Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot even in Safe Mode or last good configuation


  • This topic is locked This topic is locked
22 replies to this topic

#1 slessie

slessie

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 18 May 2013 - 05:09 PM

Hi, I'm stumped. I had been getting Blue Screen of Deaths but the ASUS laptop always seemed to able to boot up again after it cooled down.  Now I am unable to boot up, the Startup Repair can't fix it, Safe Mode doesn't work, and neither does Last Good Configuation, which worked last night.  Unfortunately, I do not have any system restore points, so I can't fix it that way.  The manufacturer has recovery discs but it involves wiping everything and going back to factory settings.  I really would like to avoid that. 
 
I did do a back up of documents, music, photos, and video a few weeks back, but I know it's outdated already.
 
Last night when I was able to get back in, I did use CCleaner, deleted what CCleaner said was leftover registry.  I also went into msconfig, disenabled starting up programs such as iTunes (which I had just installed) and DataManagr, which I recognized as spyware or some add-on that keeps on trying to browser hijack. 
 
I did run Farbar Recovery Tool and currently unable to pull up the log, as it is on an external drive this netbook is not recognizing at the moment
 
I only thing I am able to do is go through system recovery options and go to command prompt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
Ran by SYSTEM on 18-05-2013 17:36:58
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ISW]  [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll  [1530416 2013-02-18] (Koyote-Lab, inc)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-05] ()
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
S4 ZABackupWebM; C:\ZoneAlarmBackup\ZABackupWebM.exe [124432 2010-03-11] ( Pro-Softnet)
S4 ZoneAlarmBackup Service; C:\ZoneAlarmBackup\ZABackup Service.exe [149008 2010-03-11] (Pro Softnet Corporation)

==================== Drivers (Whitelisted) ====================

S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3718144 2012-10-25] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [26896 2012-05-10] (Synaptics Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-01-02] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 Afc; SysWOW64\drivers\Afc.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
S3 sbhips; system32\drivers\sbhips.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 tmlwf;
S3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-18 17:36 - 2013-05-18 17:36 - 00000000 ____D C:\FRST
2013-05-18 06:57 - 2013-05-18 07:18 - 00000112 ____A C:\Windows\setupact.log
2013-05-18 06:57 - 2013-05-18 06:57 - 00000804 ____A C:\Windows\PFRO.log
2013-05-18 06:57 - 2013-05-18 06:57 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 21:08 - 2013-05-17 21:04 - 28573696 ____A C:\Windows\System32\SYSTEM
2013-05-17 21:08 - 2013-05-17 21:04 - 00024576 ____A C:\Windows\System32\SECURITY
2013-05-17 21:08 - 2013-05-17 21:04 - 00024576 ____A C:\Windows\System32\SAM
2013-05-17 21:08 - 2013-05-17 21:03 - 80478208 ____A C:\Windows\System32\SOFTWARE
2013-05-17 21:08 - 2013-05-17 19:26 - 01310720 ____A C:\Windows\System32\DEFAULT
2013-05-17 21:08 - 2012-12-20 08:50 - 00262144 ____A C:\Windows\System32\ELAM
2013-05-17 21:08 - 2009-07-28 22:03 - 00028672 ____A C:\Windows\System32\BCD-Template
2013-05-17 21:07 - 2013-05-17 21:07 - 00000000 ____D C:\Windows\System32\config\backup
2013-05-17 17:59 - 2013-05-17 18:01 - 00015946 ____A C:\Users\cacaogundy\Documents\cc_20130517_215902.reg
2013-05-17 17:43 - 2013-05-17 17:56 - 04346816 ____A (Piriform Ltd) C:\Users\cacaogundy\Downloads\ccsetup401.exe
2013-05-15 10:58 - 2013-05-16 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-14 17:09 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 17:09 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 17:09 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-14 17:09 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 17:09 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-14 17:09 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 17:09 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 17:09 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-14 17:09 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 17:09 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 17:09 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 17:09 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-14 17:02 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 17:02 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 17:02 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 17:02 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 17:02 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 17:02 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 17:02 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 17:02 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 17:02 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 17:02 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 17:02 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 17:01 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 17:01 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 17:00 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 09:16 - 2013-05-14 09:33 - 14733263 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.wmv
2013-05-14 09:16 - 2013-05-14 09:31 - 04218288 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.pptx
2013-05-13 20:59 - 2013-05-14 12:45 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Apple Computer
2013-05-13 20:59 - 2013-05-13 20:59 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-13 20:59 - 2013-05-13 20:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Apple Computer
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files\iTunes
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files\iPod
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-13 20:57 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files\Bonjour
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-13 20:53 - 2013-05-13 20:54 - 90126672 ____A (Apple Inc.) C:\Users\cacaogundy\Downloads\iTunes64Setup.exe
2013-05-12 05:32 - 2013-05-12 05:32 - 00000000 ____D C:\Users\cacaogundy\Documents\Wizard101
2013-05-11 06:10 - 2013-05-11 06:10 - 00013908 ____A C:\Users\cacaogundy\Documents\cc_20130511_101008.reg
2013-05-06 09:02 - 2013-05-06 10:43 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Xfire
2013-05-04 05:16 - 2013-05-06 10:43 - 00000000 ____D C:\ProgramData\Xfire
2013-05-04 05:16 - 2013-05-06 10:42 - 00000000 ____D C:\Program Files (x86)\Xfire2
2013-05-04 05:16 - 2013-05-04 05:16 - 00000974 ____A C:\Users\Public\Desktop\Xfire.lnk
2013-05-04 05:13 - 2013-05-04 05:13 - 14927112 ____A (Xfire, Inc.                                                 ) C:\Users\cacaogundy\Downloads\xfire_setup.exe
2013-05-02 07:53 - 2013-05-02 07:53 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Unity
2013-05-01 08:18 - 2013-05-01 08:18 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Unity
2013-04-27 09:25 - 2013-04-27 09:40 - 00032123 ____A C:\Users\cacaogundy\Desktop\test.html
2013-04-27 09:25 - 2013-04-27 09:40 - 00001731 ____A C:\Users\cacaogundy\Desktop\test.tws
2013-04-26 06:39 - 2013-04-26 06:39 - 07407214 ____A C:\Users\cacaogundy\Downloads\twine-1.3.5-windows.exe
2013-04-26 06:39 - 2013-04-26 06:39 - 00000000 ____D C:\Program Files (x86)\Twine
2013-04-24 06:51 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-22 15:11 - 2013-04-22 15:11 - 00000000 ____D C:\ProgramData\PDF Architect

