Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply..

 

Thanks,

 

Kevin....

Link to post
Share on other sites

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/27/2014

Scan Time: 7:31:54 AM

Logfile:

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.27.02

Rootkit Database: v2014.10.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: jill

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 322414

Time Elapsed: 15 min, 54 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 1

Trojan.Agent.ED, C:\Users\jill\AppData\Local\brmtekn.dll, Delete-on-Reboot, [327c84952755ca6ca56631295aa6a858],

 

Registry Keys: 1

Trojan.Agent.ED, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\brmtekn, Quarantined, [327c84952755ca6ca56631295aa6a858],

 

Registry Values: 1

Trojan.Agent.ED, HKU\S-1-5-21-89020590-1650858866-3417165827-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|brmtekn, rundll32 "C:\Users\jill\AppData\Local\brmtekn.dll",brmtekn, Quarantined, [327c84952755ca6ca56631295aa6a858]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 13

Trojan.Agent.ED, C:\Users\jill\AppData\Local\brmtekn.dll, Delete-on-Reboot, [327c84952755ca6ca56631295aa6a858],

Trojan.Agent.ED, c:\Users\jill\AppData\Local\Temp\updateflashplayer_95255a46.exe, Quarantined, [129c05145d1fc86e2a7a02d208f90ff1],

Trojan.FakeMS.ED, C:\Windows\Installer\{4CF7224F-FEB6-4A8A-9749-1B9F89EF1B15}\msiexec.exe, Quarantined, [1797d64334481f17c91f7166d130cd33],

Trojan.Ransom, C:\Windows\Installer\{2F7EFC2D-13D2-496F-8383-91779C164095}\msiexec.exe, Quarantined, [337bcb4ef587fc3ad645e9efea177d83],

Trojan.Agent.ED, C:\Windows\Installer\{33141D64-8054-4868-80CF-016B858AE849}\msiexec.exe, Quarantined, [3d7160b9f389a0966b39e0f41ae7a858],

Trojan.Agent.ED, C:\Windows\Installer\{ABFA1468-21BF-47E9-A059-BB3A51EBA02A}\msiexec.exe, Quarantined, [8c22e435621a46f06c38ab29738e18e8],

Trojan.Agent.ED, C:\Windows\Installer\{BD09F263-07DB-43B2-B674-31E4FD26C518}\msiexec.exe, Quarantined, [416dc356e09c4aecebb9795b46bb05fb],

Trojan.Agent.ED, C:\Windows\Installer\{BF4E2B67-C709-49D7-AC12-1525F9B4023A}\msiexec.exe, Quarantined, [208e908984f878be4d57567e1ee3b050],

Trojan.FakeMS.ED, C:\Windows\Installer\{DF7F9C92-0B9D-4383-80E5-0917E3EC92B5}\msiexec.exe, Quarantined, [109ebb5e4e2e55e14b9d2daae41d09f7],

Trojan.Agent.FSAVXGen, C:\Windows\Installer\{AA2E662F-93B1-49B3-B130-D860A430A998}\msiexec.exe, Quarantined, [733bb168e795191da9a9ade20cf56f91],

Trojan.Ransom, C:\Windows\Installer\{F3B4CCA8-2D73-4A71-B2F6-163DE2C14D52}\msiexec.exe, Quarantined, [694574a55527ac8afd1e9d3b39c814ec],

Trojan.Agent.ED, C:\Windows\Installer\{FCCA4178-B2F5-4D1F-870D-CF502996C1DE}\msiexec.exe, Quarantined, [15998c8d413b81b5158fce069b669769],

Trojan.Agent.ED, C:\Windows\Installer\{79BDF864-7281-4773-9FAE-1F5CA6BC4E5A}\msiexec.exe, Quarantined, [c7e7e336324af73f733112c2cc35eb15],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

# AdwCleaner v4.002 - Report created 27/10/2014 at 11:55:09

# DB v2014-10-26.6

# Updated 27/10/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : jill - JILL-PC

# Running from : C:\Users\jill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9SSCC65\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

 

***** [ Browsers ] *****

Link to post
Share on other sites

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Oct 27 13:11:15 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 27 13:18:33 2014

 

 

Return code: 0 (0x0)\ Internet Explorer v10.0.9200.16750

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by jill (administrator) on JILL-PC on 27-10-2014 13:21:44

Running from C:\Users\jill\Downloads

Loaded Profile: jill (Available profiles: jill)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe

(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

() C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe

() C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Dell) C:\Users\jill\AppData\Local\Apps\2.0\7YKAEPC6.88X\WXGWEJTH.L6Q\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Linksys LLC - A Division of Cisco Systems) C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

() C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2429440 2012-05-02] (Cypress Semiconductor Corporation)

HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2371584 2012-05-02] (Cypress Semiconductor, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-29] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4358816 2012-03-28] (Dell Inc.)

HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2013-10-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LELA] => C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [131072 2008-05-01] (Linksys LLC - A Division of Cisco Systems)

HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [648504 2008-04-09] (Pure Networks, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe [144672 2009-10-30] ()

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [DKab1err] => C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe [644416 2012-03-07] ()

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [947520 2012-03-07] ()

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [DellSystemDetect] => C:\Users\jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [ABBYY Screenshot Reader Retail] => "C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe" -autorun

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jill\AppData\Roaming\Microsoft\Crypto\RSA\cert_v69_0.tpl"

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jill\AppData\Roaming\Microsoft\Crypto\RSA\cert_v69_0.tpl"

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {236e583f-9b27-11e2-a43e-00dbdf0eed44} - D:\LaunchU3.exe -a

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {236e5847-9b27-11e2-a43e-00dbdf0eed44} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Online/Final.SyllabusTemplate.MDM11P01.pdf

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {4a5856ef-3b58-11e2-989b-00dbdf0eed44} - D:\LaunchU3.exe -a

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)

 

==================== Internet (Whitelisted) ====================

Link to post
Share on other sites

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKCU - DefaultScope {120F38F6-5F5F-4E43-9F03-B91CC2EF4B83} URL =

SearchScopes: HKCU - {120F38F6-5F5F-4E43-9F03-B91CC2EF4B83} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0A66E9A2-0099-46F8-93C8-B57F20509326}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{4F382BED-80C9-4B74-BB48-3FFAA302701C}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{80A21F15-5484-4F3C-A2D8-8ADEE32E4881}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9C21B953-5D22-4171-AE9E-21A1F03248C2}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D5BBC4AF-03C0-48EC-BEBB-A49089B71AE3}: [NameServer] 8.8.8.8,8.8.8.8

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-11-29]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome:

=======

CHR Profile: C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]

CHR Extension: (Google Search) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]

CHR Extension: (SiteAdvisor) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-01]

CHR Extension: (Gmail) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-09]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-09]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]

R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [121856 2011-11-10] ()

S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-04-18] () [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [56320 2009-10-02] (ASIX Electronics Corp.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [125440 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14336 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [88576 2012-05-04] (Cypress Semiconductor, Inc.)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25024 2011-11-10] ()

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-11-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 13:21 - 2014-10-27 13:22 - 00031210 _____ () C:\Users\jill\Downloads\FRST.txt

2014-10-27 13:21 - 2014-10-27 13:21 - 00000000 ____D () C:\FRST

2014-10-27 13:20 - 2014-10-27 13:20 - 02113024 _____ (Farbar) C:\Users\jill\Downloads\FRST64.exe

2014-10-27 13:20 - 2014-10-27 13:20 - 02113024 _____ (Farbar) C:\Users\jill\Downloads\FRST64 (1).exe

2014-10-27 13:10 - 2014-10-27 13:10 - 32601272 _____ (Microsoft Corporation) C:\Users\jill\Downloads\Windows-KB890830-x64-V5.17.exe

2014-10-27 13:07 - 2014-10-27 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-10-27 12:34 - 2014-10-27 12:34 - 00002924 _____ () C:\Windows\System32\Tasks\{8711D300-6732-4281-9C0F-BAC21B1BEA90}

2014-10-27 12:03 - 2014-10-27 12:03 - 00000000 ____D () C:\Windows\ERUNT

2014-10-27 11:50 - 2014-10-27 11:55 - 00000000 ____D () C:\AdwCleaner

2014-10-27 08:03 - 2014-10-27 08:03 - 618743436 _____ () C:\Windows\MEMORY.DMP

2014-10-27 08:03 - 2014-10-27 08:03 - 00262144 _____ () C:\Windows\Minidump\102714-9406-01.dmp

2014-10-26 13:27 - 2014-10-27 11:56 - 00007208 _____ () C:\Windows\PFRO.log

2014-10-26 13:25 - 2014-10-26 13:25 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-10-26 13:25 - 2014-10-26 13:25 - 00000000 __SHD () C:\Windows\system32\%APPDATA%

2014-10-25 23:29 - 2014-10-25 23:29 - 00002976 _____ () C:\Windows\System32\Tasks\{FA83A748-6BF8-4F3E-B2E6-62370098E454}

2014-10-25 23:29 - 2014-10-25 23:29 - 00002976 _____ () C:\Windows\System32\Tasks\{D2DE4DAA-C230-4FAE-BC39-A0DAE00D7A11}

2014-10-25 23:24 - 2014-10-27 13:01 - 00000784 _____ () C:\Windows\setupact.log

2014-10-25 23:24 - 2014-10-25 23:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-25 21:40 - 2014-10-25 21:40 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-10-25 21:37 - 2014-10-25 21:37 - 00070656 _____ () C:\Windows\system32\rhric.dll

2014-10-25 21:37 - 2014-10-25 21:37 - 00029184 _____ () C:\Windows\SysWOW64\ixkoc.dll

2014-10-25 21:37 - 2014-10-25 21:37 - 00003856 _____ () C:\Windows\System32\Tasks\{E22EDD8B-DD70-BF9B-F2BA-7CBC65EDA169}

2014-10-25 21:37 - 2014-10-25 21:37 - 00000000 _____ () C:\Windows\system32\sfmjg.dll

2014-10-18 10:01 - 2014-10-18 10:01 - 13365916 _____ () C:\Users\jill\Desktop\fenway2.psd

2014-10-18 09:39 - 2014-10-18 09:40 - 00000000 ____D () C:\Users\jill\AppData\Local\{EA629EB8-0CDE-4B45-A75A-7E220EE7226A}

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 13:14 - 2012-12-01 14:39 - 00000000 ____D () C:\Users\jill\AppData\Local\CrashDumps

2014-10-27 13:09 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-27 13:09 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-27 13:07 - 2013-04-01 15:19 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-10-27 13:07 - 2009-07-14 00:13 - 00782922 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-27 13:06 - 2014-06-25 19:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-27 13:03 - 2013-01-17 16:34 - 00000000 ____D () C:\Users\jill\AppData\Local\Deployment

2014-10-27 13:03 - 2012-06-20 19:52 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-10-27 13:03 - 2012-06-20 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-10-27 13:03 - 2012-06-20 19:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-10-27 13:02 - 2012-06-20 19:30 - 01550228 _____ () C:\Windows\WindowsUpdate.log

2014-10-27 13:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-27 11:21 - 2012-06-20 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-27 08:03 - 2013-11-08 13:49 - 00000000 ____D () C:\Windows\Minidump

2014-10-27 07:28 - 2014-06-25 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-27 07:28 - 2014-06-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-27 07:28 - 2012-11-29 21:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-27 02:01 - 2012-11-06 19:55 - 00000000 ____D () C:\Users\jill\AppData\Local\Adobe

2014-10-22 21:29 - 2013-08-13 12:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-22 19:18 - 2014-02-24 14:35 - 00000000 ___RD () C:\Users\jill\Desktop\Pictures update

2014-10-22 19:18 - 2014-02-24 11:50 - 00000000 ____D () C:\Users\jill\Desktop\Photoshop

2014-10-18 09:55 - 2013-08-14 17:43 - 00033636 _____ () C:\ProgramData\DKADGscan.log

2014-10-16 05:56 - 2012-11-29 21:34 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-10-10 17:05 - 2012-11-29 21:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-10-03 18:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-10-03 10:02 - 2012-11-09 20:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-01 11:11 - 2014-06-25 19:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-06-25 19:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2012-11-29 21:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-28 20:05 - 2013-11-24 18:07 - 00000000 ___RD () C:\Users\jill\Desktop\ipad

2014-09-28 16:56 - 2012-06-20 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

 

Some content of TEMP:

====================

C:\Users\jill\AppData\Local\Temp\gezfzow0.dll

C:\Users\jill\AppData\Local\Temp\lxdn9ahp.dll

C:\Users\jill\AppData\Local\Temp\Quarantine.exe

C:\Users\jill\AppData\Local\Temp\sqlite3.dll

C:\Users\jill\AppData\Local\Temp\vf5yq2rk.dll

C:\Users\jill\AppData\Local\Temp\zh4zy9v1.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-23 07:05

 

==================== End Of Log ==

Link to post
Share on other sites

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKCU - DefaultScope {120F38F6-5F5F-4E43-9F03-B91CC2EF4B83} URL =

SearchScopes: HKCU - {120F38F6-5F5F-4E43-9F03-B91CC2EF4B83} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0A66E9A2-0099-46F8-93C8-B57F20509326}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{4F382BED-80C9-4B74-BB48-3FFAA302701C}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{80A21F15-5484-4F3C-A2D8-8ADEE32E4881}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9C21B953-5D22-4171-AE9E-21A1F03248C2}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D5BBC4AF-03C0-48EC-BEBB-A49089B71AE3}: [NameServer] 8.8.8.8,8.8.8.8

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-11-29]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome:

=======

CHR Profile: C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]

CHR Extension: (Google Search) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]

CHR Extension: (SiteAdvisor) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-01]

CHR Extension: (Gmail) - C:\Users\jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-09]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-09]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]

R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [121856 2011-11-10] ()

S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-04-18] () [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [56320 2009-10-02] (ASIX Electronics Corp.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [125440 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14336 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [88576 2012-05-04] (Cypress Semiconductor, Inc.)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25024 2011-11-10] ()

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-11-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 13:21 - 2014-10-27 13:22 - 00031210 _____ () C:\Users\jill\Downloads\FRST.txt

2014-10-27 13:21 - 2014-10-27 13:21 - 00000000 ____D () C:\FRST

2014-10-27 13:20 - 2014-10-27 13:20 - 02113024 _____ (Farbar) C:\Users\jill\Downloads\FRST64.exe

2014-10-27 13:20 - 2014-10-27 13:20 - 02113024 _____ (Farbar) C:\Users\jill\Downloads\FRST64 (1).exe

2014-10-27 13:10 - 2014-10-27 13:10 - 32601272 _____ (Microsoft Corporation) C:\Users\jill\Downloads\Windows-KB890830-x64-V5.17.exe

2014-10-27 13:07 - 2014-10-27 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-10-27 12:34 - 2014-10-27 12:34 - 00002924 _____ () C:\Windows\System32\Tasks\{8711D300-6732-4281-9C0F-BAC21B1BEA90}

2014-10-27 12:03 - 2014-10-27 12:03 - 00000000 ____D () C:\Windows\ERUNT

2014-10-27 11:50 - 2014-10-27 11:55 - 00000000 ____D () C:\AdwCleaner

2014-10-27 08:03 - 2014-10-27 08:03 - 618743436 _____ () C:\Windows\MEMORY.DMP

2014-10-27 08:03 - 2014-10-27 08:03 - 00262144 _____ () C:\Windows\Minidump\102714-9406-01.dmp

2014-10-26 13:27 - 2014-10-27 11:56 - 00007208 _____ () C:\Windows\PFRO.log

2014-10-26 13:25 - 2014-10-26 13:25 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-10-26 13:25 - 2014-10-26 13:25 - 00000000 __SHD () C:\Windows\system32\%APPDATA%

2014-10-25 23:29 - 2014-10-25 23:29 - 00002976 _____ () C:\Windows\System32\Tasks\{FA83A748-6BF8-4F3E-B2E6-62370098E454}

2014-10-25 23:29 - 2014-10-25 23:29 - 00002976 _____ () C:\Windows\System32\Tasks\{D2DE4DAA-C230-4FAE-BC39-A0DAE00D7A11}

