Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.patched


  • This topic is locked This topic is locked
5 replies to this topic

#1 fjavier415

fjavier415

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 05 April 2014 - 02:02 PM

Hi:

 

My son's computer has the Trojan.patched.  He starts hearing some advertising or noised once the earplugs were connected.

 

I tried the Malware Root Kit and the Roguekiller but nothing.

 

I can still hear the noise or advertisement and I can still see the message from Malware.

 

Please let me know if you know how to resolve this.

 

Thanks

 

Mod Edit:  Moved from AII to MRL - Hamluis.


Edited by hamluis, 05 April 2014 - 03:35 PM.
moved from Introductions to the appropriate forum


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 PM

Posted 05 April 2014 - 03:02 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 fjavier415

fjavier415
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 April 2014 - 04:28 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Franco (administrator) on FRANCO-PC on 06-04-2014 17:16:57
Running from C:\Users\Franco\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Alienware, Inc.) C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7017032 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-04-19] (Alienware)
HKLM-x32\...\Run: [Alienware Survey] - c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2863377026-1535134988-316631230-1000\...\Run: [SkyDrive] - C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-04] (Microsoft Corporation)
HKU\S-1-5-21-2863377026-1535134988-316631230-1000\...\RunOnce: [Uninstall C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
HKU\S-1-5-21-2863377026-1535134988-316631230-1000\...\RunOnce: [Uninstall C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_3\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franco\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_3\amd64"
Startup: C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienwarearena.com/welcome-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-us
SearchScopes: HKLM - DefaultScope {8A7967BB-87A9-470F-81F7-E7837AC84136} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {8A7967BB-87A9-470F-81F7-E7837AC84136} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {8A7967BB-87A9-470F-81F7-E7837AC84136} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {8A7967BB-87A9-470F-81F7-E7837AC84136} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {8A7967BB-87A9-470F-81F7-E7837AC84136} URL =
SearchScopes: HKCU - {8A7967BB-87A9-470F-81F7-E7837AC84136} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (YouTube) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Search) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]