==================== One Month Modified Files and Folders =======

2013-05-18 17:36 - 2013-05-18 17:36 - 00000000 ____D C:\FRST
2013-05-18 07:18 - 2013-05-18 06:57 - 00000112 ____A C:\Windows\setupact.log
2013-05-18 06:57 - 2013-05-18 06:57 - 00000804 ____A C:\Windows\PFRO.log
2013-05-18 06:57 - 2013-05-18 06:57 - 00000000 ____A C:\Windows\setuperr.log
2013-05-18 06:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-18 00:21 - 2012-11-04 13:37 - 01386556 ____A C:\Windows\WindowsUpdate.log
2013-05-18 00:21 - 2010-08-24 08:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-18 00:15 - 2013-03-09 13:04 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163040377-2905967197-540148185-1000UA.job
2013-05-17 23:41 - 2012-07-28 08:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-17 21:07 - 2013-05-17 21:07 - 00000000 ____D C:\Windows\System32\config\backup
2013-05-17 21:04 - 2013-05-17 21:08 - 28573696 ____A C:\Windows\System32\SYSTEM
2013-05-17 21:04 - 2013-05-17 21:08 - 00024576 ____A C:\Windows\System32\SECURITY
2013-05-17 21:04 - 2013-05-17 21:08 - 00024576 ____A C:\Windows\System32\SAM
2013-05-17 21:03 - 2013-05-17 21:08 - 80478208 ____A C:\Windows\System32\SOFTWARE
2013-05-17 19:26 - 2013-05-17 21:08 - 01310720 ____A C:\Windows\System32\DEFAULT
2013-05-17 18:15 - 2013-03-09 13:04 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163040377-2905967197-540148185-1000Core.job
2013-05-17 18:01 - 2013-05-17 17:59 - 00015946 ____A C:\Users\cacaogundy\Documents\cc_20130517_215902.reg
2013-05-17 17:57 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2013-05-17 17:56 - 2013-05-17 17:43 - 04346816 ____A (Piriform Ltd) C:\Users\cacaogundy\Downloads\ccsetup401.exe
2013-05-17 17:56 - 2012-03-19 13:16 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 17:56 - 2012-03-19 13:16 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 17:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 17:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 17:31 - 2011-03-11 16:00 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Skype
2013-05-17 17:16 - 2013-04-03 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-17 17:13 - 2010-08-24 08:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-16 19:56 - 2012-05-07 07:03 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\vlc
2013-05-16 17:53 - 2012-09-15 20:29 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\dvdcss
2013-05-16 11:06 - 2012-05-03 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-16 06:22 - 2013-05-15 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 17:58 - 2011-04-22 19:35 - 00000000 ____D C:\Users\cacaogundy\Documents\Expenses
2013-05-15 07:23 - 2013-03-21 15:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-14 18:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-14 17:29 - 2009-07-13 20:45 - 05071872 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 17:15 - 2011-01-08 16:31 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 17:12 - 2009-07-13 21:13 - 00741704 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 17:11 - 2011-05-01 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-14 12:45 - 2013-05-13 20:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Apple Computer
2013-05-14 11:41 - 2012-03-29 10:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 11:41 - 2011-07-20 19:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 09:33 - 2013-05-14 09:16 - 14733263 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.wmv
2013-05-14 09:31 - 2013-05-14 09:16 - 04218288 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.pptx
2013-05-13 20:59 - 2013-05-13 20:59 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-13 20:59 - 2013-05-13 20:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Apple Computer
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files\iTunes
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files\iPod
2013-05-13 20:57 - 2013-05-13 20:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files\Bonjour
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-13 20:55 - 2013-05-13 20:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-13 20:55 - 2011-09-04 07:12 - 00000000 ____D C:\ProgramData\Apple
2013-05-13 20:54 - 2013-05-13 20:53 - 90126672 ____A (Apple Inc.) C:\Users\cacaogundy\Downloads\iTunes64Setup.exe
2013-05-13 09:26 - 2012-07-09 06:40 - 00001048 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-05-13 09:26 - 2012-07-09 06:40 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-05-13 09:26 - 2012-03-16 07:47 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-12 06:42 - 2011-04-25 05:43 - 00000000 ____D C:\Users\cacaogundy\Documents\Unemployment
2013-05-12 05:32 - 2013-05-12 05:32 - 00000000 ____D C:\Users\cacaogundy\Documents\Wizard101
2013-05-11 06:10 - 2013-05-11 06:10 - 00013908 ____A C:\Users\cacaogundy\Documents\cc_20130511_101008.reg
2013-05-11 06:08 - 2011-05-05 23:57 - 00000000 ____D C:\Windows\Minidump
2013-05-09 22:22 - 2011-01-06 21:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Mozilla
2013-05-06 10:43 - 2013-05-06 09:02 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Xfire
2013-05-06 10:43 - 2013-05-04 05:16 - 00000000 ____D C:\ProgramData\Xfire
2013-05-06 10:42 - 2013-05-04 05:16 - 00000000 ____D C:\Program Files (x86)\Xfire2
2013-05-06 09:24 - 2012-07-19 18:37 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Microsoft Games
2013-05-04 06:00 - 2011-01-06 16:05 - 00122104 ____A C:\Users\cacaogundy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-04 05:16 - 2013-05-04 05:16 - 00000974 ____A C:\Users\Public\Desktop\Xfire.lnk
2013-05-04 05:13 - 2013-05-04 05:13 - 14927112 ____A (Xfire, Inc.                                                 ) C:\Users\cacaogundy\Downloads\xfire_setup.exe
2013-05-02 19:02 - 2011-10-24 18:38 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Dropbox
2013-05-02 19:01 - 2010-08-24 08:40 - 00002828 ____A C:\Windows\System32\AutoRunFilter.ini
2013-05-02 08:16 - 2012-04-14 06:29 - 00000000 ____D C:\Users\cacaogundy\Documents\Tax Forms
2013-05-02 07:53 - 2013-05-02 07:53 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Unity
2013-05-02 07:44 - 2011-10-24 18:39 - 00000000 ___RD C:\Users\cacaogundy\Dropbox
2013-05-01 23:08 - 2009-07-13 21:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-01 22:06 - 2011-01-18 17:15 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 08:18 - 2013-05-01 08:18 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Unity
2013-04-27 09:40 - 2013-04-27 09:25 - 00032123 ____A C:\Users\cacaogundy\Desktop\test.html
2013-04-27 09:40 - 2013-04-27 09:25 - 00001731 ____A C:\Users\cacaogundy\Desktop\test.tws
2013-04-26 06:39 - 2013-04-26 06:39 - 07407214 ____A C:\Users\cacaogundy\Downloads\twine-1.3.5-windows.exe
2013-04-26 06:39 - 2013-04-26 06:39 - 00000000 ____D C:\Program Files (x86)\Twine
2013-04-26 06:34 - 2013-02-10 08:09 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-04-23 19:01 - 2011-01-06 16:04 - 00000000 ____D C:\users\cacaogundy
2013-04-22 15:11 - 2013-04-22 15:11 - 00000000 ____D C:\ProgramData\PDF Architect
2013-04-19 15:21 - 2010-08-24 08:19 - 00000000 ____D C:\ProgramData\Adobe

