctbjug\fgbbwivv.exe [109568 2009-07-13] (Elemental Group)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-16] (Dell)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-10-17] (Ask)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {078ADC90-920E-4727-B349-F0A7BE17AA20} URL =

SearchScopes: HKCU - {604A73AB-89E9-40C5-BB96-AF9D527B0EA7} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=07C0C391-507D-4F95-8A8A-106E7732F9B6&apn_sauid=60D95876-29DF-4E23-B38A-F72C33090F62

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [6670496 2012-08-16] (Microsoft Corporation)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [4171424 2012-08-16] (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Melissa G\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Melissa G\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Melissa G\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\Melissa G\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\Melissa G\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Melissa G\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()

CHR Extension: (YouTube) - C:\Users\Melissa G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Melissa G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\Melissa G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 cpuz134; \??\C:\Users\MELISS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-21 13:22 - 2013-04-21 13:22 - 00000000 ____D C:\FRST

2013-04-20 01:01 - 2013-04-20 02:31 - 00000004 ____A C:\Users\Melissa G\AppData\Roaming\skype.ini

2013-04-18 23:04 - 2013-04-18 23:04 - 00109568 ____A (Elemental Group) C:\Users\Melissa G\skype.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00093184 ____A (Elemental Group) C:\Users\Melissa G\winlogon.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00093184 ____A (Elemental Group) C:\Users\Melissa G\java.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____D C:\Users\Melissa G\AppData\Roaming\79d903db-c4c4-433e-b3e5-0cef0f481f5ead

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\windowsupdate.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\rundll32.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\iexplore.exe

2013-04-11 03:04 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-11 03:04 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-11 03:04 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-11 03:04 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-11 03:04 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-11 03:04 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-11 03:04 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-11 03:04 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-11 03:04 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-11 03:04 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-11 03:04 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-11 03:04 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-11 03:04 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-11 03:04 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-11 03:04 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-11 03:04 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-11 03:04 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-11 03:04 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-11 03:04 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-11 03:04 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-11 03:04 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-11 03:04 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-11 03:04 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-11 03:04 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-11 03:04 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-11 03:04 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-11 03:04 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-11 03:04 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-11 03:04 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-11 03:04 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-11 03:03 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-11 03:03 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-10 09:27 - 2013-03-19 01:05 - 05466472 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-10 09:27 - 2013-03-02 00:52 - 01652568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-10 09:27 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-10 09:27 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-10 09:27 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-10 09:27 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-10 09:27 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-10 09:27 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-10 09:27 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-10 09:27 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-10 09:26 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-10 09:26 - 2013-03-19 00:51 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\appidapi.dll

2013-04-10 09:26 - 2013-03-19 00:51 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\appidsvc.dll

2013-04-10 09:26 - 2013-03-19 00:04 - 03971432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-10 09:26 - 2013-03-19 00:04 - 03915608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-10 09:26 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-10 09:26 - 2013-03-18 23:49 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2013-04-10 09:26 - 2013-03-18 22:57 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe

2013-04-10 09:26 - 2013-03-18 22:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys

2013-04-10 09:26 - 2013-03-18 22:57 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe

2013-04-10 09:26 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-10 07:54 - 2013-04-10 07:54 - 00016854 ____A C:\Users\Melissa G\Downloads\products1.csv

2013-04-09 21:40 - 2013-04-09 21:40 - 00041322 ____A C:\Users\Melissa G\Downloads\orders (2).csv

2013-04-09 21:32 - 2013-04-09 21:32 - 00017187 ____A C:\Users\Melissa G\Downloads\products.csv

2013-04-02 21:26 - 2013-04-02 21:26 - 00000000 ____D C:\Users\Melissa G\AppData\Roaming\Mozilla

2013-03-30 08:16 - 2013-03-30 08:17 - 00726040 ____A C:\Windows\Minidump\033013-18985-01.dmp

2013-03-23 11:07 - 2013-03-23 11:08 - 41192768 ____A C:\Users\Melissa G\Downloads\PSP_table-tent_banner.zip

==================== One Month Modified Files and Folders =======

2013-04-21 13:22 - 2013-04-21 13:22 - 00000000 ____D C:\FRST

2013-04-21 13:21 - 2009-07-14 00:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-20 02:31 - 2013-04-20 01:01 - 00000004 ____A C:\Users\Melissa G\AppData\Roaming\skype.ini

2013-04-20 02:30 - 2011-12-03 20:30 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-20 02:30 - 2010-12-11 22:43 - 00000000 ____D C:\Users\Melissa G\AppData\Local\SoftThinks

2013-04-20 02:30 - 2010-10-16 04:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-04-20 02:30 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-20 02:29 - 2009-07-13 23:51 - 00083690 ____A C:\Windows\setupact.log

2013-04-20 01:40 - 2009-07-14 00:10 - 01153412 ____A C:\Windows\WindowsUpdate.log

2013-04-20 01:02 - 2010-12-11 23:05 - 00000000 ____D C:\Users\Melissa G\AppData\Roaming\Skype