==================== Services (Whitelisted) =================

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14352 2013-04-19] (Alienware)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [83512 2012-11-20] (Micro-Star Int'l Co., Ltd.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-14] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2012-11-20] (MSI)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-06 17:16 - 2014-04-06 17:17 - 00016699 _____ () C:\Users\Franco\Downloads\FRST.txt
2014-04-06 17:16 - 2014-04-06 17:16 - 00000000 ____D () C:\FRST
2014-04-06 17:15 - 2014-04-06 17:15 - 02157056 _____ (Farbar) C:\Users\Franco\Downloads\FRST64.exe
2014-04-06 12:46 - 2014-04-06 12:46 - 14464394 _____ () C:\Users\Franco\Downloads\francais 2-3-AP -- le 2-3 avril 2014.pptx
2014-04-04 22:21 - 2014-04-04 22:21 - 00001791 _____ () C:\Users\Franco\Desktop\RKreport[0]_D_04042014_222108.txt
2014-04-04 22:17 - 2014-04-04 22:17 - 00001741 _____ () C:\Users\Franco\Desktop\RKreport[0]_S_04042014_221701.txt
2014-04-04 20:51 - 2014-04-04 20:51 - 00010511 _____ () C:\Users\Franco\Desktop\RKreport[0]_S_04042014_205133.txt
2014-04-04 20:35 - 2014-04-04 22:21 - 00000000 ____D () C:\Users\Franco\Desktop\RK_Quarantine
2014-04-04 20:35 - 2014-04-04 20:35 - 03972608 _____ () C:\Users\Franco\Downloads\RogueKiller.exe
2014-04-04 20:19 - 2014-04-04 20:19 - 00002030 _____ () C:\Users\Franco\Desktop\instructions.txt
2014-04-04 20:01 - 2014-04-04 21:50 - 00000000 ____D () C:\Users\Franco\Desktop\mbar
2014-04-04 20:01 - 2014-04-04 20:01 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Franco\Downloads\mbar-1.07.0.1009.exe
2014-04-04 19:55 - 2014-04-04 19:55 - 00001136 _____ () C:\Users\Franco\Documents - Shortcut.lnk
2014-04-04 19:00 - 2014-04-06 17:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 19:00 - 2014-04-04 19:38 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 18:59 - 2014-04-04 21:41 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 18:59 - 2014-04-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 18:59 - 2014-04-04 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 18:59 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 18:59 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-04 17:56 - 2014-04-06 17:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 17:56 - 2014-04-06 17:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 17:56 - 2014-04-04 19:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 17:56 - 2014-04-04 19:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-04 17:56 - 2014-04-04 17:56 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-04 17:55 - 2014-04-04 17:56 - 00000000 ____D () C:\Users\Franco\AppData\Local\Google
2014-04-04 17:55 - 2014-04-04 17:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-04 17:55 - 2014-04-04 17:55 - 00000000 ____D () C:\Users\Franco\AppData\Local\Deployment
2014-04-04 17:55 - 2014-04-04 17:55 - 00000000 ____D () C:\Users\Franco\AppData\Local\Apps\2.0
2014-04-03 19:46 - 2014-04-06 17:12 - 00000079 _____ () C:\Windows\system32\xizu.mmy
2014-04-03 19:10 - 2014-04-03 19:10 - 00000064 _____ () C:\Windows\system32\fsaig.hqd
2014-04-03 19:10 - 2014-04-03 19:10 - 00000000 _____ () C:\Windows\system32\nbrxqc.tov
2014-04-03 18:54 - 2014-04-03 18:54 - 00299344 ____S () C:\Windows\system32\devnzx.zcl
2014-03-28 10:40 - 2014-03-28 10:40 - 00000000 ____D () C:\Users\Franco\Documents\OneNote Notebooks
2014-03-25 22:14 - 2014-03-25 22:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files\iTunes
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files\iPod
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-18 19:52 - 2014-03-23 19:31 - 00102774 _____ () C:\Users\Franco\Desktop\Franco Photo.bmp
2014-03-18 19:50 - 2014-03-18 19:50 - 00110065 _____ () C:\Users\Franco\Downloads\Outlook.zip
2014-03-14 20:44 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 20:44 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 20:44 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 20:44 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 20:44 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 20:44 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 20:44 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 20:44 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 20:44 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 20:44 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 20:44 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 20:44 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 20:44 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 20:44 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 20:44 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 20:44 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 20:44 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 20:44 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 20:44 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 20:44 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 20:44 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 20:44 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 20:44 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 20:44 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 20:44 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 20:44 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 20:44 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 20:44 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 20:44 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 20:44 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 20:44 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 20:44 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 20:44 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 20:44 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 20:44 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 20:44 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 20:44 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 20:44 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 20:44 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 20:44 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 20:44 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 20:44 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 20:44 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 20:44 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 22:14 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 22:14 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:14 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:14 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-06 17:17 - 2014-04-06 17:16 - 00016699 _____ () C:\Users\Franco\Downloads\FRST.txt
2014-04-06 17:16 - 2014-04-06 17:16 - 00000000 ____D () C:\FRST
2014-04-06 17:15 - 2014-04-06 17:15 - 02157056 _____ (Farbar) C:\Users\Franco\Downloads\FRST64.exe
2014-04-06 17:12 - 2014-04-03 19:46 - 00000079 _____ () C:\Windows\system32\xizu.mmy
2014-04-06 17:10 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 17:10 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 17:06 - 2014-04-04 17:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 17:06 - 2013-09-28 04:57 - 01409581 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 17:05 - 2013-09-28 03:21 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-04-06 17:04 - 2014-04-04 19:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 17:03 - 2013-10-19 17:32 - 00004982 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Franco-PC-Franco Franco-PC
2014-04-06 17:03 - 2013-09-28 03:31 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-06 17:03 - 2013-09-28 03:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-06 17:02 - 2014-04-04 17:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 17:02 - 2013-10-17 18:56 - 00000000 ___RD () C:\Users\Franco\SkyDrive
2014-04-06 17:02 - 2013-09-28 04:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-06 17:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 17:02 - 2009-07-14 00:51 - 00061472 _____ () C:\Windows\setupact.log
2014-04-06 12:46 - 2014-04-06 12:46 - 14464394 _____ () C:\Users\Franco\Downloads\francais 2-3-AP -- le 2-3 avril 2014.pptx
2014-04-05 17:47 - 2011-02-10 12:10 - 00775728 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-05 17:47 - 2009-07-14 01:13 - 00775728 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:24 - 2013-10-10 19:16 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-04-05 14:42 - 2013-09-28 03:25 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-05 14:41 - 2010-11-20 23:47 - 00215978 _____ () C:\Windows\PFRO.log
2014-04-04 22:21 - 2014-04-04 22:21 - 00001791 _____ () C:\Users\Franco\Desktop\RKreport[0]_D_04042014_222108.txt
2014-04-04 22:21 - 2014-04-04 20:35 - 00000000 ____D () C:\Users\Franco\Desktop\RK_Quarantine
2014-04-04 22:17 - 2014-04-04 22:17 - 00001741 _____ () C:\Users\Franco\Desktop\RKreport[0]_S_04042014_221701.txt
2014-04-04 21:50 - 2014-04-04 20:01 - 00000000 ____D () C:\Users\Franco\Desktop\mbar
2014-04-04 21:41 - 2014-04-04 18:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 20:51 - 2014-04-04 20:51 - 00010511 _____ () C:\Users\Franco\Desktop\RKreport[0]_S_04042014_205133.txt
2014-04-04 20:35 - 2014-04-04 20:35 - 03972608 _____ () C:\Users\Franco\Downloads\RogueKiller.exe
2014-04-04 20:19 - 2014-04-04 20:19 - 00002030 _____ () C:\Users\Franco\Desktop\instructions.txt
2014-04-04 20:01 - 2014-04-04 20:01 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Franco\Downloads\mbar-1.07.0.1009.exe
2014-04-04 19:55 - 2014-04-04 19:55 - 00001136 _____ () C:\Users\Franco\Documents - Shortcut.lnk
2014-04-04 19:55 - 2013-10-10 19:13 - 00000000 ____D () C:\Users\Franco
2014-04-04 19:38 - 2014-04-04 19:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 19:38 - 2014-04-04 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 19:37 - 2014-02-19 21:44 - 00002182 _____ () C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-04 19:01 - 2014-04-04 17:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 19:01 - 2014-04-04 17:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-04 18:59 - 2014-04-04 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 18:22 - 2013-09-28 03:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-04-04 17:56 - 2014-04-04 17:56 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-04 17:56 - 2014-04-04 17:55 - 00000000 ____D () C:\Users\Franco\AppData\Local\Google
2014-04-04 17:56 - 2014-04-04 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-04 17:55 - 2014-04-04 17:55 - 00000000 ____D () C:\Users\Franco\AppData\Local\Deployment
2014-04-04 17:55 - 2014-04-04 17:55 - 00000000 ____D () C:\Users\Franco\AppData\Local\Apps\2.0
2014-04-03 19:10 - 2014-04-03 19:10 - 00000064 _____ () C:\Windows\system32\fsaig.hqd
2014-04-03 19:10 - 2014-04-03 19:10 - 00000000 _____ () C:\Windows\system32\nbrxqc.tov
2014-04-03 18:54 - 2014-04-03 18:54 - 00299344 ____S () C:\Windows\system32\devnzx.zcl
2014-04-03 18:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-28 10:40 - 2014-03-28 10:40 - 00000000 ____D () C:\Users\Franco\Documents\OneNote Notebooks
2014-03-28 10:40 - 2013-10-10 19:17 - 00000000 ___RD () C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 22:14 - 2014-03-25 22:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files\iTunes
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files\iPod
2014-03-25 22:14 - 2014-03-25 22:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-23 19:31 - 2014-03-18 19:52 - 00102774 _____ () C:\Users\Franco\Desktop\Franco Photo.bmp
2014-03-23 14:26 - 2013-09-28 03:22 - 00011596 _____ () C:\Windows\RPSETUP.EXE.LOG
2014-03-19 10:44 - 2014-02-08 11:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 10:44 - 2014-02-08 11:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-18 23:01 - 2013-10-18 22:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 23:01 - 2013-10-18 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:50 - 2014-03-18 19:50 - 00110065 _____ () C:\Users\Franco\Downloads\Outlook.zip
2014-03-17 13:16 - 2013-09-28 03:25 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-16 10:45 - 2009-07-14 00:45 - 00445920 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Franco\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Franco\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Franco\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_56a28ead-e7c4-4673-a72d-64f72775fe61_TX_PR_ (1).exe
C:\Users\Franco\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_56a28ead-e7c4-4673-a72d-64f72775fe61_TX_PR_.exe
C:\Users\Franco\AppData\Local\Temp\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
C:\Users\Franco\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Franco\AppData\Local\Temp\vsz7ulmj.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0513536 ____N (Microsoft Corporation) 286F71280E6075509C78CE53C2AF591F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-05 15:44

==================== End Of Log ============================

 

 

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Franco at 2014-04-06 17:27:03
Running from C:\Users\Franco\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0513536 ____N (Microsoft Corporation) 286F71280E6075509C78CE53C2AF591F

====== End Of Search ======

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 PM

Posted 07 April 2014 - 02:16 PM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 PM

Posted 11 April 2014 - 02:30 AM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 PM

Posted 18 April 2014 - 01:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users