Other Malware:
===========
C:\ProgramData\FullRemove.exe
C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-18 00:20:57
Restore point made on: 2013-05-18 00:21:19
Restore point made on: 2013-05-18 06:58:48
Restore point made on: 2013-05-18 06:59:48
Restore point made on: 2013-05-18 07:01:29

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4020.53 MB
Available physical RAM: 3400.8 MB
Total Pagefile: 4018.68 MB
Available Pagefile: 3385.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:9.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:328.98 GB) NTFS (Disk=0 Partition=3)
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1687.79 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)


Last Boot: 2013-05-03 20:21

==================== End Of Log ============================

Hello I have it running again right now, and am creating a restore point.  If you see something in the log report that should be fixed, let me know.


Edited by hamluis, 19 May 2013 - 09:36 AM.
Merged posts, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 22 May 2013 - 08:23 PM

Would you like me to check the log for you? How has the machine been running?
Posted Image
m0le is a proud member of UNITE

#3 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 23 May 2013 - 02:22 AM

Yes, please do, I would appreciate it.  However, I think some changes may have occured since that log.

 

The computer now boots up.  However, several programs were not working properly.  Among them was my McAfee VirusScan and its Firewall.  The McAfee technical support uninstalled Malwarebytes and rolled back IE to IE9 and may have reset some settings or registries.  I had to re-install Windows Media Player, but even this doesn't seem to be working for DVD playing.  I think I may have lost some drivers possibly.  SlimDrivers says I'm up to date, but when it tried to install new drivers, it said the computer didn't meet minimal requirements or that there was an imperfect built.



#4 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 23 May 2013 - 01:14 PM

Here is dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 1.6.0_35
Run by cacaogundy at 14:04:20 on 2013-05-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4021.1999 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DATAMNGR] C:\PROGRA~2\SETTIN~1\Datamngr\DATAMN~1.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{746988CA-6659-4571-8E97-7979C654C413} : DHCPNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{746988CA-6659-4571-8E97-7979C654C413}\25563747279636475646143636563737 : DHCPNameServer = 8.8.8.8 156.154.70.1
TCP: Interfaces\{746988CA-6659-4571-8E97-7979C654C413}\A4C496E6B6E474 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{746988CA-6659-4571-8E97-7979C654C413}\D416272796F64747 : DHCPNameServer = 8.8.8.8 8.8.4.4 12.127.16.68
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\datamngr.dll C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [ISW] <no file>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=441&q=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\cacaogundy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\cacaogundy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\cacaogundy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\cacaogundy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\cacaogundy\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 9a7ea11500000000000016f06d94aa4a
FF - user.js: extensions.BabylonToolbar_i.hardId - 9a7ea11500000000000016f06d94aa4a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15418
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:52:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111305
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26237268853437-1001&toolbarId=base&affiliateId=1603&Lan={dfltLng}&utid=9a7ea11500000000000016f06d94aa4a&q=
FF - user.js: extensions.zonealarm.id - 9a7ea11500000000000016f06d94aa4a
FF - user.js: extensions.zonealarm.instlDay - 15466
FF - user.js: extensions.zonealarm.vrsn - 1.5.23.8
FF - user.js: extensions.zonealarm.vrsni - 1.5.23.8
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.23.810:39:00
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1603
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26237268853437-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyKfxdV5p&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9a7ea11500000000000016f06d94aa4a
FF - user.js: extensions.incredibar_i.instlDay - 15558
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:49:56
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyKfxdV5p
FF - user.js: extensions.incredibar_i.upn2n - 92261886497203323
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 989
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-8-24 15928]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-5-29 157696]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-8-24 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-24 239616]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-8-24 14904]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-3-21 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-3-21 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-3-21 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-3-21 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-3-21 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-21 182752]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-24 2314240]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-24 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-3-21 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-1-18 128512]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-24 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-5 104048]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-3-21 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-3-21 515968]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-6-9 26896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;"C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" --> C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-28 44032]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-6-18 90112]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-6 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-3-21 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-3-21 106552]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-10-24 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S4 Ad-Aware Service;Ad-Aware Service;"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" --> C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [?]
S4 ZABackupWebM;ZoneAlarmBackup WebManager;C:\ZoneAlarmBackup\ZABackupWebM.exe [2012-3-19 124432]
S4 ZoneAlarmBackup Service;ZoneAlarmBackup Service;C:\ZoneAlarmBackup\ZABackup Service.exe [2012-3-19 149008]
.
=============== Created Last 30 ================
.
2013-05-23 16:18:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{055B607D-E247-4E71-A321-C04E33CA6F9E}\offreg.dll
2013-05-22 23:09:27 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E22DE25-089D-4586-A463-EA0283AA4DB7}\mpengine.dll
2013-05-22 17:09:12 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-22 17:09:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-21 22:13:46 -------- d-----w- C:\Users\cacaogundy\AppData\Local\Citrix
2013-05-21 15:09:55 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-21 01:00:21 5354 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2013-05-19 15:38:07 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{055B607D-E247-4E71-A321-C04E33CA6F9E}\mpengine.dll
2013-05-19 01:36:49 -------- d-----w- C:\FRST
2013-05-15 01:02:18 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 01:02:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 01:02:18 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 01:02:07 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 01:02:05 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 01:02:03 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 01:02:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 01:01:47 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 01:01:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 01:00:48 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-14 04:59:17 -------- d-----w- C:\Users\cacaogundy\AppData\Local\Apple Computer
2013-05-14 04:57:33 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-05-14 04:57:02 -------- d-----w- C:\Program Files\iPod
2013-05-14 04:57:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-14 04:57:01 -------- d-----w- C:\Program Files\iTunes
2013-05-14 04:57:01 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-14 04:55:04 -------- d-----w- C:\Program Files\Bonjour
2013-05-14 04:55:04 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-05-06 17:02:42 -------- d-----w- C:\Users\cacaogundy\AppData\Roaming\Xfire
2013-05-04 13:16:52 -------- d-----w- C:\Program Files (x86)\Common Files\Xfire
2013-05-04 13:16:47 -------- d-----w- C:\ProgramData\Xfire
2013-05-04 13:16:47 -------- d-----w- C:\Program Files (x86)\Xfire2
2013-05-02 15:53:57 -------- d-----w- C:\Users\cacaogundy\AppData\Roaming\Unity
2013-05-01 16:18:22 -------- d-----w- C:\Users\cacaogundy\AppData\Local\Unity
2013-04-26 14:39:30 -------- d-----w- C:\Program Files (x86)\Twine
2013-04-24 14:51:24 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-23 07:05:32 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-05-19 01:41:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 01:41:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-05 18:10:50 0 ----a-w- C:\Windows\SysWow64\shoC0DF.tmp
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 14:05:13.55 ===============
 

 

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 23 May 2013 - 06:13 PM

Okay, booting is a good start. FRST has a couple of interesting lines in it but I need a more up-to-date log. Please rerun FRST and post a new log for me.

Edited by m0le, 23 May 2013 - 06:14 PM.

Posted Image
m0le is a proud member of UNITE

#6 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 26 May 2013 - 02:31 PM

Okay, booting is a good start. FRST has a couple of interesting lines in it but I need a more up-to-date log. Please rerun FRST and post a new log for me.

 

Here is the new log.  It also had another text file called additional.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2013 01
Ran by cacaogundy (administrator) on 25-05-2013 21:40:50
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Koyote-Lab, inc) C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) F:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ISW]  [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SETTIN~1\Datamngr\DATAMN~1.EXE [1684016 2013-02-19] (Koyote-Lab, inc)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll  [1530416 2013-02-19] (Koyote-Lab, inc)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2441} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=100&systemid=441&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2441} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=100&systemid=441&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2441} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=100&systemid=441&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2441} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=100&systemid=441&q={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL (Koyote-Lab, inc)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL (Koyote-Lab, inc)
BHO-x32: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.251.129 167.206.251.130

FireFox:
========
FF ProfilePath: C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=441&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default\Extensions\copytosemagic@semagic.sourceforge.net
FF Extension: Echofon - C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default\Extensions\twitternotifier@naan.net
FF Extension: No Name - C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\cacaogundy\AppData\Roaming\Mozilla\Firefox\Profiles\nhy7e1ov.default\Extensions\{d618933b-9eb4-1c04-949d-0f9b1a39ebb9}.xpi

Chrome:
=======
CHR HomePage: hxxp://isearch.fantastigames.com/441
CHR RestoreOnStartup: "hxxp://isearch.fantastigames.com/441"
CHR DefaultSearchURL: (Web Search) - http://isearch.fantastigames.com/web?src=crb&gct=ds&appid=100&systemid=441&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Live\\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
S4 ZABackupWebM; C:\ZoneAlarmBackup\ZABackupWebM.exe [124432 2010-03-11] ( Pro-Softnet)
S4 ZoneAlarmBackup Service; C:\ZoneAlarmBackup\ZABackup Service.exe [149008 2010-03-11] (Pro Softnet Corporation)
S4 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [x]
S2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3718144 2012-10-25] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [26896 2012-05-10] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-05-23] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U3 mfeavfk01; No ImagePath
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
S3 sbhips; system32\drivers\sbhips.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-23 14:06 - 2013-05-23 14:07 - 00006214 ____A C:\Users\cacaogundy\Desktop\attachtxt.zip
2013-05-23 14:05 - 2013-05-23 14:05 - 00028348 ____A C:\Users\cacaogundy\Desktop\dds.txt
2013-05-23 14:05 - 2013-05-23 14:05 - 00024754 ____A C:\Users\cacaogundy\Desktop\attach.txt
2013-05-23 14:03 - 2013-05-23 14:03 - 00688992 ____R (Swearware) C:\Users\cacaogundy\Downloads\dds.com
2013-05-23 14:02 - 2013-05-23 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-23 03:25 - 2013-05-23 03:25 - 00347424 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\MicrosoftFixit.WinMediaPlayer.RNP.24292724639294005.4.1.Run.exe
2013-05-22 13:09 - 2013-05-05 17:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-22 13:09 - 2013-05-05 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-22 13:09 - 2013-05-05 15:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-22 13:09 - 2013-05-05 15:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-22 13:08 - 2013-04-04 21:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-22 13:08 - 2013-04-04 21:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-22 13:08 - 2013-04-04 21:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-22 13:08 - 2013-04-04 21:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-22 13:08 - 2013-04-04 20:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-22 13:08 - 2013-04-04 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-22 13:08 - 2013-04-04 20:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-22 13:08 - 2013-04-04 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-22 13:08 - 2013-04-04 20:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-22 13:08 - 2013-04-04 20:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-22 13:08 - 2013-04-04 20:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-22 13:08 - 2013-04-04 20:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-22 13:08 - 2013-04-04 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-22 13:08 - 2013-04-04 20:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-22 13:08 - 2013-04-04 18:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-22 13:08 - 2013-04-04 18:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-22 13:08 - 2013-04-04 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-22 13:08 - 2013-04-04 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-22 13:08 - 2013-04-04 18:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-22 13:08 - 2013-04-04 18:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-22 13:08 - 2013-04-04 17:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-22 13:08 - 2013-04-04 17:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-22 13:08 - 2013-04-04 17:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-22 13:08 - 2013-04-04 17:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-22 13:08 - 2013-04-04 17:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-22 13:08 - 2013-04-04 17:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-22 13:08 - 2013-04-04 17:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-22 13:08 - 2013-04-04 17:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 18:19 - 2013-05-21 18:19 - 00000000 ____D C:\Users\cacaogundy\Desktop\mcscriptfix
2013-05-21 18:18 - 2013-05-21 18:18 - 00000498 ____A C:\Users\cacaogundy\Desktop\mcscriptfix.zip
2013-05-21 18:13 - 2013-05-21 18:13 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Citrix
2013-05-21 17:48 - 2013-05-21 17:48 - 00009487 ____A C:\Users\cacaogundy\Desktop\MVTHealthCheck_Deviation.html
2013-05-21 17:01 - 2013-05-25 12:24 - 00004522 ____A C:\Windows\PFRO.log
2013-05-21 10:59 - 2013-05-25 21:32 - 00000930 ____A C:\Windows\setupact.log
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____A C:\Windows\setuperr.log
2013-05-20 21:00 - 2013-05-20 21:00 - 00005354 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-05-20 07:04 - 2013-05-20 07:04 - 00003288 ____N C:\bootsqm.dat
2013-05-19 14:56 - 2013-05-19 14:56 - 00000123 ____A C:\Users\cacaogundy\Desktop\Microsoft Fix it.url
2013-05-19 14:49 - 2013-05-19 14:49 - 00347424 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\MicrosoftFixit.WinMediaPlayer.RNP.24292420149362975.1.1.Run.exe
2013-05-19 11:54 - 2013-05-19 11:54 - 27926896 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\wmp11-windowsxp-x64-enu.exe
2013-05-19 11:34 - 2013-05-19 11:34 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-05-19 11:33 - 2013-05-19 12:07 - 01528184 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\GenuineCheck.exe
2013-05-19 00:39 - 2013-05-19 00:39 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-18 21:36 - 2013-05-18 21:36 - 00000000 ____D C:\FRST
2013-05-18 01:08 - 2013-05-18 01:04 - 28573696 ____A C:\Windows\System32\SYSTEM
2013-05-18 01:08 - 2013-05-18 01:04 - 00024576 ____A C:\Windows\System32\SECURITY
2013-05-18 01:08 - 2013-05-18 01:04 - 00024576 ____A C:\Windows\System32\SAM
2013-05-18 01:08 - 2013-05-18 01:03 - 80478208 ____A C:\Windows\System32\SOFTWARE
2013-05-18 01:08 - 2013-05-17 23:26 - 01310720 ____A C:\Windows\System32\DEFAULT
2013-05-18 01:08 - 2012-12-20 12:50 - 00262144 ____A C:\Windows\System32\ELAM
2013-05-18 01:08 - 2009-07-29 02:03 - 00028672 ____A C:\Windows\System32\BCD-Template
2013-05-18 01:07 - 2013-05-18 01:07 - 00000000 ____D C:\Windows\System32\config\backup
2013-05-17 21:59 - 2013-05-17 22:01 - 00015946 ____A C:\Users\cacaogundy\Documents\cc_20130517_215902.reg
2013-05-17 21:43 - 2013-05-17 21:56 - 04346816 ____A (Piriform Ltd) C:\Users\cacaogundy\Downloads\ccsetup401.exe
2013-05-17 21:22 - 2013-05-17 21:22 - 00001925 ____A C:\Users\cacaogundy\Desktop\McAfee SecurityCenter.lnk
2013-05-15 14:58 - 2013-05-16 10:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-14 21:02 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 21:02 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 21:02 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 21:02 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 21:02 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 21:02 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 21:02 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 21:02 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 21:02 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 21:02 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 21:02 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 21:01 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 21:01 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 21:00 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 13:16 - 2013-05-14 13:33 - 14733263 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.wmv
2013-05-14 13:16 - 2013-05-14 13:31 - 04218288 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.pptx
2013-05-14 00:59 - 2013-05-14 16:45 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Apple Computer
2013-05-14 00:59 - 2013-05-14 00:59 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-14 00:59 - 2013-05-14 00:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Apple Computer
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files\iTunes
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files\iPod
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-14 00:57 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files\Bonjour
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-14 00:53 - 2013-05-14 00:54 - 90126672 ____A (Apple Inc.) C:\Users\cacaogundy\Downloads\iTunes64Setup.exe
2013-05-12 09:32 - 2013-05-12 09:32 - 00000000 ____D C:\Users\cacaogundy\Documents\Wizard101
2013-05-11 10:10 - 2013-05-11 10:10 - 00013908 ____A C:\Users\cacaogundy\Documents\cc_20130511_101008.reg
2013-05-06 13:02 - 2013-05-06 14:43 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Xfire
2013-05-04 09:16 - 2013-05-06 14:43 - 00000000 ____D C:\ProgramData\Xfire
2013-05-04 09:16 - 2013-05-06 14:42 - 00000000 ____D C:\Program Files (x86)\Xfire2
2013-05-04 09:16 - 2013-05-04 09:16 - 00000974 ____A C:\Users\Public\Desktop\Xfire.lnk
2013-05-04 09:13 - 2013-05-04 09:13 - 14927112 ____A (Xfire, Inc.                                                 ) C:\Users\cacaogundy\Downloads\xfire_setup.exe
2013-05-02 11:53 - 2013-05-02 11:53 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Unity
2013-05-01 12:18 - 2013-05-01 12:18 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Unity
2013-04-27 13:25 - 2013-04-27 13:40 - 00032123 ____A C:\Users\cacaogundy\Desktop\test.html
2013-04-27 13:25 - 2013-04-27 13:40 - 00001731 ____A C:\Users\cacaogundy\Desktop\test.tws
2013-04-26 10:39 - 2013-04-26 10:39 - 07407214 ____A C:\Users\cacaogundy\Downloads\twine-1.3.5-windows.exe
2013-04-26 10:39 - 2013-04-26 10:39 - 00000000 ____D C:\Program Files (x86)\Twine

