Am I paranoid

DonL100 · January 7, 2014

I don't know if I have a problem or not. Here are my symptoms. When initially logging on to the internet it takes about 45 seconds for the search page (Google of IE11) to appear. After that everything run fine until awhile later when I try to log on again. Also I've noticed that every 10 seconds like clock work the cursor flicks from the arrow to the little rotating circle and back instantly like a program is trying to start up. Every ten seconds. It lasts a half a second. I can be reading an article on line with my hand off the cursor and it does it. I can be offline and it does it. Every ten seconds. I started to notice it about two weeks ago. Also, my wife told me that about that time a message flashed on the screen that said something like," your computer is being controlled by someone else". I have not been able to get this message to come up again. I did a scan with MalwareBytes Pro but it was clean. Could someone check out these DDS files? Thanks for the help, Don

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/6/2010 1:57:48 PM

System Uptime: 1/6/2014 2:37:35 PM (22 hours ago)

.

Motherboard: Dell Inc. | | 05DN3X

Processor: Intel® Core i7 CPU 930 @ 2.80GHz | CPU 1 | 2772/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 921 GiB total, 832.387 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfeapfk

Device ID: ROOT\LEGACY_MFEAPFK\0000

Manufacturer:

Name: McAfee Inc. mfeapfk

PNP Device ID: ROOT\LEGACY_MFEAPFK\0000

Service: mfeapfk

.

==== System Restore Points ===================

.

RP305: 12/14/2013 1:18:09 PM - Windows Update

RP306: 12/16/2013 9:15:48 AM - Windows Backup

RP307: 12/23/2013 8:52:18 AM - Windows Backup

RP308: 12/28/2013 12:16:31 PM - Removed Skype™ 6.11

RP309: 12/28/2013 12:17:13 PM - Removed Skype™ 6.11

RP310: 12/28/2013 12:17:35 PM - Removed Skype™ 6.11

RP311: 12/28/2013 12:21:16 PM - Removed Skype™ 6.11

RP312: 12/30/2013 8:42:15 AM - Windows Backup

RP314: 1/6/2014 9:18:03 AM - Windows Backup

.

==== Installed Programs ======================

.

4500_Help

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

ATI Catalyst Control Center

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

D3DX10

Defraggler

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Destinations

DeviceDiscovery

DirectXInstallService

DocMgr

DocProc

EasyWeather

EMC 10 Content

EMCGadgets64

erLT

Fax

GoldWave v5.67

Google Chrome

Google Earth

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Smart Print 2.1

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

Intel® Control Center

Intel® Rapid Storage Technology

Internet Explorer

J4500

Java 7 Update 25

Java Auto Updater

Junk Mail filter update

Logitech SetPoint 6.32

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magellan Device Driver

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Mozilla Firefox 25.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NETGEAR Genie

OCR Software by I.R.I.S. 13.0

Officejet J4500 Series

ProductContext

Realtek High Definition Audio Driver

RoboForm 7-9-0-0 (All Users)

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Shared C Run-time for x64

Skins

Skype™ 6.11

SmartWebPrinting

SolutionCenter

Sonic CinePlayer Decoder Pack

Spybot - Search & Destroy

SpywareBlaster 5.0

Status

THX TruStudio PC

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

VantagePoint

VD64Inst

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

1/7/2014 12:35:45 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOANNE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F5E9A1C7-0D9C-42D7-A8BF-972DFAAFB4FD}. The master browser is stopping or an election is being forced.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/7/2014 12:27:53 PM, Error: Service Control Manager [7000] - The McAfee Home Network service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/7/2014 12:21:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

1/7/2014 12:21:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

1/7/2014 12:21:05 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/7/2014 12:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

1/6/2014 11:01:13 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

1/6/2014 11:00:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/6/2014 11:00:43 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

1/6/2014 11:00:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

1/6/2014 11:00:16 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

1/6/2014 11:00:11 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist.

1/5/2014 9:47:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

1/3/2014 8:30:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.

