Jump to content

Nothing helping; please respond ASAP?

gabbybaus
 Share

Recommended Posts

gabbybaus

gabbybaus

Posted
Posted

I believe I have a Malware Infection but nothing is helping. I downloaded MBAM but it will not open, I downloaded chameleon and tried all 13 but each one comes back with a 

 

"Updating MBAM. . .

Response from update :

Failed to start the update

Killing known malicious processes, please wait. . .

 

Mbam-killer timeout set to 1800 seconds.

Mbam-killer is scanning - Please C to cancel. . .

Mbam-killer scan is complete.

Mbam-killer is exiting."

 

The first time I ran MBAM it said it deleted two programs and nothing helped. I ran that adwarekiller program as well and it got rid of some stuff (?) but that's not helped either. I'm unable to open anything except for skype that launches with the computer booting and chrome. None of my art programs (photoshop, etc) will come up. Please help me? ;____; Made an account here for assistance, I hope I've published in the right forum.

Link to post
Share on other sites
gabbybaus

gabbybaus

Posted
  • Author
Posted

ALSO:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 01
Ran by Gabby (administrator) on GABBY (11-10-2015 18:07:10)
Running from C:\Users\Gabby\Downloads
Loaded Profiles: Gabby (Available Profiles: Gabby)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ServiceManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Octoshape ApS) C:\Users\Gabby\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Dropbox, Inc.) C:\Users\Gabby\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(SafeKey) C:\Program Files (x86)\SafeKey\npmcafee.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\PhotoshopElementsEditor.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\PhotoshopElementsEditor.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898832 2012-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [sepang Olivetti ModemListener] => C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe [102400 2011-06-20] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe [1893728 2009-10-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [2900560 2015-10-09] (Valve Corporation)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Gabby\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [Dropbox Update] => C:\Users\Gabby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-03] (Dropbox, Inc.)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\Run: [GoogleChromeAutoLaunch_22F9A9E8CE833EB43FC483D87BFD9A2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\MountPoints2: {00f56f00-1a28-11e4-bf85-e0db55d25bfe} - "F:\Autorun.exe" 
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\MountPoints2: {5b5bd645-504a-11e2-be6b-806e6f6e6963} - "D:\Startup.exe" 
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\MountPoints2: {7a9f8fc3-ff6d-11e3-bf79-84a6c8b0f469} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\...\MountPoints2: {c7764108-32de-11e2-be65-806e6f6e6963} - "D:\Bamboo.exe" 
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [330240 2012-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gabby\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gabby\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-05-07]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gabby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-19]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7B2585DE-53A9-4611-9C50-2FAD8E880C00}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE0ACE53-99C8-40E4-B6D7-3994EE4930E7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3419403431-4015162629-2936840645-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3419403431-4015162629-2936840645-1001 -> DefaultScope {B172D53F-9768-426C-9051-E1F3AE1CF33E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20150507&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3419403431-4015162629-2936840645-1001 -> {B172D53F-9768-426C-9051-E1F3AE1CF33E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20150507&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-07] (McAfee)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-07] (McAfee)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-07] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-07] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-06-17] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3419403431-4015162629-2936840645-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Gabby\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3419403431-4015162629-2936840645-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gabby\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3419403431-4015162629-2936840645-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Gabby\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-05-23] (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-05-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://dell13.msn.com/
CHR Profile: C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-05-07]
CHR Extension: (Google Docs) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
CHR Extension: (Google Drive) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
CHR Extension: (YouTube) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
CHR Extension: (Google Search) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
CHR Extension: (SiteAdvisor) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-05-07]
CHR Extension: (Stylish) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (AdBlock) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Tumblr Savior) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-11-19]
CHR Extension: (Gmail) - C:\Users\Gabby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-05-07]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-23] (BioWare)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Olivetti Silverstone Modem Device Helper; C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ServiceManager.exe [49752 2011-06-20] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-08] (Wacom Technology, Corp.)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-11-10] (Echobit, LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [119680 2011-06-20] (Olivetti)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-09] (Intel Corporation)
S3 Olicard200net; C:\Windows\system32\DRIVERS\Olicard200Usbnet.sys [138240 2011-06-20] (Olivetti)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 wacommousefilter; \SystemRoot\System32\drivers\wacommousefilter.sys [X]
S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 18:07 - 2015-10-11 18:07 - 00034526 _____ C:\Users\Gabby\Downloads\FRST.txt
2015-10-11 18:07 - 2015-10-11 18:07 - 00000000 ____D C:\FRST
2015-10-11 18:06 - 2015-10-11 18:06 - 02195456 _____ (Farbar) C:\Users\Gabby\Downloads\FRST64.exe
2015-10-11 18:05 - 2015-10-11 18:05 - 01699328 _____ (Farbar) C:\Users\Gabby\Downloads\FRST.exe
2015-10-11 17:39 - 2015-10-11 17:39 - 01682432 _____ C:\Users\Gabby\Downloads\AdwCleaner.exe
2015-10-11 17:37 - 2015-10-11 17:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-11 17:37 - 2015-10-11 17:37 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-11 17:37 - 2015-10-11 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-11 17:37 - 2015-10-11 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-11 17:37 - 2015-10-11 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-11 17:37 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-11 17:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-11 17:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-11 17:36 - 2015-10-11 17:37 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gabby\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-10-11 17:31 - 2015-10-11 17:31 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Gabby\Downloads\mbam-clean-2.1.1.1001.exe
2015-10-10 01:05 - 2015-10-10 01:05 - 00000000 ____D C:\Windows\pss
2015-10-09 23:38 - 2015-10-09 23:38 - 06383209 _____ C:\Users\Gabby\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-09 23:22 - 2015-10-09 23:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gabby\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-10-09 23:21 - 2015-10-09 23:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gabby\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-04 12:47 - 2015-10-04 12:47 - 00000000 ____D C:\Users\Gabby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-25 19:57 - 2015-09-25 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-25 19:57 - 2015-09-25 19:57 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-23 16:39 - 2015-09-12 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-09-23 16:39 - 2015-09-12 15:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-09-23 16:39 - 2015-09-12 15:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2015-09-23 16:39 - 2015-09-12 15:29 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2015-09-23 16:39 - 2015-09-12 15:29 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2015-09-12 20:42 - 2015-09-12 20:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-12 20:42 - 2015-09-12 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 18:06 - 2013-01-23 00:35 - 00000000 ____D C:\Users\Gabby\AppData\Roaming\Skype
2015-10-11 18:04 - 2012-12-25 14:50 - 01762535 _____ C:\Windows\WindowsUpdate.log
2015-10-11 18:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-11 17:52 - 2014-06-29 16:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-11 17:51 - 2012-11-20 07:13 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-10-11 17:45 - 2014-12-08 17:59 - 00000000 ____D C:\Users\Gabby\Tracing
2015-10-11 17:45 - 2013-09-01 20:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-11 17:44 - 2013-04-21 04:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 17:42 - 2012-11-20 08:52 - 00184930 _____ C:\Windows\PFRO.log
2015-10-11 17:42 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-11 17:41 - 2014-03-09 18:24 - 00000000 ____D C:\AdwCleaner
2015-10-11 17:41 - 2012-07-26 07:26 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-10-11 17:25 - 2013-04-21 04:20 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-11 12:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-10-10 00:40 - 2012-12-25 14:50 - 00000000 ____D C:\Windows\softwaredistribution.bak
2015-10-05 20:31 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-04 12:47 - 2014-03-30 17:57 - 00000000 ____D C:\Users\Gabby\AppData\Roaming\Dropbox
2015-10-02 18:15 - 2015-05-07 20:51 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-10-01 14:55 - 2014-03-30 18:00 - 00000000 ___RD C:\Users\Gabby\Dropbox
2015-09-30 21:38 - 2013-04-21 22:16 - 00000157 _____ C:\Windows\SysWOW64\SystemPreferences.xml
2015-09-30 20:32 - 2013-04-27 17:13 - 00332800 ___SH C:\Users\Gabby\Downloads\Thumbs.db
2015-09-27 11:26 - 2013-04-21 04:21 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 19:57 - 2014-06-29 16:30 - 00001936 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-25 19:44 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-09-22 19:53 - 2014-06-29 16:30 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-18 17:20 - 2013-04-21 04:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 17:20 - 2013-04-21 04:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 23:07 - 2015-07-24 13:20 - 00811472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-17 23:07 - 2015-07-24 13:20 - 00177616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 13:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-09-13 12:58 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 20:42 - 2014-03-09 18:31 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-12 20:42 - 2013-01-23 00:35 - 00000000 ____D C:\ProgramData\Skype
2015-09-12 20:42 - 2012-07-26 09:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 20:35 - 2015-03-20 12:50 - 00397856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 20:32 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-09-12 20:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-05-07 20:55 - 2015-05-07 20:55 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-12 05:59 - 2014-02-04 23:19 - 0000096 _____ () C:\Users\Gabby\AppData\Roaming\Camdata.ini
2013-07-12 05:59 - 2014-02-04 23:19 - 0000408 _____ () C:\Users\Gabby\AppData\Roaming\CamLayout.ini
2013-07-12 05:59 - 2014-02-04 23:19 - 0000408 _____ () C:\Users\Gabby\AppData\Roaming\CamShapes.ini
2013-07-12 05:59 - 2014-02-04 23:19 - 0004509 _____ () C:\Users\Gabby\AppData\Roaming\CamStudio.cfg
2014-02-04 23:28 - 2014-02-04 23:59 - 0005632 _____ () C:\Users\Gabby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-20 07:09 - 2012-11-20 07:10 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-20 07:06 - 2012-11-20 07:07 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-20 07:07 - 2012-11-20 07:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-20 07:06 - 2012-11-20 07:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-20 07:08 - 2012-11-20 07:09 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\Gabby\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcio9xa.dll
C:\Users\Gabby\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\Gabby\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Gabby\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Gabby\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Gabby\AppData\Local\Temp\Nexus Mod Manager-0.54.9.exe
C:\Users\Gabby\AppData\Local\Temp\NGMDll.dll
C:\Users\Gabby\AppData\Local\Temp\NGMResource.dll
C:\Users\Gabby\AppData\Local\Temp\Quarantine.exe
C:\Users\Gabby\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Gabby\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gabby\AppData\Local\Temp\sqlite3.dll
C:\Users\Gabby\AppData\Local\Temp\SRLDetectionLibrary7709030655386700302.dll
C:\Users\Gabby\AppData\Local\Temp\unicows.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 13:31
 
==================== End of FRST.txt ============================
Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept