Jump to content

Blocked potentially malacious website


Recommended Posts

I keep getting a pop-up from Malwarebytes saying it blocked a potentially malicious website and my computer will not let me download anything. It gives me a pop-up saying, "Your current security settings do not allow this file to be downloaded." Any idea on how to allow my computer to download so I can fix the problem?

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

For your downloads:

Under Tools - Internet Options - Security - Custom Level - Downloads - File Downloads - Enable

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Attached is the log. I now have three quarantined items:

PUP.Optional.OpenCandy.A

Trojan.Agent.ED

Trojan.Agent.ED

 

The Malicious Website Blocked is fff5ee.com mostly among others including a Trojan. But, I was finally able to complete the first step and will continue with the process listed as best I can.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01

Ran by TJ (administrator) on TJ-PC on 31-10-2014 22:19:09

Running from C:\Users\TJ\Downloads

Loaded Profile: TJ (Available profiles: TJ)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

( ) C:\Windows\System32\dleacoms.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Dropbox, Inc.) C:\Users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe

(ArcSoft, Inc.) C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

() C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe

() C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)

HKLM\...\Run: [stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()

HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [80448 2010-12-15] (ArcSoft, Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [ddc145] => C:\ddc1455\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [ddc1455] => C:\Users\TJ\AppData\Roaming\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [GoogleUpdate] => C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [20678328 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\RunOnce: [*dc145] => C:\ddc1455\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\RunOnce: [*dc1455] => C:\Users\TJ\AppData\Roaming\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddc1455.exe ()

Startup: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://nas1.sdstate.edu/auth/taweb.cab

DPF: HKLM-x32 {68943392-997F-42F0-A0E1-10D677DB3F03} http://wirelesssetup.sdstate.edu/tools/xc_loader_activex.ocx

DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

DPF: HKLM-x32 {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab

DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default

FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll No File

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Yahoo! Toolbar - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-03-25]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

 

Chrome: 

=======

CHR Profile: C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]

CHR Extension: (Google Drive) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (YouTube) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]

CHR Extension: (McAfee Security Scan+) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-23]

CHR Extension: (Google Search) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]

CHR Extension: (Google Wallet) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]

CHR Extension: (Gmail) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-03-08] (Dell Products, LP.) [File not signed]

R2 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]

R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [345600 2010-01-14] (Pharos Systems International) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)

R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)

R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2009-09-02] (Jungo)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-31 22:19 - 2014-10-31 22:19 - 00022168 _____ () C:\Users\TJ\Downloads\FRST.txt

2014-10-31 22:18 - 2014-10-31 22:19 - 00000000 ____D () C:\FRST

2014-10-31 22:12 - 2014-10-31 22:18 - 02113536 _____ (Farbar) C:\Users\TJ\Downloads\FRST64.exe

2014-10-31 22:03 - 2014-10-31 22:03 - 00001064 _____ () C:\Users\TJ\Desktop\Oct3114 scan.txt

2014-10-31 22:02 - 2014-10-31 22:02 - 00000160 ____H () C:\ProgramData\@system3.att

2014-10-31 22:01 - 2014-10-31 22:05 - 00121856 _____ () C:\Users\TJ\AppData\Roaming\ddc1455.exe

2014-10-31 22:01 - 2014-10-31 22:02 - 00000424 _____ () C:\ProgramData\@system.temp

2014-10-31 22:01 - 2014-10-31 22:01 - 00000448 ____H () C:\Users\TJ\AppData\Roaming\麽鎒駓覜

2014-10-31 22:01 - 2014-10-31 22:01 - 00000000 ___HD () C:\ddc1455

2014-10-31 22:01 - 2014-10-31 22:01 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\FrameworkUpdate7

2014-10-31 22:00 - 2014-10-31 22:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-31 21:05 - 2014-10-31 21:19 - 02077392 _____ (Microsoft Corporation) C:\Users\TJ\Downloads\IE11-Windows6.1 (1).exe

2014-10-31 20:42 - 2014-10-31 20:42 - 00000000 ___RD () C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-10-31 20:36 - 2014-10-31 20:37 - 02077392 _____ (Microsoft Corporation) C:\Users\TJ\Downloads\IE11-Windows6.1.exe

2014-10-31 19:21 - 2014-10-31 19:23 - 00000000 ____D () C:\Program Files\stinger

2014-10-31 17:58 - 2014-10-31 18:25 - 00000000 ____D () C:\ComboFix

2014-10-31 17:58 - 2014-10-31 17:58 - 00000000 ____D () C:\windows\erdnt

2014-10-31 17:58 - 2014-10-31 17:58 - 00000000 ____D () C:\Qoobox

2014-10-31 17:58 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe

2014-10-31 17:58 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe

2014-10-31 17:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-10-31 17:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-10-31 17:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-10-31 17:58 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe

2014-10-31 17:58 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe

2014-10-31 17:58 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe

2014-10-31 16:55 - 2014-10-31 21:10 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-31 16:54 - 2014-10-31 17:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-31 16:54 - 2014-10-31 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-31 16:54 - 2014-10-31 17:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-31 16:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-10-31 16:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-10-31 16:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-10-30 20:02 - 2014-10-30 20:34 - 00022131 _____ () C:\Users\TJ\quartus2.qreg

2014-10-30 20:02 - 2014-10-30 20:02 - 00050456 _____ () C:\Users\TJ\qms-bmh3.bmp

2014-10-30 20:02 - 2014-10-30 20:02 - 00050456 _____ () C:\Users\TJ\qms-bmh2.bmp

2014-10-30 20:02 - 2014-10-30 20:02 - 00050456 _____ () C:\Users\TJ\qms-bmh1.bmp

2014-10-30 20:02 - 2014-10-30 20:02 - 00008255 _____ () C:\Users\TJ\quartus_web_rules_file.txt

2014-10-30 15:54 - 2014-10-30 15:54 - 00000000 ____D () C:\Program Files\McAfee.com

2014-10-30 15:54 - 2014-10-30 15:54 - 00000000 ____D () C:\Program Files\McAfee

2014-10-30 15:48 - 2014-10-31 19:45 - 00000000 ____D () C:\ProgramData\McAfee

2014-10-30 15:48 - 2014-10-31 19:20 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-10-30 15:08 - 2014-10-30 15:08 - 00000000 ____D () C:\Users\TJ\AppData\Local\Citrix

2014-10-30 15:08 - 2014-10-30 15:08 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-10-30 15:01 - 2014-10-30 15:01 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\McAfee

2014-10-30 15:00 - 2014-10-31 20:34 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-10-30 14:43 - 2014-10-31 20:41 - 00001356 _____ () C:\windows\setupact.log

2014-10-30 14:43 - 2014-10-30 14:43 - 00000000 _____ () C:\windows\setuperr.log

2014-10-30 13:15 - 2014-10-30 13:15 - 00000000 ___RD () C:\Users\TJ\Desktop\MySyncUPFiles

2014-10-30 13:01 - 2014-10-30 13:01 - 00000000 ____D () C:\Users\TJ\Documents\Blio

2014-10-23 10:56 - 2013-07-29 16:22 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll

2014-10-23 10:56 - 2013-07-29 16:22 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll

2014-10-23 10:55 - 2014-10-23 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-23 10:54 - 2014-10-23 10:54 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-23 10:53 - 2014-10-23 10:54 - 00638888 _____ (Oracle Corporation) C:\Users\TJ\Downloads\chromeinstall-8u25.exe

2014-10-19 15:44 - 2014-10-31 20:43 - 00000000 ___RD () C:\Users\TJ\Dropbox

2014-10-19 15:44 - 2014-10-19 15:44 - 00001037 _____ () C:\Users\TJ\Desktop\Dropbox.lnk

2014-10-19 15:44 - 2014-10-19 15:44 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-10-19 15:39 - 2014-10-31 20:43 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\Dropbox

2014-10-16 08:59 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-10-16 08:59 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-10-16 08:59 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-10-16 08:59 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-10-16 08:59 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-10-16 08:59 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-10-16 08:59 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-10-16 08:59 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-10-16 08:59 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-10-16 08:59 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-10-16 08:59 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-10-16 08:59 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-10-16 08:59 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-10-16 08:59 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-10-16 08:59 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 08:59 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-10-16 08:59 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-10-16 08:59 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-10-16 08:59 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-10-16 08:59 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-10-16 08:59 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-10-16 08:59 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 08:59 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-10-16 08:59 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-10-16 08:59 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll

2014-10-16 08:59 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll

2014-10-16 08:58 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-10-16 08:58 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-10-16 08:58 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-10-16 08:58 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-10-16 08:58 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-10-16 08:58 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-10-16 08:58 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-10-16 08:58 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-10-16 08:58 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-10-16 08:58 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-10-16 08:58 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-10-16 08:58 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-10-16 08:58 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-10-16 08:58 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-10-16 08:58 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-10-16 08:58 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-10-16 08:58 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-10-16 08:58 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-10-16 08:58 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-10-16 08:58 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-10-16 08:58 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-10-16 08:58 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-10-16 08:58 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-10-16 08:58 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-10-16 08:58 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-10-16 08:58 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-10-16 08:58 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-10-16 08:58 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-10-16 08:58 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-10-16 08:58 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-10-16 08:58 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-10-16 08:58 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-10-16 08:58 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-10-16 08:58 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-10-16 08:58 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-10-16 08:57 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2014-10-16 08:57 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2014-10-16 08:57 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2014-10-16 08:57 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2014-10-16 08:56 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2014-10-16 08:56 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-10-16 08:56 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-10-16 08:56 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-10-16 08:56 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-10-16 08:56 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll

2014-10-16 08:56 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2014-10-16 08:56 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2014-10-16 08:56 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll

2014-10-16 08:56 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-10-16 08:56 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-10-16 08:56 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys

2014-10-16 08:56 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

2014-10-15 20:01 - 2014-10-15 20:01 - 00517632 _____ () C:\Users\TJ\Desktop\Arbiter circuit HW #10.ppt

2014-10-01 06:31 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2014-10-01 06:31 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-31 22:14 - 2012-05-18 23:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-10-31 22:03 - 2012-05-18 23:16 - 01126224 _____ () C:\windows\WindowsUpdate.log

2014-10-31 21:29 - 2013-10-09 16:33 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-31 20:51 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-31 20:51 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-31 20:43 - 2012-05-19 00:06 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-10-31 20:43 - 2012-05-19 00:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-10-31 20:43 - 2012-05-18 23:54 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-10-31 20:42 - 2013-10-09 16:33 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-31 20:42 - 2013-01-04 09:49 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\Skype

2014-10-31 20:41 - 2010-11-20 22:47 - 00307198 _____ () C:\windows\PFRO.log

2014-10-31 20:41 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-10-31 20:37 - 2013-11-25 22:59 - 00009110 _____ () C:\windows\IE11_main.log

2014-10-31 18:40 - 2012-11-27 09:34 - 00003902 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{7DAD08A4-1801-4503-BC4E-47A15897788F}

2014-10-31 18:22 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini

2014-10-31 18:15 - 2012-08-04 00:57 - 00000000 ____D () C:\Users\TJ

2014-10-31 17:50 - 2012-05-18 23:40 - 00000000 ____D () C:\ProgramData\Sonic

2014-10-31 17:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2014-10-31 16:54 - 2012-08-07 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-31 16:23 - 2009-07-14 00:13 - 00006704 _____ () C:\windows\system32\PerfStringBackup.INI

2014-10-30 15:26 - 2012-08-31 07:23 - 00000000 ____D () C:\Users\TJ\AppData\Local\Deployment

2014-10-30 14:40 - 2012-08-26 14:26 - 00000000 ____D () C:\Users\TJ\AppData\Local\CrashDumps

2014-10-30 12:48 - 2012-08-27 07:12 - 00000000 ____D () C:\windows\Minidump

2014-10-30 12:34 - 2012-05-18 23:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-10-30 12:28 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-10-30 11:07 - 2013-05-27 19:45 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask

2014-10-28 06:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-10-26 12:58 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

2014-10-25 12:24 - 2013-10-09 16:33 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-25 12:24 - 2013-10-09 16:33 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-23 10:55 - 2013-07-29 16:22 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-10-23 10:55 - 2013-07-29 16:22 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-10-23 10:55 - 2013-07-29 16:22 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-10-23 10:55 - 2013-07-29 16:22 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-23 10:54 - 2012-09-12 15:28 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-22 15:13 - 2013-01-09 20:25 - 00000000 ____D () C:\Users\TJ\Documents\Print for school

2014-10-19 17:01 - 2012-09-11 14:38 - 00000000 ____D () C:\Users\TJ\Documents\TJ

2014-10-19 16:59 - 2012-08-23 21:40 - 00040448 ___SH () C:\Users\TJ\Documents\Thumbs.db

2014-10-17 15:51 - 2009-07-13 23:45 - 00515096 _____ () C:\windows\system32\FNTCACHE.DAT

2014-10-17 12:26 - 2014-05-06 22:25 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-10-16 22:49 - 2013-08-14 22:18 - 00000000 ____D () C:\windows\system32\MRT

2014-10-16 22:49 - 2012-08-04 14:36 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-10-15 14:25 - 2014-09-16 06:44 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-15 14:25 - 2013-01-04 09:48 - 00000000 ____D () C:\ProgramData\Skype

2014-10-05 20:42 - 2013-01-10 13:57 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-10-02 19:21 - 2012-08-27 19:14 - 00005632 _____ () C:\Users\TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

Some content of TEMP:

====================

C:\Users\TJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-26 12:48

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01

Ran by TJ at 2014-10-31 22:20:22

Running from C:\Users\TJ\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft MediaImpression for Kodak (HKLM-x32\...\{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}) (Version: 2.0.24.1127 - ArcSoft)

Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)

Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)

AVRStudio4 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.18.684 - Atmel)

AVRStudio4 (x32 Version: 4.18.684 - Atmel) Hidden

Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)

Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )

Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )

Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco NAC Agent  (HKLM-x32\...\{0CB855E9-B05A-41C7-B743-C286A08433D0}) (Version: 4.9.2.8 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

CodeBlocks (HKCU\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team)

Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Digital Delivery (HKLM-x32\...\{2DB4F9EA-0851-4B64-9C0A-7084BDDFA392}) (Version: 2.0.1014.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)

Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)

Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)

inSSIDer (HKLM-x32\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Karnaugh Map Minimizer 0.4 (HKLM-x32\...\Karnaugh Map Minimizer) (Version: 0.4 - Robert Kovacevic)

KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)

Logger Pro 3.8.2 (HKLM-x32\...\InstallShield_{DD1C903B-C75E-446A-9C09-19EFE9D101DD}) (Version: 5.0 - Vernier Software & Technology)

LoggerPro3 (x32 Version: 5.0 - Vernier Software & Technology) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)

Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)

Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)

Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)

Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

OrCAD 16.6 Lite (HKCU\...\{12C79350-444D-48E0-B05C-1E610FF17F1A}) (Version: 16.60.000 - Cadence Design Systems)

Pearson LockDown Browser (HKLM-x32\...\{1F8BAD3E-1EE5-43ED-B5DB-F6311DA7666A}) (Version: 1.04.23 - Respondus, Inc.)

Pharos (HKLM-x32\...\Pharos) (Version:  - )

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)

Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

Quartus II Web Edition (Free) 13.0.0.156 (HKLM-x32\...\Quartus II Web Edition (Free) 13.0.0.156) (Version: 13.0 - Altera Corporation)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)

Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Sentinel Protection Installer 7.1.0 (HKLM\...\{4C1A3B65-E284-4F04-822F-3774E0CEEF67}) (Version: 7.1.0 - Safenet Inc,)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)

SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

TI-Nspire Student Software (HKLM-x32\...\{41B35F90-3A28-4166-AD05-F4C977D0D729}) (Version: 3.2.0.1219 - Texas Instruments Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )

Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

30-10-2014 02:45:10 Windows Update

30-10-2014 17:26:25 Removed Microsoft Games for Windows - LIVE Redistributable

30-10-2014 17:28:05 Removed Microsoft Games for Windows Marketplace

30-10-2014 17:32:45 Removed Quartus II

31-10-2014 12:07:53 Windows Update

31-10-2014 15:17:15 Windows Update

31-10-2014 23:34:35 Windows Update

01-11-2014 01:38:48 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2014-10-31 18:20 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {08DFE38A-81FC-4477-99CF-591B4950B51A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {0C20ACE6-61B9-4B97-A48C-7E3698CF3321} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)

Task: {0D5EB7B0-E5FE-4EAF-BF37-63ACAF8B352F} - System32\Tasks\{8EF16558-2A92-407d-825F-149D101CB9FE} => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)

Task: {26EF9C8D-9FAD-4C71-9E16-F6899B988065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {2C79EC90-F603-445C-96D0-450CD96B5BA8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2FCA7709-973C-4F5C-BDF7-85F018C29FB0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {6AF6FDD3-F355-46AA-AA62-D4FF3A6F89CB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)

Task: {B951AB7A-C733-4AC7-AAB3-5B03F899827B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {FF2769CE-9BBD-44EA-8BD3-6DA5B888B9BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-01-21 10:38 - 2009-11-04 10:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll

2013-01-10 13:58 - 2011-02-07 11:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2012-05-19 01:50 - 2011-03-25 20:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2011-06-29 08:52 - 2011-06-29 08:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

2012-05-18 23:54 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2014-10-31 22:01 - 2014-10-31 22:01 - 20678328 _____ () C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe

2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll

2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll

2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll

2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll

2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll

2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll

2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll

2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll

2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll

2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2014-10-31 20:43 - 2014-10-31 20:43 - 00043008 _____ () c:\users\tj\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll

2014-10-19 15:44 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\TJ\AppData\Roaming\Dropbox\bin\libcef.dll

2014-10-17 17:49 - 2014-10-17 17:49 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll

2012-05-18 23:24 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-10-28 14:16 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-28 14:16 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-28 14:16 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-28 14:16 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\TJ\AppData\Roaming\ddc1455.exe:1

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1512524933-1238641409-2082913963-500 - Administrator - Disabled)

Guest (S-1-5-21-1512524933-1238641409-2082913963-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1512524933-1238641409-2082913963-1002 - Limited - Enabled)

TJ (S-1-5-21-1512524933-1238641409-2082913963-1000 - Administrator - Enabled) => C:\Users\TJ

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/31/2014 10:01:03 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.

]

 

Error: (10/31/2014 10:01:03 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.

]

 

Error: (10/31/2014 08:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BtvStack.exe, version: 7.4.0.126, time stamp: 0x4f589170

Faulting module name: BtvStack.exe, version: 7.4.0.126, time stamp: 0x4f589170

Exception code: 0xc0000005

Fault offset: 0x000000000007da38

Faulting process id: 0x9e4

Faulting application start time: 0xBtvStack.exe0

Faulting application path: BtvStack.exe1

Faulting module path: BtvStack.exe2

Report Id: BtvStack.exe3

 

Error: (10/31/2014 08:44:29 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )

Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

 

Error: (10/31/2014 08:44:29 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )

Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

 

Error: (10/31/2014 08:43:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/31/2014 08:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BtvStack.exe, version: 7.4.0.126, time stamp: 0x4f589170

Faulting module name: BtvStack.exe, version: 7.4.0.126, time stamp: 0x4f589170

Exception code: 0xc0000005

Fault offset: 0x000000000007da38

Faulting process id: 0x11dc

Faulting application start time: 0xBtvStack.exe0

Faulting application path: BtvStack.exe1

Faulting module path: BtvStack.exe2

Report Id: BtvStack.exe3

 

Error: (10/31/2014 08:04:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/31/2014 08:04:10 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )

Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

 

Error: (10/31/2014 08:04:10 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )

Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

 

 

System errors:

=============

Error: (10/31/2014 10:01:03 PM) (Source: DCOM) (EventID: 10016) (User: TJ-PC)

Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}TJ-PCTJS-1-5-21-1512524933-1238641409-2082913963-1000LocalHost (Using LRPC)

 

Error: (10/31/2014 10:01:03 PM) (Source: DCOM) (EventID: 10016) (User: TJ-PC)

Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}TJ-PCTJS-1-5-21-1512524933-1238641409-2082913963-1000LocalHost (Using LRPC)

 

Error: (10/31/2014 08:58:34 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/31/2014 08:46:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (10/31/2014 08:42:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMService service failed to start due to the following error: 

%%1053

 

Error: (10/31/2014 08:42:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

 

Error: (10/31/2014 08:39:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 suites (KB2687499).

 

Error: (10/31/2014 08:39:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2007 suites (KB2767849).

 

Error: (10/31/2014 08:14:59 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/31/2014 08:05:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-31 18:12:54.046

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-31 18:12:53.998

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-31 16:48:56.328

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2014_4116.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:56.142

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2014_4116.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.966

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2014_4116.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.788

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.601

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.421

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.232

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2012_2125.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-31 16:48:55.117

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\TJ\Desktop\XEssentialsX\AV Removal\AVG Removal\avg_remover_stf_x86_2012_2125.exe because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-2350M CPU @ 2.30GHz

Percentage of memory in use: 57%

Total physical RAM: 6052.27 MB

Available physical RAM: 2547.01 MB

Total Pagefile: 12102.73 MB

Available Pagefile: 7816.71 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:362.39 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D42A6166)

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

=============================

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014

Ran by TJ at 2014-11-01 08:39:49 Run:1

Running from C:\Users\TJ\Downloads

Loaded Profile: TJ (Available profiles: TJ)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [ddc145] => C:\ddc1455\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [ddc1455] => C:\Users\TJ\AppData\Roaming\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\Run: [GoogleUpdate] => C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [20678328 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\RunOnce: [*dc145] => C:\ddc1455\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...\RunOnce: [*dc1455] => C:\Users\TJ\AppData\Roaming\ddc1455.exe [121856 2014-10-31] ()

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Startup: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddc1455.exe ()

2014-10-31 22:02 - 2014-10-31 22:02 - 00000160 ____H () C:\ProgramData\@system3.att

2014-10-31 22:01 - 2014-10-31 22:05 - 00121856 _____ () C:\Users\TJ\AppData\Roaming\ddc1455.exe

2014-10-31 22:01 - 2014-10-31 22:02 - 00000424 _____ () C:\ProgramData\@system.temp

2014-10-31 22:01 - 2014-10-31 22:01 - 00000448 ____H () C:\Users\TJ\AppData\Roaming\????

2014-10-31 22:01 - 2014-10-31 22:01 - 00000000 ___HD () C:\ddc1455

2014-10-31 22:01 - 2014-10-31 22:01 - 00000000 ____D () C:\Users\TJ\AppData\Roaming\FrameworkUpdate7

2014-10-31 22:00 - 2014-10-31 22:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

C:\Users\TJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll

CustomCLSID: HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe

c:\users\tj\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll

AlternateDataStreams: C:\Users\TJ\AppData\Roaming\ddc1455.exe:1

C:\ddc1455

*****************

 

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ddc145 => value deleted successfully.

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ddc1455 => value deleted successfully.

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate => value deleted successfully.

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*dc145 => Value not found.

HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*dc1455 => Value not found.

"HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.

"HKU\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.

C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddc1455.exe => Moved successfully.

C:\ProgramData\@system3.att => Moved successfully.

C:\Users\TJ\AppData\Roaming\ddc1455.exe => Moved successfully.

C:\ProgramData\@system.temp => Moved successfully.

 

"C:\Users\TJ\AppData\Roaming\????" directory move:

 

Could not move "C:\Users\TJ\AppData\Roaming\????" directory. => Scheduled to move on reboot.

 

C:\ddc1455 => Moved successfully.

 

"C:\Users\TJ\AppData\Roaming\FrameworkUpdate7" directory move:

 

Could not move "C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe" => Scheduled to move on reboot.

Could not move "C:\Users\TJ\AppData\Roaming\FrameworkUpdate7" directory. => Scheduled to move on reboot.

 

C:\ProgramData\Windows Genuine Advantage => Moved successfully.

"C:\Users\TJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll" => File/Directory not found.

"HKU\S-1-5-21-1512524933-1238641409-2082913963-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

Could not move "C:\Users\TJ\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe" => Scheduled to move on reboot.

"c:\users\tj\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppguv7l.dll" => File/Directory not found.

"C:\Users\TJ\AppData\Roaming\ddc1455.exe" => ":1" ADS not found.

"C:\ddc1455" => File/Directory not found.
Link to post
Share on other sites

ComboFix 14-10-29.01 - TJ 11/01/2014   8:54.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.3563 [GMT -5:00]

Running from: c:\users\TJ\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\programdata\PCDr\6426\AddOnDownloaded\8996ad0f-b495-44ab-a09b-997642f10f32.dll

c:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dll

c:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll

c:\users\TJ\AppData\Roaming\SearchProtect

c:\users\TJ\AppData\Roaming\SearchProtect\bin\rep.dat

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html

c:\users\TJ\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul

c:\users\TJ\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN

c:\users\TJ\GoToAssistDownloadHelper.exe

c:\windows\msdownld.tmp

c:\windows\RPSETUP.EXE.LOG

.

.

(((((((((((((((((((((((((   Files Created from 2014-10-01 to 2014-11-01  )))))))))))))))))))))))))))))))

.

.

2014-11-01 14:12 . 2014-11-01 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-11-01 03:18 . 2014-11-01 13:39 -------- d-----w- C:\FRST

2014-11-01 03:01 . 2014-11-01 03:01 -------- d-----w- c:\users\TJ\AppData\Roaming\FrameworkUpdate7

2014-11-01 00:21 . 2014-11-01 00:23 -------- d-----w- c:\program files\stinger

2014-10-31 21:55 . 2014-11-01 13:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-31 21:54 . 2014-10-31 22:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-31 21:54 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-31 21:54 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-31 21:54 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-31 12:22 . 2014-10-20 08:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8021F82-C432-4984-B6EC-4610F25A3DCB}\mpengine.dll

2014-10-30 20:54 . 2014-10-30 20:54 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2014-10-30 20:54 . 2014-10-30 20:54 -------- d-----w- c:\program files\McAfee

2014-10-30 20:48 . 2014-11-01 01:02 -------- d-----w- c:\program files\Common Files\McAfee

2014-10-30 20:48 . 2014-11-01 00:45 -------- d-----w- c:\programdata\McAfee

2014-10-30 20:36 . 2014-10-30 20:36 -------- d-s---w- c:\windows\SysWow64\Microsoft

2014-10-30 20:08 . 2014-10-30 20:08 -------- d-----w- c:\program files (x86)\Citrix

2014-10-30 20:08 . 2014-10-30 20:08 -------- d-----w- c:\users\TJ\AppData\Local\Citrix

2014-10-30 20:01 . 2014-10-30 20:01 -------- d-----w- c:\users\TJ\AppData\Roaming\McAfee

2014-10-30 20:00 . 2014-11-01 01:34 -------- d-----w- c:\program files (x86)\McAfee

2014-10-23 15:56 . 2013-07-29 21:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2014-10-23 15:56 . 2013-07-29 21:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2014-10-23 15:55 . 2014-10-23 15:55 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-10-23 15:54 . 2014-10-23 15:54 -------- d-----w- c:\programdata\Oracle

2014-10-19 20:44 . 2014-11-01 13:50 -------- d-----r- c:\users\TJ\Dropbox

2014-10-19 20:39 . 2014-11-01 13:32 -------- d-----w- c:\users\TJ\AppData\Roaming\Dropbox

2014-10-16 13:58 . 2014-09-19 01:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-10-16 13:57 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll

2014-10-16 13:57 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll

2014-10-16 13:57 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll

2014-10-16 13:57 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-28 11:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe

2014-10-23 15:55 . 2013-07-29 21:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-10-17 03:49 . 2012-08-04 19:36 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-09-25 02:08 . 2014-10-01 11:31 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-25 01:40 . 2014-10-01 11:31 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-24 11:14 . 2012-05-19 04:25 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-24 11:14 . 2012-05-19 04:25 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-09 22:11 . 2014-09-24 11:18 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-09 21:47 . 2014-09-24 11:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-08-23 02:07 . 2014-08-28 12:51 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 12:51 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22067296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-09-04 40336]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-12-03 610776]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

.

c:\users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-10-19 35487064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]

R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVERS\tinspusb.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys;c:\windows\SYSNATIVE\drivers\VSTwindrvr6.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-28 19:14 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 11:14]

.

2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09 21:33]

.

2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09 21:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10 164760 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*FRST"="c:\users\TJ\Downloads\FRST64.exe" [2014-11-01 2114048]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nas1.sdstate.edu/auth/taweb.cab

DPF: {68943392-997F-42F0-A0E1-10D677DB3F03} - hxxp://wirelesssetup.sdstate.edu/tools/xc_loader_activex.ocx

DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab

FF - ProfilePath - c:\users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]

"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-11-01  09:33:41

ComboFix-quarantined-files.txt  2014-11-01 14:33

.

Pre-Run: 387,233,566,720 bytes free

Post-Run: 386,807,111,680 bytes free

.

- - End Of File - - EE42941D18D5F5FE3A82BD62BAFBC956
Link to post
Share on other sites

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

# AdwCleaner v3.311 - Report created 01/11/2014 at 10:15:01

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : TJ - TJ-PC

# Running from : C:\Users\TJ\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Users\TJ\AppData\Local\Conduit

Folder Deleted : C:\Users\TJ\AppData\Local\emaze

Folder Deleted : C:\Users\TJ\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Deleted : C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default\Extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Deleted : C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17344

 

 

-\\ Mozilla Firefox v28.0 (en-US)

 

[ File : C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\fjdb50wy.default\prefs.js ]

 

 

-\\ Google Chrome v38.0.2125.111

 

[ File : C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3881 octets] - [01/11/2014 10:04:46]

AdwCleaner[s0].txt - [3692 octets] - [01/11/2014 10:15:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3752 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.5 (10.31.2014:1)

OS: Windows 7 Home Premium x64

Ran by TJ on Sat 11/01/2014 at 10:23:33.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\TJ\appdata\local\cre"

Successfully deleted: [Empty Folder] C:\Users\TJ\appdata\local\{08D1E0FD-E0D8-429B-9328-99A24A340CF1}

Successfully deleted: [Empty Folder] C:\Users\TJ\appdata\local\{25076E64-2579-43D2-BED4-3F6B6C6C9AD6}

Successfully deleted: [Empty Folder] C:\Users\TJ\appdata\local\{65B5FF7A-7809-453C-B2AF-611F08D62897}

 

 

 

~~~ FireFox

 

Successfully deleted: [Folder] C:\Users\TJ\AppData\Roaming\mozilla\firefox\profiles\fjdb50wy.default\extensions\staged

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 11/01/2014 at 10:30:06.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Completed Malwarebytes scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/1/2014
Scan Time: 10:47:03 AM
Logfile: Nov112 Scan.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.01.05
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TJ
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341367
Time Elapsed: 13 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Let me know how it is, MrC

Link to post
Share on other sites

Finally was able to complete step three of your initial response. Here was the report:

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TJ [Administrator]
Mode : Scan -- Date : 11/01/2014  11:45:19
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1512524933-1238641409-2082913963-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] fjdb50wy.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-75HXZT3 +++++
--- User ---
[MBR] 3ca4c542c8b387b9d587df5da6b2f316
[bSP] 994973b30bd1cf2c780eeeac2891f431 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 8 Update 25  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Reader 10.1.12 Adobe Reader out of Date!  

 Mozilla Firefox 28.0 Firefox out of Date!  

 Google Chrome 38.0.2125.104  

 Google Chrome 38.0.2125.111  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 6% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


=========================

JavaFX 2.1.1
Java 8 Update 25

Java version out of Date! <----your Java is correct


=======================

Adobe Flash Player 10 Flash Player out of Date!
Flash Player:

Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

======================

Adobe Reader 10.1.12 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

======================

Mozilla Firefox 28.0 Firefox out of Date! <----please check for an update if available.

======================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.