2013-04-20 01:00 - 2010-10-16 05:52 - 00154992 ____A C:\Windows\PFRO.log

2013-04-18 23:20 - 2011-12-03 20:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-18 23:13 - 2012-10-17 20:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-18 23:08 - 2011-01-18 07:46 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-741731264-724427569-3417338542-1001UA.job

2013-04-18 23:04 - 2013-04-18 23:04 - 00109568 ____A (Elemental Group) C:\Users\Melissa G\skype.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00093184 ____A (Elemental Group) C:\Users\Melissa G\winlogon.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00093184 ____A (Elemental Group) C:\Users\Melissa G\java.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____D C:\Users\Melissa G\AppData\Roaming\79d903db-c4c4-433e-b3e5-0cef0f481f5ead

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\windowsupdate.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\rundll32.exe

2013-04-18 23:04 - 2013-04-18 23:04 - 00000000 ____A C:\Users\Melissa G\iexplore.exe

2013-04-18 23:04 - 2010-12-11 22:43 - 00000000 ____D C:\users\Melissa G

2013-04-18 15:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-18 15:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-17 22:27 - 2012-11-11 19:37 - 00000000 ____D C:\Users\Melissa G\Documents\Petite Sweets

2013-04-17 19:57 - 2011-01-18 07:46 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-741731264-724427569-3417338542-1001Core.job

2013-04-11 03:25 - 2009-07-13 23:45 - 00410576 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-10 13:09 - 2012-01-20 20:15 - 00002391 ____A C:\Users\Melissa G\Desktop\Google Chrome.lnk

2013-04-10 07:54 - 2013-04-10 07:54 - 00016854 ____A C:\Users\Melissa G\Downloads\products1.csv

2013-04-09 21:40 - 2013-04-09 21:40 - 00041322 ____A C:\Users\Melissa G\Downloads\orders (2).csv

2013-04-09 21:32 - 2013-04-09 21:32 - 00017187 ____A C:\Users\Melissa G\Downloads\products.csv

2013-04-09 21:17 - 2012-10-22 20:37 - 00000000 ____D C:\Users\Melissa G\Petite Sweets

2013-04-05 21:27 - 2011-03-12 01:17 - 353361953 ____A C:\Windows\MEMORY.DMP

2013-04-05 21:27 - 2011-03-12 01:17 - 00000000 ____D C:\Windows\Minidump

2013-04-02 21:26 - 2013-04-02 21:26 - 00000000 ____D C:\Users\Melissa G\AppData\Roaming\Mozilla

2013-03-31 10:34 - 2013-03-06 23:29 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2013-03-31 10:34 - 2013-03-06 23:29 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk

2013-03-30 08:17 - 2013-03-30 08:16 - 00726040 ____A C:\Windows\Minidump\033013-18985-01.dmp

2013-03-26 20:42 - 2013-03-19 18:25 - 00010341 ____A C:\Users\Melissa G\Documents\Maintainenece phase.xlsx

2013-03-23 11:08 - 2013-03-23 11:07 - 41192768 ____A C:\Users\Melissa G\Downloads\PSP_table-tent_banner.zip

Other Malware:

===========

C:\Users\Melissa G\AppData\Roaming\skype.dat

C:\Users\Melissa G\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-17 20:51

==================== End Of Log ============================

Additional

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2013 01

Ran by Melissa G at 2013-04-21 13:24:23 Run:

Running from E:\

Boot Mode: Minimal

==========================================================

==================== Installed Programs =======================

Accidental Damage Services Agreement (Version: 2.0.0)

Adobe AIR (Version: 2.5.1.17730)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Advanced Audio FX Engine (Version: 1.12.05)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Ask Toolbar (Version: 1.15.9.0)

Ask Toolbar Updater (Version: 1.2.3.29495)

Banctec Service Agreement (Version: 2.0.0)

Best Buy pc app (Version: 3.0.0.0)

Best Buy pc app (Version: 3.1.2.0)

Bing Bar (Version: 7.0.850.0)

Bonjour (Version: 3.0.0.10)

Club Player Casino (Version: 11.0.0)

Complete Care Business Service Agreement (Version: 2.0.0)

Consumer In-Home Service Agreement (Version: 2.0.0)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup - Support Software (Version: 2.34)

Dell DataSafe Local Backup (Version: 9.4.51)

Dell Dock (Version: 2.0)

Dell Edoc Viewer (Version: 1.0.0)

Dell Getting Started Guide (Version: 1.00.0000)

Dell Home Systems Service Agreement (Version: 2.0.0)

Dell Support Center (Version: 3.1.5830.17)

Dell Touchpad (Version: 13.2.2.2)

Dell Webcam Central (Version: 1.40.05)

Google Chrome (Version: 26.0.1410.64)

Google Talk (remove only)

Google Talk Plugin (Version: 3.17.0.12440)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)

Google Update Helper (Version: 1.3.21.135)

GoToAssist 8.0.0.514

iCloud (Version: 2.1.1.3)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)

iTunes (Version: 11.0.2.26)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 20 (64-bit) (Version: 6.0.200)