1/2/2014 9:59:47 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:50:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

1/2/2014 9:50:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}

1/2/2014 9:47:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/2/2014 9:47:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/2/2014 9:47:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/2/2014 9:47:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/2/2014 9:47:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/2/2014 9:46:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/2/2014 9:46:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

1/2/2014 9:46:49 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/2/2014 9:46:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428

Run by Don at 12:35:55 on 2014-01-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9925 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: HP Smart Print Helper: {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [E70DD2240FE0934D32B1AC60B724F3A5BD5F0669._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{12A06D99-D1BA-417C-8048-42FD13C7F905} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F5E9A1C7-0D9C-42D7-A8BF-972DFAAFB4FD} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - ExtSQL: 2013-11-08 13:56; jid1-F9UJ2thwoAm5gQ@jetpack; C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

FF - ExtSQL: 2013-11-08 14:00; hpwebprint@hpwebprint.com; C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\extensions\hpwebprint@hpwebprint.com

FF - ExtSQL: !HIDDEN! 2010-12-31 12:38; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-1 55280]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-18 328928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-1 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 701512]

R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-12-18 178048]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-18 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-18 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-18 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-18 328928]

R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 311120]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-12-18 1025232]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-12-1 219272]

R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 782360]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-12-1 182752]

R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 343696]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-24 231752]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-14 1817560]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-14 1033688]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-14 171928]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-1 689472]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-3-31 428640]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 70112]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-3-31 341856]

R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-3-31 4184672]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-9 25928]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 519576]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-1 242720]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-1 295424]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

S2 0199871389122874mcinstcleanup;McAfee Application Installer Cleanup (0199871389122874);C:\Windows\TEMP\019987~1.EXE -cleanup -nolog --> C:\Windows\TEMP\019987~1.EXE -cleanup -nolog [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-12-18 197704]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-25 92376]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-11-26 96112]

S3 MUD;Driver for Magellan USB Device;C:\Windows\System32\drivers\MUD.sys [2008-2-5 63232]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-7 1255736]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-1 203264]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-3 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-01-05 19:52:17 -------- d-----w- C:\Users\Don\AppData\Local\{C855DACA-1EB8-43D8-B72F-AACABD490ED9}

2014-01-03 15:30:55 -------- d-----w- C:\Users\Don\AppData\Local\{AC037F97-618D-43AF-ACAE-2FBDD8868A9B}

2014-01-02 15:47:39 -------- d-----w- C:\Users\Don\AppData\Local\{D31C4D79-A313-41C3-BF58-8676E6910A61}

2013-12-30 15:42:51 -------- d-----w- C:\Users\Don\AppData\Local\{A2126E4B-36EC-4AE7-A35F-CE47B0E8C822}

2013-12-28 20:17:25 -------- d-----r- C:\Program Files (x86)\Skype

2013-12-28 19:28:09 -------- d-----w- C:\Users\Don\AppData\Local\{2BD0B6F0-5255-4DF5-9F80-E75EFED596E4}

2013-12-28 18:48:33 -------- d-----w- C:\Users\Don\AppData\Local\CrashDumps

2013-12-27 14:16:51 -------- d-----w- C:\Users\Don\AppData\Local\{5AAD562F-34DC-4EC2-92FB-F2669470F8C1}

2013-12-26 13:39:22 -------- d-----w- C:\Users\Don\AppData\Local\{A73A8A54-B95E-48AF-8E36-72FAA688C9DF}

2013-12-23 18:14:52 -------- d-----w- C:\Program Files\My Dell

2013-12-20 15:08:13 -------- d-----w- C:\Users\Don\AppData\Local\{7A185946-5EE7-4492-9085-D05BA805B6CC}

2013-12-18 21:26:15 -------- d-----w- C:\Users\Don\AppData\Local\{DB6C0C70-6D78-4BF9-9590-6F43C417A9EE}

2013-12-18 21:25:25 -------- d-----w- C:\Users\Don\AppData\Local\{F15AA610-491D-46C3-BC0A-D22C7D162829}

2013-12-18 17:10:59 16896 ----a-w- C:\Windows\System32\drivers\sfloppy.sys.bak

2013-12-18 17:09:59 289664 ----a-w- C:\Windows\System32\drivers\fltMgr.sys.bak

2013-12-18 10:56:45 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

2013-12-16 21:45:05 -------- d-----w- C:\Users\Don\AppData\Local\{5D0C7E73-A0BC-4805-9DE5-AF79970EC1E2}

2013-12-15 16:29:09 -------- d-----w- C:\Users\Don\AppData\Local\{26B355B3-B40B-40F7-88E6-701954A9F59F}

2013-12-14 19:15:36 -------- d-----w- C:\Users\Don\AppData\Local\{9D580701-6A6A-4D9A-BA28-6235AC027206}

2013-12-13 16:21:11 -------- d-----w- C:\Users\Don\AppData\Local\{E06DEEE9-7743-4A9D-B013-405D06BD6236}

2013-12-12 18:41:27 -------- d-----w- C:\Users\Don\AppData\Local\{979978C1-3FC3-458E-A9BE-490AA9F83309}

2013-12-11 18:03:47 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-11 18:03:47 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-11 18:03:35 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-11 18:03:24 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-11 18:03:23 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-11 18:03:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-11 18:03:08 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-11 17:59:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-11 17:59:08 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-11 17:58:50 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-11 17:58:50 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-11 17:58:39 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-11 17:58:39 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-11 17:58:39 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-11 17:58:39 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-11 17:58:39 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-11 17:58:39 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-11 17:58:39 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-11 17:58:39 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-09 19:42:21 -------- d-----w- C:\Users\Don\AppData\Local\{22719CE9-1829-45C5-89A8-1705FEC88C04}

2013-12-08 19:47:33 -------- d-----w- C:\Users\Don\AppData\Local\{0E2DA89F-54AB-4B0A-8455-B77900517ACC}

.

==================== Find3M ====================

.

2013-12-11 17:59:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 17:59:50 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-27 05:07:44 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys

2013-11-27 05:07:22 96112 ----a-w- C:\Windows\System32\drivers\mfencrk.sys

2013-11-27 05:07:02 411944 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-04 23:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2013-11-04 23:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2013-11-04 23:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2013-11-04 23:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2013-11-04 23:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2013-11-04 23:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

============= FINISH: 12:36:34.17 ===============

CarlosTurco · January 8, 2014

Hello and

P2P/Piracy Warning:

Quote

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Step 1

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.
Once the tool has completed scanning make sure to re-enable your other security applications.

DonL100 · January 9, 2014

Hi Carlos Sorry it took so long. I had problems with SSK

# AdwCleaner v3.016 - Report created 09/01/2014 at 09:47:37

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Don - DON-PC

# Running from : C:\Users\Don\Desktop\Security\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R31].txt - [912 octets] - [06/01/2014 10:57:06]

AdwCleaner[R32].txt - [1032 octets] - [08/01/2014 16:00:30]

AdwCleaner[R33].txt - [1155 octets] - [09/01/2014 09:46:31]

AdwCleaner[s27].txt - [973 octets] - [06/01/2014 10:58:26]

AdwCleaner[s28].txt - [1095 octets] - [08/01/2014 16:01:33]

AdwCleaner[s29].txt - [1076 octets] - [09/01/2014 09:47:37]