2014-10-25 23:24 - 2014-10-27 13:01 - 00000784 _____ () C:\Windows\setupact.log

2014-10-25 23:24 - 2014-10-25 23:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-25 21:40 - 2014-10-25 21:40 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-10-25 21:37 - 2014-10-25 21:37 - 00070656 _____ () C:\Windows\system32\rhric.dll

2014-10-25 21:37 - 2014-10-25 21:37 - 00029184 _____ () C:\Windows\SysWOW64\ixkoc.dll

2014-10-25 21:37 - 2014-10-25 21:37 - 00003856 _____ () C:\Windows\System32\Tasks\{E22EDD8B-DD70-BF9B-F2BA-7CBC65EDA169}

2014-10-25 21:37 - 2014-10-25 21:37 - 00000000 _____ () C:\Windows\system32\sfmjg.dll

2014-10-18 10:01 - 2014-10-18 10:01 - 13365916 _____ () C:\Users\jill\Desktop\fenway2.psd

2014-10-18 09:39 - 2014-10-18 09:40 - 00000000 ____D () C:\Users\jill\AppData\Local\{EA629EB8-0CDE-4B45-A75A-7E220EE7226A}

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 13:14 - 2012-12-01 14:39 - 00000000 ____D () C:\Users\jill\AppData\Local\CrashDumps

2014-10-27 13:09 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-27 13:09 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-27 13:07 - 2013-04-01 15:19 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-10-27 13:07 - 2009-07-14 00:13 - 00782922 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-27 13:06 - 2014-06-25 19:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-27 13:03 - 2013-01-17 16:34 - 00000000 ____D () C:\Users\jill\AppData\Local\Deployment

2014-10-27 13:03 - 2012-06-20 19:52 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-10-27 13:03 - 2012-06-20 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-10-27 13:03 - 2012-06-20 19:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-10-27 13:02 - 2012-06-20 19:30 - 01550228 _____ () C:\Windows\WindowsUpdate.log

2014-10-27 13:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-27 11:21 - 2012-06-20 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-27 08:03 - 2013-11-08 13:49 - 00000000 ____D () C:\Windows\Minidump

2014-10-27 07:28 - 2014-06-25 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-27 07:28 - 2014-06-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-27 07:28 - 2012-11-29 21:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-27 02:01 - 2012-11-06 19:55 - 00000000 ____D () C:\Users\jill\AppData\Local\Adobe

2014-10-22 21:29 - 2013-08-13 12:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-22 19:18 - 2014-02-24 14:35 - 00000000 ___RD () C:\Users\jill\Desktop\Pictures update

2014-10-22 19:18 - 2014-02-24 11:50 - 00000000 ____D () C:\Users\jill\Desktop\Photoshop

2014-10-18 09:55 - 2013-08-14 17:43 - 00033636 _____ () C:\ProgramData\DKADGscan.log

2014-10-16 05:56 - 2012-11-29 21:34 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-10-10 17:05 - 2012-11-29 21:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-10-03 18:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-10-03 10:02 - 2012-11-09 20:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-01 11:11 - 2014-06-25 19:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-06-25 19:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2012-11-29 21:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-28 20:05 - 2013-11-24 18:07 - 00000000 ___RD () C:\Users\jill\Desktop\ipad

2014-09-28 16:56 - 2012-06-20 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

 

Some content of TEMP:

====================

C:\Users\jill\AppData\Local\Temp\gezfzow0.dll

C:\Users\jill\AppData\Local\Temp\lxdn9ahp.dll

C:\Users\jill\AppData\Local\Temp\Quarantine.exe

C:\Users\jill\AppData\Local\Temp\sqlite3.dll

C:\Users\jill\AppData\Local\Temp\vf5yq2rk.dll

C:\Users\jill\AppData\Local\Temp\zh4zy9v1.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-23 07:05

 