==================== One Month Modified Files and Folders =======

2013-05-25 21:41 - 2012-07-28 12:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-25 21:39 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-25 21:39 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-25 21:36 - 2012-11-04 17:37 - 02011966 ____A C:\Windows\WindowsUpdate.log
2013-05-25 21:32 - 2013-05-21 10:59 - 00000930 ____A C:\Windows\setupact.log
2013-05-25 21:32 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-25 21:15 - 2013-03-09 17:04 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163040377-2905967197-540148185-1000UA.job
2013-05-25 13:59 - 2012-05-07 11:03 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\vlc
2013-05-25 12:24 - 2013-05-21 17:01 - 00004522 ____A C:\Windows\PFRO.log
2013-05-24 22:15 - 2013-03-09 17:04 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163040377-2905967197-540148185-1000Core.job
2013-05-24 12:44 - 2013-03-21 19:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-24 12:36 - 2012-05-04 02:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-23 14:07 - 2013-05-23 14:06 - 00006214 ____A C:\Users\cacaogundy\Desktop\attachtxt.zip
2013-05-23 14:05 - 2013-05-23 14:05 - 00028348 ____A C:\Users\cacaogundy\Desktop\dds.txt
2013-05-23 14:05 - 2013-05-23 14:05 - 00024754 ____A C:\Users\cacaogundy\Desktop\attach.txt
2013-05-23 14:03 - 2013-05-23 14:03 - 00688992 ____R (Swearware) C:\Users\cacaogundy\Downloads\dds.com
2013-05-23 14:02 - 2013-05-23 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-23 03:25 - 2013-05-23 03:25 - 00347424 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\MicrosoftFixit.WinMediaPlayer.RNP.24292724639294005.4.1.Run.exe
2013-05-23 03:05 - 2012-10-24 22:13 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-05-23 02:51 - 2012-10-24 22:10 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-05-23 02:51 - 2012-10-24 22:10 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-23 02:51 - 2012-10-24 22:09 - 00670016 ____A (SlimWare Utilities, Inc.) C:\Users\cacaogundy\Downloads\slimdrivers-setup.exe
2013-05-21 19:41 - 2011-03-11 20:00 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Skype
2013-05-21 19:01 - 2009-07-29 02:03 - 00000000 ____D C:\Windows\Panther
2013-05-21 18:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-21 18:24 - 2010-08-24 12:40 - 00001840 ____A C:\Windows\System32\ServiceFilter.ini
2013-05-21 18:19 - 2013-05-21 18:19 - 00000000 ____D C:\Users\cacaogundy\Desktop\mcscriptfix
2013-05-21 18:18 - 2013-05-21 18:18 - 00000498 ____A C:\Users\cacaogundy\Desktop\mcscriptfix.zip
2013-05-21 18:13 - 2013-05-21 18:13 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Citrix
2013-05-21 18:13 - 2013-02-04 13:01 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-05-21 17:48 - 2013-05-21 17:48 - 00009487 ____A C:\Users\cacaogundy\Desktop\MVTHealthCheck_Deviation.html
2013-05-21 16:48 - 2011-01-18 20:49 - 00000000 ____D C:\ProgramData\McAfee
2013-05-21 16:47 - 2012-10-09 02:55 - 00578640 ____A (McAfee, Inc.) C:\Users\cacaogundy\Downloads\MVTInstaller.exe
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____A C:\Windows\setuperr.log
2013-05-21 04:15 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-20 21:00 - 2013-05-20 21:00 - 00005354 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-05-20 10:51 - 2011-04-22 23:35 - 00000000 ____D C:\Users\cacaogundy\Documents\Expenses
2013-05-20 09:49 - 2011-01-06 20:04 - 00000000 ____D C:\users\cacaogundy
2013-05-20 07:04 - 2013-05-20 07:04 - 00003288 ____N C:\bootsqm.dat
2013-05-19 16:23 - 2012-07-09 10:40 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-05-19 14:56 - 2013-05-19 14:56 - 00000123 ____A C:\Users\cacaogundy\Desktop\Microsoft Fix it.url
2013-05-19 14:49 - 2013-05-19 14:49 - 00347424 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\MicrosoftFixit.WinMediaPlayer.RNP.24292420149362975.1.1.Run.exe
2013-05-19 13:54 - 2012-11-21 18:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-19 13:54 - 2011-03-11 20:00 - 00000000 ____D C:\ProgramData\Skype
2013-05-19 12:46 - 2011-04-25 09:43 - 00000000 ____D C:\Users\cacaogundy\Documents\Unemployment
2013-05-19 12:07 - 2013-05-19 11:33 - 01528184 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\GenuineCheck.exe
2013-05-19 11:54 - 2013-05-19 11:54 - 27926896 ____A (Microsoft Corporation) C:\Users\cacaogundy\Downloads\wmp11-windowsxp-x64-enu.exe
2013-05-19 11:37 - 2011-05-02 01:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-19 11:34 - 2013-05-19 11:34 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-05-19 10:23 - 2010-08-24 12:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-19 10:23 - 2010-08-24 12:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-19 00:39 - 2013-05-19 00:39 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-18 21:41 - 2012-03-29 14:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-18 21:41 - 2011-07-20 23:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-18 21:36 - 2013-05-18 21:36 - 00000000 ____D C:\FRST
2013-05-18 20:43 - 2011-01-06 20:05 - 00121136 ____A C:\Users\cacaogundy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-18 20:43 - 2009-07-14 00:45 - 05071760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 01:07 - 2013-05-18 01:07 - 00000000 ____D C:\Windows\System32\config\backup
2013-05-18 01:04 - 2013-05-18 01:08 - 28573696 ____A C:\Windows\System32\SYSTEM
2013-05-18 01:04 - 2013-05-18 01:08 - 00024576 ____A C:\Windows\System32\SECURITY
2013-05-18 01:04 - 2013-05-18 01:08 - 00024576 ____A C:\Windows\System32\SAM
2013-05-18 01:03 - 2013-05-18 01:08 - 80478208 ____A C:\Windows\System32\SOFTWARE
2013-05-17 23:26 - 2013-05-18 01:08 - 01310720 ____A C:\Windows\System32\DEFAULT
2013-05-17 22:01 - 2013-05-17 21:59 - 00015946 ____A C:\Users\cacaogundy\Documents\cc_20130517_215902.reg
2013-05-17 21:56 - 2013-05-17 21:43 - 04346816 ____A (Piriform Ltd) C:\Users\cacaogundy\Downloads\ccsetup401.exe
2013-05-17 21:56 - 2012-03-19 17:16 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 21:56 - 2012-03-19 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 21:22 - 2013-05-17 21:22 - 00001925 ____A C:\Users\cacaogundy\Desktop\McAfee SecurityCenter.lnk
2013-05-16 21:53 - 2012-09-16 00:29 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\dvdcss
2013-05-16 10:22 - 2013-05-15 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-14 22:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-14 21:15 - 2011-01-08 20:31 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 21:12 - 2009-07-14 01:13 - 00741704 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 16:45 - 2013-05-14 00:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Apple Computer
2013-05-14 13:33 - 2013-05-14 13:16 - 14733263 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.wmv
2013-05-14 13:31 - 2013-05-14 13:16 - 04218288 ____A C:\Users\cacaogundy\Documents\wizarena practice nights.pptx
2013-05-14 00:59 - 2013-05-14 00:59 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-14 00:59 - 2013-05-14 00:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Apple Computer
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files\iTunes
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files\iPod
2013-05-14 00:57 - 2013-05-14 00:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files\Bonjour
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-14 00:55 - 2011-09-04 11:12 - 00000000 ____D C:\ProgramData\Apple
2013-05-14 00:54 - 2013-05-14 00:53 - 90126672 ____A (Apple Inc.) C:\Users\cacaogundy\Downloads\iTunes64Setup.exe
2013-05-13 13:26 - 2012-07-09 10:40 - 00001048 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-05-13 13:26 - 2012-03-16 11:47 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-12 09:32 - 2013-05-12 09:32 - 00000000 ____D C:\Users\cacaogundy\Documents\Wizard101
2013-05-11 10:10 - 2013-05-11 10:10 - 00013908 ____A C:\Users\cacaogundy\Documents\cc_20130511_101008.reg
2013-05-11 10:08 - 2011-05-06 03:57 - 00000000 ____D C:\Windows\Minidump
2013-05-10 02:22 - 2011-01-07 01:59 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Mozilla
2013-05-06 14:43 - 2013-05-06 13:02 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Xfire
2013-05-06 14:43 - 2013-05-04 09:16 - 00000000 ____D C:\ProgramData\Xfire
2013-05-06 14:42 - 2013-05-04 09:16 - 00000000 ____D C:\Program Files (x86)\Xfire2
2013-05-06 13:24 - 2012-07-19 22:37 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Microsoft Games
2013-05-05 17:36 - 2013-05-22 13:09 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 17:16 - 2013-05-22 13:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 15:25 - 2013-05-22 13:09 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 15:12 - 2013-05-22 13:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-04 09:16 - 2013-05-04 09:16 - 00000974 ____A C:\Users\Public\Desktop\Xfire.lnk
2013-05-04 09:13 - 2013-05-04 09:13 - 14927112 ____A (Xfire, Inc.                                                 ) C:\Users\cacaogundy\Downloads\xfire_setup.exe
2013-05-02 23:02 - 2011-10-24 22:38 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Dropbox
2013-05-02 23:01 - 2010-08-24 12:40 - 00002828 ____A C:\Windows\System32\AutoRunFilter.ini
2013-05-02 12:16 - 2012-04-14 10:29 - 00000000 ____D C:\Users\cacaogundy\Documents\Tax Forms
2013-05-02 11:53 - 2013-05-02 11:53 - 00000000 ____D C:\Users\cacaogundy\AppData\Roaming\Unity
2013-05-02 11:44 - 2011-10-24 22:39 - 00000000 ___RD C:\Users\cacaogundy\Dropbox
2013-05-02 03:08 - 2009-07-14 01:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-02 02:06 - 2011-01-18 21:15 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:18 - 2013-05-01 12:18 - 00000000 ____D C:\Users\cacaogundy\AppData\Local\Unity
2013-04-27 13:40 - 2013-04-27 13:25 - 00032123 ____A C:\Users\cacaogundy\Desktop\test.html
2013-04-27 13:40 - 2013-04-27 13:25 - 00001731 ____A C:\Users\cacaogundy\Desktop\test.tws
2013-04-26 10:39 - 2013-04-26 10:39 - 07407214 ____A C:\Users\cacaogundy\Downloads\twine-1.3.5-windows.exe
2013-04-26 10:39 - 2013-04-26 10:39 - 00000000 ____D C:\Program Files (x86)\Twine
2013-04-26 10:34 - 2013-02-10 12:09 - 00000000 ____D C:\Program Files (x86)\Western Digital

Other Malware:
===========
C:\ProgramData\FullRemove.exe
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-25 21:23

==================== End Of Log ============================



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 26 May 2013 - 08:25 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
U3 mfeavfk01; No ImagePath
U3 tmlwf;
U3 tmwfp;
C:\ProgramData\FullRemove.exe
C:\ProgramData\ezsidmv.dat
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

 


Posted Image
m0le is a proud member of UNITE

#8 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 30 May 2013 - 02:41 PM

Ok I have done this, but since doing so, the computer informed me that the McAfee firewall had been turned off. I turned it back on, no problems there. MS IE no longer works and I am having trouble connecting to the Internet. Fix log has been saved but I am typing on an iPad so cannot post it until I go to an Internet cafe or elsewhere with a different laptop.

#9 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 30 May 2013 - 06:18 PM

The computer stopped being able to boot up again.  Start Up Repair fixed it by rolling back registry changes.  Once back in I created another system restore, ran CCleaner.

 

here is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2013 01
Ran by SYSTEM at 2013-05-29 19:06:20 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Error: The BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File entry should be fixed outside recovery mode.
Error: The BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File entry should be fixed outside recovery mode.
Error: The BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File entry should be fixed outside recovery mode.
Error: The Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File entry should be fixed outside recovery mode.
Error: The Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File entry should be fixed outside recovery mode.
Error: The Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File entry should be fixed outside recovery mode.
Error: The Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File entry should be fixed outside recovery mode.
Error: The Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File entry should be fixed outside recovery mode.
Error: The Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File entry should be fixed outside recovery mode.
Error: The Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File entry should be fixed outside recovery mode.
Error: The Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File entry should be fixed outside recovery mode.
Error: The Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File entry should be fixed outside recovery mode.
mfeavfk01 => Service deleted successfully.
U3 tmlwf; => Service not found.
U3 tmwfp; => Service not found.
C:\ProgramData\FullRemove.exe => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.

==== End of Fixlog ====



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 30 May 2013 - 08:11 PM

Running Startup Repair was very smart :)

Please now run ESET's online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 02 June 2013 - 07:08 PM

Are you still there?


Posted Image
m0le is a proud member of UNITE

#12 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 02 June 2013 - 07:22 PM

Are you still there?


Yes. Just having a lot of trouble booting up these days. It's always hanging.

#13 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 03 June 2013 - 06:06 PM

I scanned it with ESET Online Scanner.  My main problem now is booting up and shutting down.  It hangs while shutting down so that I always end up disconnecting it.  Then when I boot up again, I have to go through the Your Computer Shut Down Unexpectedly screen

 

C:\Users\All Users\YTD Video Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application 
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Settings Alerter\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Settings Alerter\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\ProgramData\YTD Video Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
C:\Users\cacaogundy\AppData\Local\Babylon\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\cacaogundy\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\PDFCreator-1_4_3_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\PDFCreator-1_6_1_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\Setup_FreeConverter.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\xfire_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\cacaogundy\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined
 

 



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 03 June 2013 - 06:58 PM

Can you boot the system in Safe Mode now?

 

If so please test the start up and shut down in Safe mode and let me know how it went


Posted Image
m0le is a proud member of UNITE

#15 slessie

slessie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 03 June 2013 - 11:53 PM

Can you boot the system in Safe Mode now?
 
If so please test the start up and shut down in Safe mode and let me know how it went


It is able to load in safe mode and shut down properly. In normal Window, it's getting frozen at times, especially during Shut Down.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users