########## EOF - C:\AdwCleaner\AdwCleaner[s29].txt - [1137 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by Don on Thu 01/09/2014 at 9:55:40.48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{044CC392-8DBB-49D6-AE12-BA8EBFCB3FB4}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{065B61ED-9A91-45DC-83CB-9C8A60C134B7}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{0AEA4B04-DDA4-4E6C-B5A7-7C390BF15460}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{0D07860B-7CAA-4815-B1AE-94B5F50DD9ED}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{0E2DA89F-54AB-4B0A-8455-B77900517ACC}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{108BAAFA-539F-4CA7-B2E1-86CC1032B3E6}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{14B36225-4E47-4E2C-915A-EAB8CB22F0C9}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{16FCED48-1CDD-42F7-A49D-592151F819BF}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{19740BF0-2D87-4669-9B0C-46C30D5124A2}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{1B6426FF-974A-4D87-8000-F2F5F2474CA0}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{1CE11561-285B-4658-8DDD-ADC85F360E10}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{1DFA76E0-E132-4B7F-B4D5-A59F44EC63A6}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{212C411F-A125-475B-A96A-D52B8263DC9E}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{22719CE9-1829-45C5-89A8-1705FEC88C04}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{22D94D66-50B8-46CE-AEB3-8182E8C65C28}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{26B355B3-B40B-40F7-88E6-701954A9F59F}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{28D07042-663C-4BE1-9CE4-510F96E1D2FB}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{2AD3BBA3-D73B-4B10-A31F-265D9821BE72}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{2BD0B6F0-5255-4DF5-9F80-E75EFED596E4}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{2F78DCCF-5B61-4D07-80EC-B2F14A5F1C42}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{30CB5C90-E31A-4599-A462-3AD2B2541C61}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{32419E1F-7980-4995-B4D8-406A1F7EB1B3}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{32BF10BF-FA34-4DF9-A0CC-B88CA01A5C73}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{32C8A1A4-DE11-466C-8099-F2A306E52C20}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{330D889A-6C83-4687-99B6-BB2C5CA3ED8B}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{33B94699-071B-4BFB-859C-6ED1597EA147}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{36B8714C-1A1E-4D76-A123-CEEB1FCA1575}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{37B8595B-200C-434B-AE51-F6B24D3035A2}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{4E1BA268-66CC-4B18-82AA-AE69C1D0DAAB}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{4E22A2D2-4961-42CD-BCAC-E7E9116FA946}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{565225D2-50D7-467D-A13B-21B06A72A0A3}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{56DED0EB-F502-4C22-B4B9-6DBD32192D6C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{5851107F-22F7-4E27-817F-8C6581BA49FA}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{592D1940-B5FB-45B0-A47D-A2D51B58A6B1}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{5AAD562F-34DC-4EC2-92FB-F2669470F8C1}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{5D0C7E73-A0BC-4805-9DE5-AF79970EC1E2}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{5D427DCF-33BF-4F93-B5C1-AD45FAD023B6}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{694BDFE7-F7C4-4CA6-BEBB-7DBEAAA8A801}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{70A60998-562D-4640-86DE-FCEAE427AD8F}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{74995B6E-E466-435A-8809-95C1752DF72A}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{74FF86C3-B3F9-41C6-B9F9-8CD4AE42462E}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{79282EDE-E1AF-4E88-871F-E58A38E34262}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{7A185946-5EE7-4492-9085-D05BA805B6CC}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{8515BEDA-196E-4944-AFF1-B4880CE7AF70}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{85ECD6BC-5B39-4B4A-9E05-13F0F614A8FA}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{886DCA38-A25D-47C8-9FE3-7D4AB1A7F7F9}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{8874776E-BE77-434C-82EC-FD5F04DA62AE}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{89444332-A7AB-4B80-8B19-B4888319A4D7}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{902897EC-FA26-4451-AE33-3497A6BC873D}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{91DFAE90-6024-4E35-8FE9-D566A2630D1B}