Java 6 Update 32 (Version: 6.0.320)

JavaFX 2.1.1 (Version: 2.1.1)

Junk Mail filter update (Version: 14.0.8089.726)

Kaspersky Security Scan (Version: 12.0.1.117)

Live! Cam Avatar Creator (Version: 4.6.3009.1)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

McAfee SecurityCenter (Version: 11.6.477)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

MobileMe Control Panel (Version: 3.1.8.0)

MSVCRT (Version: 14.0.1468.721)

PowerDVD DX (Version: 8.3.5424)

Premium Service Agreement (Version: 2.0.0)

QualxServ Service Agreement (Version: 2.0.0)

Quickset64 (Version: 9.6.6)

QuickTime (Version: 7.73.80.64)

Realtek High Definition Audio Driver (Version: 6.0.1.5894)

Roxio Burn (Version: 1.01)

Safari (Version: 5.34.57.2)

Samsung Kies (Version: 2.3.3.12085_7)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)

Shared C Run-time for x64 (Version: 10.0.0)

Skype Click to Call (Version: 5.9.9216)

Skype™ 5.10 (Version: 5.10.116)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Windows Live Call (Version: 14.0.8064.0206)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live Movie Maker (Version: 14.0.8091.0730)

Windows Live Photo Gallery (Version: 14.0.8081.709)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

27-03-2013 14:21:29 Scheduled Checkpoint

04-04-2013 13:54:07 Scheduled Checkpoint

11-04-2013 08:01:37 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: McAfee Inc. mfehidk

Description: McAfee Inc. mfehidk

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: mfehidk

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/20/2013 01:03:36 AM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122

Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137

Exception code: 0xc0000420

Fault offset: 0x00000000000c6ae2

Faulting process id: 0x2720

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Error: (04/18/2013 11:05:15 PM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122

Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137

Exception code: 0xc0000005

Fault offset: 0x000000000001aaca

Faulting process id: 0x56c

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 288009

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 288009

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1232

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1232

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2013 10:21:17 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2928841

Error: (04/18/2013 10:21:17 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2928841

System errors:

=============

Error: (04/21/2013 01:24:00 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/21/2013 01:23:29 PM) (Source: DCOM) (User: )

Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

AFD

DfsC

discache

mfehidk

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

tdx

vwififlt

Wanarpv6

WfpLwf

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1068

Error: (04/21/2013 01:19:26 PM) (Source: Service Control Manager) (User: )

Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (04/20/2013 01:03:36 AM) (Source: Application Error)(User: )

Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c000042000000000000c6ae2272001ce3d8cc3393becC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll097c5035-a980-11e2-804d-f04da252ce29

Error: (04/18/2013 11:05:15 PM) (Source: Application Error)(User: )

Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c0000005000000000001aaca56c01ce3c6f49fa4e54C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll566a10b8-a8a6-11e2-91fc-f04da252ce29

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 288009

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 288009

Error: (04/18/2013 10:35:58 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1232

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1232

Error: (04/18/2013 10:31:11 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2013 10:21:17 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2928841

Error: (04/18/2013 10:21:17 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2928841

CodeIntegrity Errors:

===================================

Date: 2013-03-06 21:48:21.598

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-03-06 21:48:21.590

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-03-06 21:48:21.586

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 16%

Total physical RAM: 2936.95 MB

Available physical RAM: 2443.85 MB

Total Pagefile: 5871.99 MB

Available Pagefile: 5384.21 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.33 GB) (Free:194.21 GB) NTFS (Disk=0 Partition=3)

Drive e: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 13 MB

Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Disk ID: FE098249

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 100 MB 1024 KB

Partition 2 Primary 14 GB 101 MB

Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 283 GB Healthy Boot

=========================================================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E USB DISK FAT32 Removable 3823 MB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FE098249)

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=283 GB) - (Type=07) (NTFS)

====================================================================

Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)

[MrCharlie]

Looking at it now...MrC

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

[anthonyg138]

Got it to boot up. What should I do now run malware bytes?

[MrCharlie]

No run RogueKiller first:

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:

Click on the

Follow This Topic Button

(at the top right of this page), make sure that the

Receive notification

box is checked and that it is set to

Instantly

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[anthonyg138]

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Melissa G [Admin rights]

Mode : Scan -- Date : 04/21/2013 14:21:17

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Melissa G\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++

--- User ---

[MBR] fc2cabb17a150767ac5d3fa0a4aaa1e2

[bSP] 486b6751896448cdb80371ee334e427f : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290129 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_S_04212013_02d1421.txt >>

RKreport[1]_S_03062013_02d2152.txt ; RKreport[2]_D_03062013_02d2154.txt ; RKreport[3]_S_04212013_02d1421.txt

[MrCharlie]

OK...run MBAR:

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[anthonyg138]

I ran the scan as recommended but it said no threat. I keep getting a pop up from Mcafee saying that it has interrupted a trojan. My computer appears to look normal, do I need to do anything further?

[MrCharlie]

Yes...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!