==================== End Of Log ==

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by jill at 2014-10-27 13:22:30
Running from C:\Users\jill\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.34 - Cypress Semiconductor, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell V520 Series Uninstaller (HKLM\...\Dell V520 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{39D1D2EA-6F53-4268-B5E8-F78B22049A41}) (Version: 2.0.871.0 - Intel)
Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}) (Version:  - )
Linksys EasyLink Advisor (Version: 3.0.8122.29 - Linksys, Cisco System.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.0.187 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Publisher 2013 - en-us (HKLM\...\PublisherRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Explosion (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.17 - Nova Development)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Pure Networks Platform (x32 Version: 10.1.8116.1 - Pure Networks) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.19 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6612 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-89020590-1650858866-3417165827-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

17-04-2014 01:45:05 Scheduled Checkpoint
30-04-2014 00:14:33 Windows Update
18-06-2014 18:40:51 Scheduled Checkpoint
26-06-2014 01:27:28 Scheduled Checkpoint
28-08-2014 14:29:29 Windows Update
03-10-2014 23:18:25 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-26 13:25 - 00001397 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
212.47.195.163 www.google-analytics.com.
212.47.195.163 google-analytics.com.
212.47.195.163 connect.facebook.net.
107.181.174.68 www.google-analytics.com.
107.181.174.68 google-analytics.com.
107.181.174.68 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A38ADED-23AF-431C-AC0E-6CA29A019D52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {366D5AE5-38F4-4C51-9685-D5BF9A225F94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {45CF9F01-2309-497B-9DA6-5C9CAC2C6B20} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {555D84E1-2ACA-4370-A58E-8B44EAD8D355} - System32\Tasks\{D2DE4DAA-C230-4FAE-BC39-A0DAE00D7A11} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-10-01] (Malwarebytes Corporation)
Task: {5B5E704C-5B26-4F4D-9CF1-236897F3D289} - System32\Tasks\{E22EDD8B-DD70-BF9B-F2BA-7CBC65EDA169} => C:\Windows\system32\rhric.dll [2014-10-25] ()
Task: {6E519385-12BD-41FE-B5D3-14CF21414DF4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {85E646A8-7996-4D13-9661-055FA2E82629} - System32\Tasks\{8711D300-6732-4281-9C0F-BAC21B1BEA90} => C:\Users\jill\Downloads\JRT.exe
Task: {BCFA4FA7-8B7E-47FB-8593-704DAE17D725} - System32\Tasks\Games\UpdateCheck_S-1-5-21-89020590-1650858866-3417165827-1000
Task: {CC8C95FE-5E3A-4970-A49B-93B23CF52BB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {F9F5EEF3-06C3-4C87-84EE-ABAD2077FD13} - System32\Tasks\{FA83A748-6BF8-4F3E-B2E6-62370098E454} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-10-01] (Malwarebytes Corporation)
Task: {FB168C86-C99C-4E22-86D0-1E7A859E540C} - System32\Tasks\{5FCB70ED-C210-4759-8DEB-A14ADE22B29B} => C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01] (Linksys LLC - A Division of Cisco Systems)
Task: {FCB80C2D-F621-4EB9-8ACC-B1F0F3C18F79} - System32\Tasks\AdobeAAMUpdater-1.0-jill-PC-jill => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-10-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-29 09:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-11-10 12:15 - 2011-11-10 12:15 - 00121856 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2011-11-10 12:15 - 2011-11-10 12:15 - 00043520 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2011-11-10 12:15 - 2011-11-10 12:15 - 00029696 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2011-11-10 12:15 - 2011-11-10 12:15 - 00030208 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
2014-10-26 13:25 - 2014-10-26 13:25 - 00246920 ___SH () C:\Users\jill\AppData\Roaming\Microsoft\Crypto\RSA\cert_v69_0.tpl
2012-06-20 20:57 - 2011-07-19 18:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-04 22:24 - 2012-03-07 21:44 - 00644416 _____ () C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
2012-11-04 22:24 - 2012-03-07 21:43 - 00947520 _____ () C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
2009-10-30 16:32 - 2009-10-30 16:32 - 00144672 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
2012-06-20 19:50 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-10-22 21:29 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-04 22:24 - 2011-11-09 05:38 - 00217088 _____ () C:\Program Files (x86)\Dell\ErrorApp\dkab1err.dll
2012-11-04 22:24 - 2011-11-14 02:31 - 01454080 _____ () C:\Program Files (x86)\Dell V520 Series\dkabdrs.dll
2008-04-09 19:15 - 2008-04-09 19:15 - 00103472 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-04-09 19:15 - 2008-04-09 19:15 - 00038960 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2009-10-30 16:32 - 2009-10-30 16:32 - 00087328 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\AddressBookCore.dll
2009-10-30 16:33 - 2009-10-30 16:33 - 00152864 _____ () C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\en-US\ReminderApp.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-89020590-1650858866-3417165827-500 - Administrator - Disabled)
Guest (S-1-5-21-89020590-1650858866-3417165827-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-89020590-1650858866-3417165827-1002 - Limited - Enabled)
jill (S-1-5-21-89020590-1650858866-3417165827-1000 - Administrator - Enabled) => C:\Users\jill