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9498B6E9-B96C-43C9-9CD2-3E23490F870C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{974C35DD-0598-44A3-B7A4-417BAC88A04D}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{979978C1-3FC3-458E-A9BE-490AA9F83309}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{989D7484-0AF1-4EB2-8DAB-70AA44B8BF3F}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{98BFB07E-32C0-425C-B366-BB60EBEF7E3E}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{99406C88-9AAC-4436-A0E8-739D7ED737BE}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9AA6DD47-C947-4EF5-AEFF-995FD5AC5D81}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9D580701-6A6A-4D9A-BA28-6235AC027206}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9E36E893-5714-4690-89FF-4AB246599F1E}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9E6DD235-689D-43EC-97FC-3E00178FF9EF}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9ECADE85-622C-4F9D-88DC-7C7E7B1D0A2C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{9FA82D67-F3E2-453B-8A94-4C8F6F0E90D5}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{A2126E4B-36EC-4AE7-A35F-CE47B0E8C822}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{A23CC205-233A-4C64-A10D-8310DE82653E}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{A67C53E3-8E8A-48BA-AA4A-2AD34B081681}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{A73A8A54-B95E-48AF-8E36-72FAA688C9DF}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{AC037F97-618D-43AF-ACAE-2FBDD8868A9B}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{AF88D977-7E4E-4606-8EE3-A3ECCCA465E7}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{B3607875-942E-43DD-80D8-447EC99064D6}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{B7567CB3-CDD0-4FC2-86C4-FED5AC64E72D}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{B7C77AD3-F1A3-47FD-B9C1-C192080DC698}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{B9FD5001-E9F7-4D1F-AD26-B74C2521AD54}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{BA00C344-4CB1-48AC-835E-35674C62CCA5}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{BD5C4DED-831E-4B2A-91EA-42D4E6EC8846}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{BF93699D-622D-4AFA-9A72-2F21537AD00B}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{C022F443-7BB3-4A9A-B8F0-CB7698EDACCC}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{C0E7A27D-D2AC-4833-BD9A-68C61FE76C5C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{C2A03CCA-96A5-4B41-8124-157D3F5C8888}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{C855DACA-1EB8-43D8-B72F-AACABD490ED9}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{C989A41B-3234-4AF9-8EAB-9131CAD7DDA9}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{CA20E38C-66A3-4A76-B6D9-F93E716AAE3F}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{CA6CE616-E975-4AA2-A9F2-52B2C11FFE59}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{CD46B509-7314-41F2-9E68-C89D94B5A3DC}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{D26D045E-EAAC-4362-B48C-E8C1B2F1516C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{D31C4D79-A313-41C3-BF58-8676E6910A61}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{D479A3A3-B8E2-4E09-93BE-935CCFA9EFA0}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{D5181DE6-DA9F-4A52-B3B3-114CC036150C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{D9664113-69FE-45AC-BBA0-02FA3BA8043C}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{DB6C0C70-6D78-4BF9-9590-6F43C417A9EE}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{DBC6AB23-565E-431A-8B8D-1AB3A019BAC1}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{DC208051-12B4-4435-9838-D45CD15915AC}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{E06DEEE9-7743-4A9D-B013-405D06BD6236}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{EAD433ED-EEA0-4773-B21F-59337398B65D}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{EAE9E1B5-14F3-419F-93D1-2BFBB134A1DA}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{EC35B451-2B12-43E0-855B-DD0B51381FF2}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{ED9E0252-A97D-420F-BF1D-2FB60E1DFCF0}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F116EF8C-748F-496E-8D71-7B860594B742}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F15AA610-491D-46C3-BC0A-D22C7D162829}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F2D589FE-C9F4-4CD5-87A9-5C27B31A71C5}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F40C5A63-7776-4EE2-9002-FBA8DDC9AD42}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F628774D-5A89-4EBA-9ABA-721EC1C9CBB0}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{F8FC8BA6-4653-4923-8844-4D8FF7A6B2B9}

Successfully deleted: [Empty Folder] C:\Users\Don\appdata\local\{FCE8927F-81E6-41BD-8E37-82FE272E566F}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/09/2014 at 10:02:32.00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DonL100 · January 9, 2014

I can't post the SSK log because it's to large

CarlosTurco · January 9, 2014

I can't post the SSK log because it's to large

Try to attach the log in your next reply.

DonL100 · January 9, 2014

I don't know why I couldn't post it. It's only 205KB. Here it is. Thanks, Don

TDSSKiller.3.0.0.19_09.01.2014_11.15.57_log.txt

DonL100 · January 9, 2014

And the larger SSK file

TDSSKiller.3.0.0.19_09.01.2014_13.50.09_log.txt

CarlosTurco · January 9, 2014

Okay,

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

DonL100 · January 9, 2014

here's the ComboFix log

ComboFix 14-01-08.03 - Don 01/09/2014 14:41:00.7.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9961 [GMT -7:00]

Running from: c:\users\Don\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll

c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll

c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll

c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll

c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

.

((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))

.

2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Donald\AppData\Local\temp

2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-09 21:48 . 2014-01-09 21:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-01-09 20:45 . 2014-01-09 20:45 -------- d-----w- c:\users\Don\AppData\Local\Adobe

2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-12-28 20:17 . 2013-12-28 20:17 -------- d-----r- c:\program files (x86)\Skype

2013-12-28 18:48 . 2014-01-06 17:33 -------- d-----w- c:\users\Don\AppData\Local\CrashDumps

2013-12-23 18:14 . 2013-12-23 18:14 -------- d-----w- c:\program files\My Dell

2013-12-18 17:10 . 2014-01-08 21:24 16896 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak

2013-12-18 17:09 . 2014-01-08 21:23 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys.bak

2013-12-18 10:56 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2013-12-11 18:03 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 18:03 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 18:03 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 18:03 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 18:03 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 18:03 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 18:03 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 17:59 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 17:59 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 17:58 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 17:58 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 17:58 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 17:58 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 17:58 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 17:58 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 17:58 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 17:58 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 17:58 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 17:58 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-14 20:18 . 2010-12-08 20:36 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-11 17:59 . 2012-04-05 20:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-11 17:59 . 2011-06-08 19:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 16:45 . 2013-12-10 16:45 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-10 16:45 . 2013-12-10 16:45 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-10 16:45 . 2013-12-10 16:45 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-10 16:45 . 2013-12-10 16:45 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-12-10 16:45 . 2013-12-10 16:45 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-10 16:45 . 2013-12-10 16:45 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-12-10 16:45 . 2013-12-10 16:45 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-10 16:45 . 2013-12-10 16:45 81408 ----a-w- c:\windows\system32\icardie.dll

2013-12-10 16:45 . 2013-12-10 16:45 774144 ----a-w- c:\windows\system32\jscript.dll

2013-12-10 16:45 . 2013-12-10 16:45 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-12-10 16:45 . 2013-12-10 16:45 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-12-10 16:45 . 2013-12-10 16:45 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-12-10 16:45 . 2013-12-10 16:45 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-12-10 16:45 . 2013-12-10 16:45 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-12-10 16:45 . 2013-12-10 16:45 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-12-10 16:45 . 2013-12-10 16:45 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-12-10 16:45 . 2013-12-10 16:45 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-12-10 16:45 . 2013-12-10 16:45 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-12-10 16:45 . 2013-12-10 16:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-12-10 16:45 . 2013-12-10 16:45 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-12-10 16:45 . 2013-12-10 16:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-10 16:45 . 2013-12-10 16:45 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-12-10 16:45 . 2013-12-10 16:45 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-12-10 16:45 . 2013-12-10 16:45 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-12-10 16:45 . 2013-12-10 16:45 413696 ----a-w- c:\windows\system32\html.iec

2013-12-10 16:45 . 2013-12-10 16:45 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-10 16:45 . 2013-12-10 16:45 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-12-10 16:45 . 2013-12-10 16:45 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-12-10 16:45 . 2013-12-10 16:45 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-12-10 16:45 . 2013-12-10 16:45 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-10 16:45 . 2013-12-10 16:45 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-12-10 16:45 . 2013-12-10 16:45 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-12-10 16:45 . 2013-12-10 16:45 247808 ----a-w- c:\windows\system32\msls31.dll

2013-12-10 16:45 . 2013-12-10 16:45 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-12-10 16:45 . 2013-12-10 16:45 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-12-10 16:45 . 2013-12-10 16:45 235520 ----a-w- c:\windows\system32\url.dll

2013-12-10 16:45 . 2013-12-10 16:45 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-12-10 16:45 . 2013-12-10 16:45 195584 ----a-w- c:\windows\system32\msrating.dll

2013-12-10 16:45 . 2013-12-10 16:45 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-12-10 16:45 . 2013-12-10 16:45 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-12-10 16:45 . 2013-12-10 16:45 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-12-10 16:45 . 2013-12-10 16:45 147968 ----a-w- c:\windows\system32\occache.dll

2013-12-10 16:45 . 2013-12-10 16:45 143872 ----a-w- c:\windows\system32\wextract.exe