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 01:14:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x494
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/27/2014 01:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CS6ServiceManager.exe, version: 3.0.0.389, time stamp: 0x4f5a20ec
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x13c0
Faulting application start time: 0xCS6ServiceManager.exe0
Faulting application path: CS6ServiceManager.exe1
Faulting module path: CS6ServiceManager.exe2
Report Id: CS6ServiceManager.exe3

Error: (10/27/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 01:01:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 00:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 00:18:52 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 11:56:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 11:56:16 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 11:39:35 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (8920) An attempt to open the file "C:\Users\jill\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/27/2014 11:33:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/27/2014 01:04:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2014 01:03:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 01:02:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/27/2014 01:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2014 00:50:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/27/2014 00:21:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2014 00:19:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 00:19:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/27/2014 00:19:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2014 11:58:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:14:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf9949401cff21040771d3fC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll17c61916-5e05-11e4-b54f-00dbdf0eed44

Error: (10/27/2014 01:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CS6ServiceManager.exe3.0.0.3894f5a20ecntdll.dll6.1.7601.18247521ea8e7c0000374000ce75313c001cff2104573479fC:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exeC:\Windows\SysWOW64\ntdll.dll86f5b0a8-5e03-11e4-b54f-00dbdf0eed44

Error: (10/27/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 01:01:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 00:18:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 00:18:52 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 11:56:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 11:56:16 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit   OEM default registry path does not exist.

Error: (10/27/2014 11:39:35 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost8920C:\Users\jill\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (10/27/2014 11:33:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-02-08 13:25:35.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 13:25:35.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 13:25:35.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-10 19:54:12.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-10 19:54:12.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-10 19:54:12.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 17:59:56.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 17:59:56.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 17:59:56.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-26 15:13:49.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i7-2637M CPU @ 1.70GHz
Percentage of memory in use: 71%
Total physical RAM: 3982.67 MB
Available physical RAM: 1147.57 MB
Total Pagefile: 7965.34 MB
Available Pagefile: 4473.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:212.18 GB) (Free:61.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: CB0A057B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=212.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Let me see those two logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin

Fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/27/2014
Scan Time: 4:46:33 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.07
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319949
Time Elapsed: 6 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Heuristics.Reserved.Word.Exploit, C:\Users\jill\AppData\Local\Temp\msiexec.exe, 7948, Delete-on-Reboot, [a60d8495116bb77fc2daf73ac93cdb25]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|139122760, C:\PROGRA~3\msypm.exe, Quarantined, [516245d4215bb5813039f0361ce7af51]
Trojan.Agent.MSDGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|139122760, C:\PROGRA~3\msypm.exe, Quarantined, [516245d4215bb5813039f0361ce7af51]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
CryptoWall.Trace, C:\Users\jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML, Quarantined, [357ee435027a6ec8979fa983a85be818],
CryptoWall.Trace, C:\Users\jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT, Quarantined, [654e31e899e30a2c0333dd4fb05325db],
CryptoWall.Trace, C:\Users\jill\Desktop\DECRYPT_INSTRUCTION.HTML, Quarantined, [902394857804ab8b9e99e04cf90a728e],
CryptoWall.Trace, C:\Users\jill\Desktop\DECRYPT_INSTRUCTION.TXT, Quarantined, [fbb8cb4e2c509b9baf884fdd976c54ac],
CryptoWall.Trace, C:\Users\jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL, Quarantined, [0aa98594daa278be811bcecaf90bf60a],
CryptoWall.Trace, C:\Users\jill\Desktop\INSTALL_TOR.URL, Quarantined, [ecc78b8e94e875c1534ae1b75fa511ef],
Trojan.Agent.MSDGen, C:\ProgramData\msypm.exe, Quarantined, [516245d4215bb5813039f0361ce7af51],
Heuristics.Reserved.Word.Exploit, C:\Users\jill\AppData\Local\Temp\msiexec.exe, Delete-on-Reboot, [a60d8495116bb77fc2daf73ac93cdb25],

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01

Ran by jill at 2014-10-27 15:56:13 Run:1

Running from C:\Users\jill\Downloads

Loaded Profile: jill (Available profiles: jill)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {236e583f-9b27-11e2-a43e-00dbdf0eed44} - D:\LaunchU3.exe -a

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {236e5847-9b27-11e2-a43e-00dbdf0eed44} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Online/Final.SyllabusTemplate.MDM11P01.pdf

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...\MountPoints2: {4a5856ef-3b58-11e2-989b-00dbdf0eed44} - D:\LaunchU3.exe -a

HKU\S-1-5-21-89020590-1650858866-3417165827-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

2014-10-26 13:25 - 2014-10-26 13:25 - 00000000 __SHD () C:\Windows\system32\%APPDATA%

C:\Users\jill\AppData\Local\Temp\gezfzow0.dll

C:\Users\jill\AppData\Local\Temp\lxdn9ahp.dll

C:\Users\jill\AppData\Local\Temp\Quarantine.exe

C:\Users\jill\AppData\Local\Temp\sqlite3.dll

C:\Users\jill\AppData\Local\Temp\vf5yq2rk.dll

C:\Users\jill\AppData\Local\Temp\zh4zy9v1.dll

CustomCLSID: HKU\S-1-5-21-89020590-1650858866-3417165827-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

EmptyTemp:

Hosts:

End

 

*****************

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{236e583f-9b27-11e2-a43e-00dbdf0eed44}" => Key deleted successfully.

"HKCR\CLSID\{236e583f-9b27-11e2-a43e-00dbdf0eed44}" => Key not found.

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{236e5847-9b27-11e2-a43e-00dbdf0eed44}" => Key deleted successfully.

"HKCR\CLSID\{236e5847-9b27-11e2-a43e-00dbdf0eed44}" => Key not found.

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a5856ef-3b58-11e2-989b-00dbdf0eed44}" => Key deleted successfully.

"HKCR\CLSID\{4a5856ef-3b58-11e2-989b-00dbdf0eed44}" => Key not found.

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.

C:\Windows\system32\%APPDATA% => Moved successfully.

C:\Users\jill\AppData\Local\Temp\gezfzow0.dll => Moved successfully.

C:\Users\jill\AppData\Local\Temp\lxdn9ahp.dll => Moved successfully.

C:\Users\jill\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\jill\AppData\Local\Temp\sqlite3.dll => Moved successfully.

C:\Users\jill\AppData\Local\Temp\vf5yq2rk.dll => Moved successfully.

C:\Users\jill\AppData\Local\Temp\zh4zy9v1.dll => Moved successfully.

"HKU\S-1-5-21-89020590-1650858866-3417165827-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 12.9 GB temporary data.

 

The system needed a reboot.

Link to post
Share on other sites

Can you check the instructions for Malwarebytes in reply #12, I ask that you enable "Scan for Rootkit" Can you run Malwarebytes once more as per that reply...

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Post those two logs, also give an update on any remaining issues or concerns...

 

Kevin..

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/27/2014
Scan Time: 5:13:36 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.08
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331881
Time Elapsed: 10 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Mon Oct 27 13:11:15 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 27 13:18:33 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Mon Oct 27 17:26:47 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 27 17:31:43 2014

Return code: 0 (0x0)

Link to post
Share on other sites

Obviously we have not managed to find and remove all tentacles of the infection, run the following please:

 

Scan with Gmer rootkit scanner

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     
            Sections
            IAT/EAT
            Show All ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

 

Let me see those logs, at least you are secure as Malwarebytes does its job and continues to block...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.