2013-12-10 16:45 . 2013-12-10 16:45 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-12-10 16:45 . 2013-12-10 16:45 13824 ----a-w- c:\windows\system32\mshta.exe

2013-12-10 16:45 . 2013-12-10 16:45 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-12-10 16:45 . 2013-12-10 16:45 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-12-10 16:45 . 2013-12-10 16:45 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-10 16:45 . 2013-12-10 16:45 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-10 16:45 . 2013-12-10 16:45 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-12-10 16:45 . 2013-12-10 16:45 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-12-10 16:45 . 2013-12-10 16:45 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-10 16:45 . 2013-12-10 16:45 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-12-10 16:45 . 2013-12-10 16:45 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-27 05:07 . 2013-11-27 05:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2013-11-27 05:07 . 2013-11-27 05:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2013-11-27 05:07 . 2013-11-27 05:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2013-11-04 23:51 . 2010-01-06 00:04 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-11-04 23:46 . 2010-01-06 00:04 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-11-04 23:43 . 2010-01-06 00:04 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-11-04 23:41 . 2010-01-06 00:04 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-11-04 23:40 . 2010-01-06 00:04 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-11-04 23:39 . 2010-01-06 00:04 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-10-15 01:00 . 2013-12-10 16:47 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-13 11:50 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-13 11:50 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-13 11:50 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-13 11:50 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-13 11:50 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-08-05 109784]

"E70DD2240FE0934D32B1AC60B724F3A5BD5F0669._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

.

c:\users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 MUD;Driver for Magellan USB Device;c:\windows\system32\DRIVERS\MUD.sys;c:\windows\SYSNATIVE\DRIVERS\MUD.sys [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 20:28 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:59]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 20:39]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\gzpr9n2j.default-1375900177010\

FF - ExtSQL: !HIDDEN! 2010-12-31 12:38; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

SafeBoot-76331507.sys

SafeBoot-mbamchameleon

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-583441641-3973240248-463755501-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-583441641-3973240248-463755501-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2014-01-09 15:01:50 - machine was rebooted

ComboFix-quarantined-files.txt 2014-01-09 22:01

.

Pre-Run: 896,746,827,776 bytes free

Post-Run: 896,171,126,784 bytes free

.

- - End Of File - - A38AF7DB5641AEBC66C75B4451F1C7F1

CarlosTurco · January 9, 2014

Next,

Step 1

Open notepad and copy/paste the text in the quote box below into it:

ClearJavaCache:: Reglock::[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt on your desktop.

Referring to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Step 2

Download Zoek (By Smeenk) and save that file to your Desktop.

http://www.hijackthi...220813/zoek.zip

Double click zip file and extract to your Desktop:

Select these lines inside CODE, right click on the selection and choose Copy.

autoclean;emptyclsid;standardsearch;

Right click on any white part of Zoek and select the paste option.

Click the button [Run Script]

Wait for the scan. At the end of the report will be generated C: \ zoek-results.txt

Copy your content and post in your next response.

NOTE¹: If Zoek find files that you can not remove, you may have to restart your PC. Do this immediately, when asked whether to restart the PC.

NOTE²: This script has been prepared only for this computer, according to the files and keys present.

DonL100 · January 10, 2014

OK, I turned off the Mcafee live scan and the Spybot search & destroy scanning as I did before when using ComboFix but when I run ComboFix now it still says that S& D is still running. I've tried it twice after rebooting and turning the scanners off again and it still says S&D is till running. I then went to the website that you gave me before that shows how to close the scans and the instructions for S&D are archaic and don't match the newer S&D. Can I run Combofix when S&D scanning is running? Thanks, Don

CarlosTurco · January 10, 2014

Can I run Combofix when S&D scanning is running? Thanks, Don

Proceed.

DonL100 · January 10, 2014

ComboFix Log you requested.

ComboFix 14-01-08.03 - Don 01/10/2014 10:57:14.8.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9673 [GMT -7:00]

Running from: c:\users\Don\Desktop\ComboFix.exe

Command switches used :: c:\users\Don\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

.

((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))

.

2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Donald\AppData\Local\temp

2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-10 18:05 . 2014-01-10 18:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp