Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run any AV programs - message "This program is blocked by group policy"


  • This topic is locked This topic is locked
16 replies to this topic

#1 adamtodd

adamtodd

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 April 2014 - 12:55 PM

Hi all,

 

Have got my mother in laws laptop, and none of her AV programmes appear to be running - neither do alot of her usual start-up programs. If I try and manually launch her AV program (McAffee), I get a message "This program is blocked by group policy. For more information contact your system administrator." for file mcagent.exe

 

I can't edit group policy, because this is Windows Vista Home, which doesn't have any Policy editors, so I can only assume that some malware made the change in the first place directly to the registry.

 

So I can't even run a scan - I don't seem to be able to turn Windows Defender on either. I don't know how long it's been like this, so I'm suspecting there are probably all sorts of malware on there. Would really appreciate any help you can give me.

 

DDS.txt follows :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19518
Run by Jen at 18:44:51 on 2014-04-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.788 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\MAHostService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\node.exe
C:\Windows\system32\lxbccoms.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\PROGRA~1\QUOTAT~2\bar\1.bin\45barsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
uURLSearchHooks: <No Name>: {cc2e2b99-14d3-4516-883c-9ea147f594ef} - c:\program files\zwinky_5q\bar\1.bin\5qSrcAs.dll
uURLSearchHooks: <No Name>: {6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} - c:\program files\quotationcafe_45\bar\1.bin\45SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {27488090-768a-4d20-a938-f223f71c344c} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Search Assistant BHO: {8561f2a1-d885-4852-8289-81ae4ad0ad99} - c:\program files\quotationcafe_45\bar\1.bin\45SrcAs.dll
BHO: Toolbar BHO: {8619595f-4eef-4164-b040-fb7436301a06} - c:\program files\quotationcafe_45\bar\1.bin\45bar.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Search Assistant BHO: {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - c:\program files\zwinky_5q\bar\1.bin\5qSrcAs.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: QuotationCafe: {99BCED2F-1DB3-4ECD-8E35-8906428A6CFE} - c:\program files\quotationcafe_45\bar\1.bin\45bar.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Zwinky: {3033124f-06bf-4829-873a-310a125b4d4c} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: QuotationCafe: {99bced2f-1db3-4ecd-8e35-8906428a6cfe} - c:\program files\quotationcafe_45\bar\1.bin\45bar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Epson Stylus SX510W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_SEB58.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [eeafvco] regsvr32.exe "c:\programdata\eeafvco.dat"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [Zwinky Search Scope Monitor] "c:\progra~1\zwinky~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
mRun: [Zwinky_5q Browser Plugin Loader] c:\progra~1\zwinky~2\bar\1.bin\5qbrmon.exe
mRun: [RegTask] c:\program files\regtask\RegTask.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuotationCafe EPM Support] "c:\progra~1\quotat~2\bar\1.bin\45medint.exe" T8EPMSUP.DLL,S
mRun: [QuotationCafe Home Page Guard 32 bit] "c:\progra~1\quotat~2\bar\1.bin\AppIntegrator.exe"
mRun: [QuotationCafe Search Scope Monitor] "c:\progra~1\quotat~2\bar\1.bin\45srchmn.exe" /m=2 /w /h
mRun: [QuotationCafe_45 Browser Plugin Loader] c:\progra~1\quotat~2\bar\1.bin\45brmon.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{1A728BD9-00DD-4129-A1F0-DC96B08E0632} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{1CB2F165-50B3-4719-9D68-0D7150CC6306} : DHCPNameServer = 192.168.1.254
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2009-3-8 4064]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-9-25 73728]
R2 BT Help Wizard;BT Help Wizard;c:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.0.7\ma\bin\MAHostService.exe [2014-3-13 321024]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-12-5 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-12-5 281560]
R2 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-11-4 236480]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-12-5 644088]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-12-5 169800]
R2 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 573840]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-12-5 175480]
R2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-11-4 214216]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-17 375608]
R2 QuotationCafe_45Service;QuotationCafeService;c:\progra~1\quotat~2\bar\1.bin\45barsvc.exe [2014-3-25 88648]
R2 Zwinky_5qService;ZwinkyService;c:\progra~1\zwinky~2\bar\1.bin\5qbarsvc.exe [2012-4-22 42528]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-11-4 61400]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-25 203264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-11-4 366248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-1-21 330248]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-25 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-25 277504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.15.91\symcpcculaunchsvc.exe /s --> c:\program files\norton pc checkup\engine\2.0.15.91\SymcPCCULaunchSvc.exe  [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.15.91\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.15.91\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.15.91\ccSvcHst.exe [?]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-1-22 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-11-4 66408]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-1-21 81264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-04-10 10:54:00 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-04-10 10:54:00 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2014-04-10 10:54:00 638120 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-04-08 20:09:17 228800 ----a-w- c:\programdata\eeafvco.dat
2014-03-25 15:36:11 -------- d-----w- c:\users\jen\appdata\local\QuotationCafe_45
2014-03-25 15:35:34 -------- d-----w- c:\program files\QuotationCafe_45
.
==================== Find3M  ====================
.
2014-03-12 12:43:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 12:43:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-23 10:53:03 916992 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 10:47:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-23 10:46:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 10:46:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-02-23 10:46:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-23 10:44:41 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-23 09:12:07 385024 ----a-w- c:\windows\system32\html.iec
2014-02-23 07:25:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-23 07:23:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37:54 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
2014-01-27 09:18:40 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-01-27 09:12:16 214216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-01-27 09:11:50 175480 ----a-w- c:\windows\system32\mfevtps.exe
2014-01-27 09:06:46 573840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-01-27 09:04:54 366248 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-01-27 09:04:10 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-01-27 09:03:26 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 09:02:18 134568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-01-21 03:49:38 10632 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-01-21 03:49:16 81264 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-01-21 03:48:54 330248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 18:48:07.42 ===============
 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 21 April 2014 - 12:02 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

Please download Malwarebytes Anti-Rootkit (MBAR) from here and save it to your desktop.
(Direct link to the file: http://downloads.malwarebytes.org/file/mbar)
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.
  • Click OK on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.
  • mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
  • After reading the Introduction, click 'Next' if you agree.
  • On the Update Database screen, click on the 'Update' button.
  • Once you see 'Success: Database was successfully updated' click on 'Next'.
  • Click the 'Scan' button.
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply.
These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 21 April 2014 - 05:56 PM

Hi CatByte,

 

Thanks so much for your help, much appreciated.

 

FRST.txt is pasted below, and the other three files are attached. Not sure if this is related, but I did struggle to download the files on this PC - for both downloads it stuck at 0% and wouldn;t move on. I ended up downloading them on a different PC, and copying them across.

 

Thanks

 

Adam

 

FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 02
Ran by Jen (administrator) on JENS-LAPTOP on 21-04-2014 23:17:10
Running from C:\Users\Jen\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
( ) C:\Windows\system32\lxbccoms.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(COMPANYVERS_NAME) C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe
(COMPANYVERS_NAME) C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Winamp\winampa.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(VER_COMPANY_NAME) C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
( ) C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE
(VER_COMPANY_NAME) C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [289576 2008-10-01] (Apple Inc.)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-03-09] ()
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-04-10] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2039096 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [Zwinky Search Scope Monitor] => C:\Program Files\Zwinky_5q\bar\1.bin\5qSrchMn.exe [42552 2012-04-22] (MindSpark)
HKLM\...\Run: [Zwinky_5q Browser Plugin Loader] => C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe [30096 2012-04-22] (VER_COMPANY_NAME)
HKLM\...\Run: [RegTask] => C:\Program Files\RegTask\RegTask.exe [11753096 2013-02-12] (Time Pioneer Limited)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-06-25] (IDT, Inc.)
HKLM\...\Run: [QuotationCafe EPM Support] => C:\Program Files\QuotationCafe_45\bar\1.bin\45medint.exe [12872 2014-03-25] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [QuotationCafe Home Page Guard 32 bit] => C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE [421448 2014-03-25] ( )
HKLM\...\Run: [QuotationCafe Search Scope Monitor] => C:\Program Files\QuotationCafe_45\bar\1.bin\45SrchMn.exe [55368 2014-03-25] (Mindspark)
HKLM\...\Run: [QuotationCafe_45 Browser Plugin Loader] => C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe [61512 2014-03-25] (VER_COMPANY_NAME)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-09] (Google Inc.)
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [Epson Stylus SX510W(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [eeafvco] => regsvr32.exe "C:\ProgramData\eeafvco.dat"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
URLSearchHook: HKCU - (No Name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} - C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (Mindspark)
SearchScopes: HKLM - {5941bc46-57ca-4649-8c07-aef5f99313f2} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9T^xdm004^YYA^gb&si=CL-xvaaBrr0CFcuWtAod_moAcA&ptb=FE0D69F1-75E4-42F8-99D0-0A54B9E15940&ind=2014032511&n=780bb27f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm349YYgb&ptnrS=ZJxdm349YYgb&si=CLzf9b6Eya8CFcESfAodxGWX7A&ptb=BB58CB85-91A2-466A-BCA3-28416E2B3824&ind=2012042214&n=77ed53e6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {5941bc46-57ca-4649-8c07-aef5f99313f2} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9T^xdm004^YYA^gb&si=CL-xvaaBrr0CFcuWtAod_moAcA&ptb=FE0D69F1-75E4-42F8-99D0-0A54B9E15940&ind=2014032511&n=780bb27f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm349YYgb&ptnrS=ZJxdm349YYgb&si=CLzf9b6Eya8CFcESfAodxGWX7A&ptb=BB58CB85-91A2-466A-BCA3-28416E2B3824&ind=2012042214&n=77ed53e6&psa=&st=sb&searchfor={searchTerms}
BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Toolbar BHO - {27488090-768a-4d20-a938-f223f71c344c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (MindSpark)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: Search Assistant BHO - {8561f2a1-d885-4852-8289-81ae4ad0ad99} - C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (Mindspark)
BHO: Toolbar BHO - {8619595f-4eef-4164-b040-fb7436301a06} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Search Assistant BHO - {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKLM - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (MindSpark)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - QuotationCafe - {99bced2f-1db3-4ecd-8e35-8906428a6cfe} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - QuotationCafe - {99BCED2F-1DB3-4ECD-8E35-8906428A6CFE} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @ei.RecipeHub_2j.com/Plugin - C:\Program Files\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll (Recipe Hub)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT - C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @QuotationCafe_45.com/Plugin - C:\Program Files\QuotationCafe_45\bar\1.bin\NP45Stub.dll (Mindspark)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @Zwinky_5q.com/Plugin - C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll (MindSpark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-04-10]
FF HKLM\...\Firefox\Extensions: [5qffxtbr@Zwinky_5q.com] - C:\Program Files\Zwinky_5q\bar\1.bin
FF Extension: Zwinky - C:\Program Files\Zwinky_5q\bar\1.bin [2012-04-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-05]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\10.0.648.205\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\10.0.648.205\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\10.0.648.205\gears.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-11]
CHR Extension: (McAfee SiteAdvisor) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-04-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-04-10]
CHR Extension: (Poppit) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-11]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-05]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-04-10]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [73728 2008-06-25] (Andrea Electronics Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-10-01] (Apple Inc.)
R2 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\MAHostService.exe [321024 2014-03-13] (Alcatel-Lucent)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 lxbc_device; C:\Windows\system32\lxbccoms.exe [537520 2007-03-16] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 QuotationCafe_45Service; C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe [88648 2014-03-25] (COMPANYVERS_NAME)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe [221273 2008-06-25] (IDT, Inc.)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 Zwinky_5qService; C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe [42528 2012-04-22] (COMPANYVERS_NAME)
S2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe /s [X]
S2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll" /prefetch:1
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]

==================== Drivers (Whitelisted) ====================

R1 ATMhelpr; C:\Windows\system32\Drivers\ATMhelpr.sys [4064 1997-06-17] (Adobe Systems Incorporated)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [214216 2014-01-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-07-28] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277504 2008-07-28] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-21 23:17 - 2014-04-21 23:19 - 00028241 _____ () C:\Users\Jen\Desktop\FRST.txt
2014-04-21 23:16 - 2014-04-21 23:17 - 00000000 ____D () C:\FRST
2014-04-21 23:15 - 2014-04-21 23:12 - 01048064 _____ (Farbar) C:\Users\Jen\Desktop\FRST.exe
2014-04-18 18:49 - 2014-04-18 18:51 - 00018897 _____ () C:\Users\Jen\Desktop\dds.txt
2014-04-18 18:49 - 2014-04-18 18:51 - 00007838 _____ () C:\Users\Jen\Desktop\attach.txt
2014-04-18 18:44 - 2014-04-18 18:44 - 00688992 ____R (Swearware) C:\Users\Jen\Desktop\dds.com
2014-04-18 17:33 - 2014-04-18 17:33 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 17:32 - 2014-04-18 17:33 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-10 11:54 - 2014-02-23 11:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 11:54 - 2014-02-23 11:48 - 06020096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 11:54 - 2014-02-23 11:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 11:54 - 2014-02-23 11:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 11:53 - 2014-02-23 11:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 11:53 - 2014-02-23 11:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 11:53 - 2014-02-23 11:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 11:53 - 2014-02-23 11:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-04-10 11:53 - 2014-02-23 11:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 11:53 - 2014-02-23 11:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 11:53 - 2014-02-23 11:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 11:53 - 2014-02-23 11:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 11:53 - 2014-02-23 11:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 11:53 - 2014-02-23 11:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 11:53 - 2014-02-23 11:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-04-10 11:53 - 2014-02-23 10:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 11:53 - 2014-02-23 08:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 11:53 - 2014-02-23 08:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 11:53 - 2014-02-23 08:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 11:53 - 2014-02-23 08:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 11:53 - 2014-02-06 02:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:09 - 2014-04-08 21:09 - 00228800 _____ (Microsoft Corporation) C:\ProgramData\eeafvco.dat
2014-03-27 12:51 - 2014-03-27 12:51 - 00000104 _____ () C:\Users\Jen\Desktop\Internet - Shortcut (7).lnk
2014-03-25 16:36 - 2014-03-25 16:36 - 00000000 ____D () C:\Users\Jen\AppData\Local\QuotationCafe_45
2014-03-25 16:35 - 2014-03-25 16:35 - 00000000 ____D () C:\Program Files\QuotationCafe_45

==================== One Month Modified Files and Folders =======

2014-04-21 23:19 - 2014-04-21 23:17 - 00028241 _____ () C:\Users\Jen\Desktop\FRST.txt
2014-04-21 23:17 - 2014-04-21 23:16 - 00000000 ____D () C:\FRST
2014-04-21 23:17 - 2006-11-02 11:33 - 00765736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 23:16 - 2008-10-26 16:45 - 00023552 _____ () C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-21 23:12 - 2014-04-21 23:15 - 01048064 _____ (Farbar) C:\Users\Jen\Desktop\FRST.exe
2014-04-21 23:11 - 2013-12-05 19:53 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-04-21 23:09 - 2008-09-25 13:34 - 01817415 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 23:00 - 2013-12-10 10:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef588ed29462b.job
2014-04-21 23:00 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 23:00 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 23:00 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 16:41 - 2006-11-02 14:01 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 16:35 - 2014-02-20 18:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2e60cc2db5da.job
2014-04-20 15:43 - 2012-04-22 12:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 09:09 - 2013-05-31 16:09 - 00000000 ____D () C:\Program Files\My Dell
2014-04-20 09:09 - 2010-12-18 14:17 - 00000000 ____D () C:\ProgramData\PCDr
2014-04-18 18:51 - 2014-04-18 18:49 - 00018897 _____ () C:\Users\Jen\Desktop\dds.txt
2014-04-18 18:51 - 2014-04-18 18:49 - 00007838 _____ () C:\Users\Jen\Desktop\attach.txt
2014-04-18 18:44 - 2014-04-18 18:44 - 00688992 ____R (Swearware) C:\Users\Jen\Desktop\dds.com
2014-04-18 17:33 - 2014-04-18 17:33 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 17:33 - 2014-04-18 17:32 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-18 11:03 - 2013-02-27 16:35 - 00000358 _____ () C:\Windows\Tasks\RegTask.job
2014-04-16 09:45 - 2008-10-25 21:38 - 00007052 _____ () C:\Users\Jen\AppData\Local\d3d9caps.dat
2014-04-15 22:27 - 2013-12-05 19:50 - 00000000 ____D () C:\Program Files\McAfee
2014-04-15 22:26 - 2008-01-21 03:47 - 00226116 _____ () C:\Windows\PFRO.log
2014-04-11 22:32 - 2012-01-21 12:42 - 00001889 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-04-10 12:38 - 2008-09-25 12:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 12:37 - 2013-08-14 15:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 12:35 - 2006-11-02 11:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 21:09 - 2014-04-08 21:09 - 00228800 _____ (Microsoft Corporation) C:\ProgramData\eeafvco.dat
2014-04-08 18:16 - 2012-09-17 18:48 - 00001135 _____ () C:\Users\Public\Desktop\BT Desktop Help.lnk
2014-04-07 18:08 - 2009-11-09 19:08 - 00000236 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-04-07 17:25 - 2008-11-06 13:08 - 00000000 ____D () C:\Users\Jen\Documents\home2008
2014-03-27 12:51 - 2014-03-27 12:51 - 00000104 _____ () C:\Users\Jen\Desktop\Internet - Shortcut (7).lnk
2014-03-25 16:36 - 2014-03-25 16:36 - 00000000 ____D () C:\Users\Jen\AppData\Local\QuotationCafe_45
2014-03-25 16:35 - 2014-03-25 16:35 - 00000000 ____D () C:\Program Files\QuotationCafe_45

Files to move or delete:
====================
C:\ProgramData\eeafvco.dat

Some content of TEMP:
====================
C:\Users\Jen\AppData\Local\Temp\lowproc.exe
C:\Users\Jen\AppData\Local\Temp\mcitinfo_1385922583.exe
C:\Users\Jen\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Jen\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-21 23:08

==================== End Of Log ============================



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 21 April 2014 - 06:27 PM

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   5.72KB   2 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 April 2014 - 02:47 AM

Hi CatByte,

 

Fixlog.txt is posted below.

 

Thanks,

 

Adam

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-04-2014 02
Ran by Jen at 2014-04-22 08:45:03 Run:1
Running from C:\Users\Jen\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
(VER_COMPANY_NAME) C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
( ) C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE
(VER_COMPANY_NAME) C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe
(COMPANYVERS_NAME) C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe
(COMPANYVERS_NAME) C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe
HKLM\...\Run: [Zwinky Search Scope Monitor] => C:\Program Files\Zwinky_5q\bar\1.bin\5qSrchMn.exe [42552 2012-04-22] (MindSpark)
HKLM\...\Run: [Zwinky_5q Browser Plugin Loader] => C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe [30096 2012-04-22] (VER_COMPANY_NAME)
HKLM\...\Run: [QuotationCafe EPM Support] => C:\Program Files\QuotationCafe_45\bar\1.bin\45medint.exe [12872 2014-03-25] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [QuotationCafe Home Page Guard 32 bit] => C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE [421448 2014-03-25] ( )
HKLM\...\Run: [QuotationCafe Search Scope Monitor] => C:\Program Files\QuotationCafe_45\bar\1.bin\45SrchMn.exe [55368 2014-03-25] (Mindspark)
HKLM\...\Run: [QuotationCafe_45 Browser Plugin Loader] => C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe [61512 2014-03-25] (VER_COMPANY_NAME)
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [eeafvco] => regsvr32.exe "C:\ProgramData\eeafvco.dat"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\...\Run: [eeafvco] => regsvr32.exe "C:\ProgramData\eeafvco.dat"
C:\ProgramData\eeafvco.dat
URLSearchHook: HKCU - (No Name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} - C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (Mindspark)
SearchScopes: HKLM - {5941bc46-57ca-4649-8c07-aef5f99313f2} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9T^xdm004^YYA^gb&si=CL-xvaaBrr0CFcuWtAod_moAcA&ptb=FE0D69F1-75E4-42F8-99D0-0A54B9E15940&ind=2014032511&n=780bb27f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm349YYgb&ptnrS=ZJxdm349YYgb&si=CLzf9b6Eya8CFcESfAodxGWX7A&ptb=BB58CB85-91A2-466A-BCA3-28416E2B3824&ind=2012042214&n=77ed53e6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {5941bc46-57ca-4649-8c07-aef5f99313f2} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9T^xdm004^YYA^gb&si=CL-xvaaBrr0CFcuWtAod_moAcA&ptb=FE0D69F1-75E4-42F8-99D0-0A54B9E15940&ind=2014032511&n=780bb27f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm349YYgb&ptnrS=ZJxdm349YYgb&si=CLzf9b6Eya8CFcESfAodxGWX7A&ptb=BB58CB85-91A2-466A-BCA3-28416E2B3824&ind=2012042214&n=77ed53e6&psa=&st=sb&searchfor={searchTerms}
BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
BHO: Toolbar BHO - {27488090-768a-4d20-a938-f223f71c344c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (MindSpark)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: Search Assistant BHO - {8561f2a1-d885-4852-8289-81ae4ad0ad99} - C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (Mindspark)
BHO: Toolbar BHO - {8619595f-4eef-4164-b040-fb7436301a06} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
BHO: Search Assistant BHO - {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
Toolbar: HKLM - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
Toolbar: HKLM - Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (MindSpark)
Toolbar: HKLM - QuotationCafe - {99bced2f-1db3-4ecd-8e35-8906428a6cfe} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
Toolbar: HKCU - QuotationCafe - {99BCED2F-1DB3-4ECD-8E35-8906428A6CFE} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (Mindspark)
FF Plugin: @QuotationCafe_45.com/Plugin - C:\Program Files\QuotationCafe_45\bar\1.bin\NP45Stub.dll (Mindspark)
FF Plugin: @Zwinky_5q.com/Plugin - C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll (MindSpark)
FF HKLM\...\Firefox\Extensions: [5qffxtbr@Zwinky_5q.com] - C:\Program Files\Zwinky_5q\bar\1.bin
FF Extension: Zwinky - C:\Program Files\Zwinky_5q\bar\1.bin [2012-04-22]
R2 QuotationCafe_45Service; C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe [88648 2014-03-25] (COMPANYVERS_NAME)
R2 Zwinky_5qService; C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe [42528 2012-04-22] (COMPANYVERS_NAME)
2014-03-25 16:36 - 2014-03-25 16:36 - 00000000 ____D () C:\Users\Jen\AppData\Local\QuotationCafe_45
2014-03-25 16:35 - 2014-03-25 16:35 - 00000000 ____D () C:\Program Files\QuotationCafe_45
C:\ProgramData\eeafvco.dat
C:\Users\Jen\AppData\Local\Temp\lowproc.exe
C:\Users\Jen\AppData\Local\Temp\mcitinfo_1385922583.exe
C:\Users\Jen\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Jen\AppData\Local\Temp\stubhelper.dll
end

 

 

 

 

*****************

[4052] C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe => Process closed successfully.
[2120] C:\Program Files\QuotationCafe_45\bar\1.bin\APPINTEGRATOR.EXE => Process closed successfully.
[2580] C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe => Process closed successfully.
[2612] C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe => Process closed successfully.
[3036] C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zwinky Search Scope Monitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zwinky_5q Browser Plugin Loader => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuotationCafe EPM Support => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuotationCafe Home Page Guard 32 bit => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuotationCafe Search Scope Monitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuotationCafe_45 Browser Plugin Loader => Value deleted successfully.
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eeafvco => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-499141650-1679984301-3075158298-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eeafvco => Value not found.
C:\ProgramData\eeafvco.dat => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc2e2b99-14d3-4516-883c-9ea147f594ef} => Value deleted successfully.
HKCR\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} => Value deleted successfully.
HKCR\CLSID\{6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5941bc46-57ca-4649-8c07-aef5f99313f2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5941bc46-57ca-4649-8c07-aef5f99313f2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5941bc46-57ca-4649-8c07-aef5f99313f2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5941bc46-57ca-4649-8c07-aef5f99313f2} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} => Key deleted successfully.
HKCR\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768a-4d20-a938-f223f71c344c} => Key deleted successfully.
HKCR\CLSID\{27488090-768a-4d20-a938-f223f71c344c} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key deleted successfully.
HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8561f2a1-d885-4852-8289-81ae4ad0ad99} => Key deleted successfully.
HKCR\CLSID\{8561f2a1-d885-4852-8289-81ae4ad0ad99} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8619595f-4eef-4164-b040-fb7436301a06} => Key deleted successfully.
HKCR\CLSID\{8619595f-4eef-4164-b040-fb7436301a06} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} => Key deleted successfully.
HKCR\CLSID\{bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Value deleted successfully.
HKCR\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3033124f-06bf-4829-873a-310a125b4d4c} => Value deleted successfully.
HKCR\CLSID\{3033124f-06bf-4829-873a-310a125b4d4c} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99bced2f-1db3-4ecd-8e35-8906428a6cfe} => Value deleted successfully.
HKCR\CLSID\{99bced2f-1db3-4ecd-8e35-8906428a6cfe} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{99BCED2F-1DB3-4ECD-8E35-8906428A6CFE} => Value deleted successfully.
HKCR\CLSID\{99BCED2F-1DB3-4ECD-8E35-8906428A6CFE} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@QuotationCafe_45.com/Plugin => Key deleted successfully.
C:\Program Files\QuotationCafe_45\bar\1.bin\NP45Stub.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin => Key deleted successfully.
C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\5qffxtbr@Zwinky_5q.com => Value deleted successfully.
C:\Program Files\Zwinky_5q\bar\1.bin => Moved successfully.
QuotationCafe_45Service => Service deleted successfully.
Zwinky_5qService => Service deleted successfully.
C:\Users\Jen\AppData\Local\QuotationCafe_45 => Moved successfully.
C:\Program Files\QuotationCafe_45 => Moved successfully.
C:\ProgramData\eeafvco.dat => Moved successfully.
C:\Users\Jen\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Jen\AppData\Local\Temp\mcitinfo_1385922583.exe => Moved successfully.
C:\Users\Jen\AppData\Local\Temp\pcDesktopAlertNotifierX.dll => Moved successfully.
C:\Users\Jen\AppData\Local\Temp\stubhelper.dll => Moved successfully.

==== End of Fixlog ====



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 22 April 2014 - 10:57 AM

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 April 2014 - 04:26 PM

Hi,

 

ComboFix log is pasted below :

 

ComboFix 14-04-20.01 - Jen 22/04/2014  21:07:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.718 [GMT 1:00]
Running from: c:\users\Jen\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eeafvco.dat
c:\programdata\PCDr\6422\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6422\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1046.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc106A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1094.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc11CC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc121A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12A6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12E5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc147A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1499.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14C9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14CA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14D8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14D9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1526.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1536.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1545.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1584.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc168D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1813.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1841.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1851.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc189F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18B0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18BE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18E1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc192C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc196.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc197A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc19F7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A15.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A44.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AA2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B7D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1CC4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1CD3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D50.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1DCD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F91.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F92.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FFF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc20BA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2158.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc225F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc227E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22EB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc230B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc231B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc23C9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc23F5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25F9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2646.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2693.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc26A3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc27E6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2858.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2923.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A0D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A4B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A5B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A99.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A9A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AC8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B66.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BA2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C0F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C2F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2CCB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2CDA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D67.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E51.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2EBE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F79.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F89.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F98.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F99.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2FC9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2FD7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc30A2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc312E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc312F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3130.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc316C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc31E9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3247.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3276.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc32C4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc338E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc338F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3534.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3535.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc364C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc368B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3718.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37D2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc389.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3968.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc39D5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A62.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3ABF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C55.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CA3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CC2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D5E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E29.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E58.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EB6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EF4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EF6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F64.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FBF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc406.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40F6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4125.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4126.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc42F9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4402.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4432.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc449E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4634.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47CA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47E9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4930.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4931.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4950.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc496F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49C0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A1B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A3B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A88.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A97.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B81.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BDF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CB9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CD8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E10.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F1A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc500.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5032.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5042.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc515B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5254.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5336.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc536D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53CB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54A5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc558F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc559F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc561C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc586D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5956.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A82.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5BB7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D0E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D7D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DAC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E95.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EE2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F20.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6068.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc60B6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc61DE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc639.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc63B3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6613.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc671C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6789.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6910.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A47.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6AA9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6B43.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6B61.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6BDD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C79.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D34.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E3D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E7C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc703.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc706F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc71C6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc730E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc731D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc737B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc74F1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7510.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7520.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc757E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc760A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76F4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7761.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc780D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc78B9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7935.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc79E1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc79F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A01.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A6D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B38.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C41.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C8F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E19.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ED.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EF0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F11.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F2E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F5D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7FF9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80B6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8121.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc817F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc81B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8278.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc82AA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83B0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc843D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84D9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84DA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84F8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85D3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8620.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc870A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc872A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc875B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8778.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8788.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc878A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc88A0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc890D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc890F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc893C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc896B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A18.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A36.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A45.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A55.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A74.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A79.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B00.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D51.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D82.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8EE7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8EE9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F64.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9072.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9118.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9147.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91A5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91B6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91D6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9222.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92CF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc930E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc931C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9351.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93C7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9444.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9446.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc951E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9750.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc975F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97ED.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc981B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc982A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc982B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9897.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98F5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9924.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9981.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9991.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9992.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99CF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A00.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A9A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B09.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B65.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BC2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BC3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BD4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C20.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C24.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C9D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C9E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9CEB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9CFC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D6A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D96.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DC7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DF4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E61.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E80.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9EA1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9ED2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F1C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F3E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F5D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FBA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FBB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FC8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FDA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA045.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA046.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA047.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA048.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA064.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0C4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA1EA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA238.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2A8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2F3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA313.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA322.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA351.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA386.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3BE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3CE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3EF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA44A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA46A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA489.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4E7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA563.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA5C1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA67C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA6DA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA728.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA795.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7D5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7E3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA7F4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA823.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA86F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA88E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8CD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8FC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA90C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA91C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA84.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAA1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAEF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAF1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB1E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB4D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB4E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB7B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC75.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC84.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD20.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD4F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD7E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADFD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE87.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE88.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAEF4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF14.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF23.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF72.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFCF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFFE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFFF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB012.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB07A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0B9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0E8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB194.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1A3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB22F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB272.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB27D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB28D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB29C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2CD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB329.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB359.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB377.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3B8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3E4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB432.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4CE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB50C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB50E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5C8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB608.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB692.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB6E3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB79C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB7BB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB819.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB839.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB8C4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB903.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB931.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB932.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB951.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB9CF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA69.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBAA8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB44.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB63.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB73.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBBD0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBBD1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCBA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD1A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD27.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD39.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD87.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDD3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDE3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDF6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE11.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE42.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE6F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE90.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE9E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBECD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF0B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFD6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC02.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC033.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC072.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0A1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0A3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0C0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0DF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0E1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0FE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC11D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC131.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC275.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC277.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC294.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2A4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2D2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC322.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC37F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC38D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC487.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC497.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4C5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC523.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC552.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC571.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5AF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5BF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5DE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC64B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC67A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC699.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6A9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC774.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7A3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7E1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7E2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC800.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC84E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8DB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8EA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC929.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9A6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9C5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9F3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA34.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA51.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA63.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA80.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCAAF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCAD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCADF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB2B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB99.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBA8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBE7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC44.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC73.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCCE0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD4D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFEC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD00B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD098.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD163.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD21E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD22F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD26C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD308.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD376.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD377.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3E2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3F2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD401.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD402.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD421.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD430.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD431.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD440.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD49.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4CC.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD52A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD52B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD539.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD55A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5A7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5C7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD604.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD614.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6EE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6EF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6FE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD78.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7D8.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD817.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD857.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD865.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8E1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA87.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB43.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBBF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBD1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBFF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC2C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC5B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDCE7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD85.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDDD3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE4E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEAB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF38.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF67.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFA5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE003.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE060.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE07F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE09F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE10C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE15C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2A1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2C3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2E0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2FF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE30F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE32E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3F9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4A4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE511.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE550.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE64C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE66B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE705.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE7CF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE87B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8B9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8C9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE91.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9D6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9E2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA3F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA4F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA6E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEAB0.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEAFB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB39.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECBF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED2E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED4B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED7A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE55.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE93.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEEE1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEEE2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0D4.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0F5.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF103.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF104.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF113.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF114.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF122.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF132.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF23B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF24B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF24D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF325.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF344.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF383.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF392.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3C1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF47C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF47D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF4BB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF4DA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF4F9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF518.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF585.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF595.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF596.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF69E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6AE.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF71B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF759.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF769.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF779.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF7C7.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF7E6.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8B1.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF97B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF97C.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF99B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAC3.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB33.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB4F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB6F.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBCD.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBED.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC0D.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC1A.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC2E.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC68.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD35.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD9.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDA.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDB.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDDF.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE5B.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF36.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFD2.tmp
c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFE3.tmp
c:\users\Jen\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-22 to 2014-04-22  )))))))))))))))))))))))))))))))
.
.
2014-04-22 19:54 . 2013-09-23 12:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-04-21 22:28 . 2014-04-21 22:28 -------- d-----w- c:\programdata\Malwarebytes
2014-04-21 22:28 . 2014-04-21 22:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-21 22:28 . 2014-04-21 22:28 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-21 22:27 . 2014-04-21 22:27 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-21 22:16 . 2014-04-22 07:45 -------- d-----w- C:\FRST
2014-04-10 10:54 . 2014-02-23 10:54 638120 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-04-10 10:54 . 2014-02-23 10:52 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2014-04-10 10:54 . 2014-02-23 10:46 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 18:45 . 2013-11-04 17:22 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 18:38 . 2013-11-04 17:17 214856 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 18:37 . 2013-12-05 18:35 175480 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 18:31 . 2013-09-24 20:45 573968 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 18:29 . 2013-11-04 17:10 367776 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 18:28 . 2013-11-04 17:10 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-03-17 18:27 . 2013-11-04 17:09 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 18:26 . 2013-09-24 20:42 134600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-12 12:43 . 2012-04-22 11:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 12:43 . 2011-06-30 13:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-07 10:38 . 2014-03-14 10:03 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-14 10:03 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-14 10:03 876032 ----a-w- c:\windows\system32\wer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-10 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2013-11-11 2039096]
"RegTask"="c:\program files\RegTask\RegTask.exe" [2013-02-12 11753096]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2013-12-01 13:49 14232 ----a-w- c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 0272031398196146mcinstcleanup;McAfee Application Installer Cleanup (0272031398196146);c:\windows\TEMP\027203~1.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-25 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:43]
.
2014-04-07 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef588ed29462b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2e60cc2db5da.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]
.
2014-04-18 c:\windows\Tasks\RegTask.job
- c:\program files\RegTask\RegTask.exe [2013-02-12 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eeafvco - c:\programdata\eeafvco.dat
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
AddRemove-McAfee Virtual Technician - c:\program files\McAfee\Supportability\MVT\MVTInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-22 21:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\MAHostService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.7\ma\bin\node.exe
c:\windows\system32\lxbccoms.exe
c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MSC\McAPExe.exe
c:\program files\Common Files\McAfee\AMCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\McAfee\Platform\mcuicnt.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\mcafee\mhn\ALERTH~1.EXE
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2014-04-22  21:42:24 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-22 20:42
.
Pre-Run: 129,648,549,888 bytes free
Post-Run: 128,698,826,752 bytes free
.
- - End Of File - - F493569086F3F5CDD71C75821826AA72
5C616939100B85E558DA92B899A0FC36
 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 22 April 2014 - 04:38 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 23 April 2014 - 05:52 AM

Hi,

 

JRT.txt follows and AdwCleaner log is attached.

 

Thanks,

 

Adam

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Jen on 23/04/2014 at 11:33:18.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\quotationcafe_45.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\quotationcafe_45.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.skinlauncher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zwinky_5q.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\alottoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\zwinky_5qbar uninstall

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jen\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\quotationcafe_45"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\zwinky_5q"
Successfully deleted: [Folder] "C:\Program Files\alot"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"
Successfully deleted: [Folder] "C:\Program Files\zwinky_5q"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2014 at 11:37:14.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 23 April 2014 - 11:32 AM

Looks like those programs deleted a lot of junk from the machine,
 
We just need to do a sweep for any leftovers now, please do the following;
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • Open MBAM once more.
  • Click on the History tab > Application Logs
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
NEXT

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 23 April 2014 - 11:33 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 23 April 2014 - 04:31 PM

Hi,

 

ESETSCAN.txt follows, and the MBAM log is attached to the email.

 

Thanks,

 

Adam

 

ESETSCAN.txt :

 

C:\FRST\Quarantine\C\Program Files\QuotationCafe_45\QuotationCafe_45\bar\1.bin\45skin.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\QuotationCafe_45\QuotationCafe_45\bar\1.bin\AppIntegrator64.exe a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\QuotationCafe_45\QuotationCafe_45\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\QuotationCafe_45\QuotationCafe_45\bar\1.bin\ASSISTMONITOR64.DLL a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\QuotationCafe_45\QuotationCafe_45\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qauxstb.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qbar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qdatact.dll probably a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qimpipe.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qreghk.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qskin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Zwinky_5q\bar\1.bin\1.bin\5qSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\eeafvco.dat.xBAD a variant of Win32/Kryptik.BZJS trojan
C:\Program Files\RegTask\RegTask.exe a variant of Win32/Adware.RegRevive.A application
C:\Qoobox\Quarantine\C\ProgramData\eeafvco.dat.vir a variant of Win32/Kryptik.BZJS trojan
C:\Users\Jen\AppData\Local\VirtualStore\ProgramData\eeafvco.dat a variant of Win32/Kryptik.CAIM trojan
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56ed9efc-6ef921ee a variant of Java/Exploit.Agent.QZU trojan
 



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 23 April 2014 - 07:03 PM

Please run the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\RegTask\RegTask.exe 
C:\Users\Jen\AppData\Local\VirtualStore\ProgramData\eeafvco.dat
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56ed9efc-6ef921ee

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 24 April 2014 - 03:16 AM

Hi,

 

Copy of the log is below. The computer seems to be running much better now, McAfee ias able to start up fine, and it even seems to be a little quicker starting up.

 

ComboFix 14-04-20.01 - Jen 24/04/2014   8:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.806 [GMT 1:00]
Running from: c:\users\Jen\Desktop\ComboFix.exe
Command switches used :: c:\users\Jen\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\RegTask\RegTask.exe"
"c:\users\Jen\AppData\Local\VirtualStore\ProgramData\eeafvco.dat"
"c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56ed9efc-6ef921ee"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-24 to 2014-04-24  )))))))))))))))))))))))))))))))
.
.
2014-04-24 08:09 . 2014-04-24 08:09 -------- d-----w- c:\users\Jen\AppData\Local\temp
2014-04-24 08:09 . 2014-04-24 08:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-23 19:47 . 2014-04-23 19:47 -------- d-----w- c:\program files\ESET
2014-04-23 19:33 . 2014-04-23 19:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-23 19:33 . 2014-04-03 08:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-23 19:33 . 2014-04-03 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-23 10:38 . 2014-04-23 10:42 -------- d-----w- C:\AdwCleaner
2014-04-23 10:32 . 2014-04-23 10:32 -------- d-----w- c:\windows\ERUNT
2014-04-22 19:54 . 2013-09-23 12:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-04-21 22:28 . 2014-04-23 19:33 -------- d-----w- c:\programdata\Malwarebytes
2014-04-21 22:28 . 2014-04-23 19:33 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-21 22:28 . 2014-04-21 22:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-21 22:27 . 2014-04-03 08:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-21 22:16 . 2014-04-22 07:45 -------- d-----w- C:\FRST
2014-04-10 10:54 . 2014-02-23 10:54 638120 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-04-10 10:54 . 2014-02-23 10:52 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2014-04-10 10:54 . 2014-02-23 10:46 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 18:45 . 2013-11-04 17:22 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 18:38 . 2013-11-04 17:17 214856 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 18:37 . 2013-12-05 18:35 175480 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 18:31 . 2013-09-24 20:45 573968 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 18:29 . 2013-11-04 17:10 367776 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 18:28 . 2013-11-04 17:10 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-03-17 18:27 . 2013-11-04 17:09 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 18:26 . 2013-09-24 20:42 134600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-12 12:43 . 2012-04-22 11:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 12:43 . 2011-06-30 13:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-07 10:38 . 2014-03-14 10:03 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-14 10:03 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-14 10:03 876032 ----a-w- c:\windows\system32\wer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-10 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2013-11-11 2039096]
"RegTask"="c:\program files\RegTask\RegTask.exe" [2013-02-12 11753096]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2013-12-01 13:49 14232 ----a-w- c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-25 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:43]
.
2014-04-07 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
.
2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef588ed29462b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]
.
2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2e60cc2db5da.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]
.
2014-04-18 c:\windows\Tasks\RegTask.job
- c:\program files\RegTask\RegTask.exe [2013-02-12 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080925
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-24 09:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-24  09:12:35
ComboFix-quarantined-files.txt  2014-04-24 08:12
ComboFix2.txt  2014-04-22 20:42
.
Pre-Run: 127,709,093,888 bytes free
Post-Run: 127,682,322,432 bytes free
.
- - End Of File - - 969238F9F8ED8CE79394AF4E0C1CE633
5C616939100B85E558DA92B899A0FC36
 



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:42 AM

Posted 24 April 2014 - 11:37 AM

We just have some housekeeping to do now,

Please do the following:


You can delete the FRST, DDS and JRT logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 24 April 2014 - 01:05 PM

That's great, thank you very much - it all seems to be working again!

Thanks again, I really appreciate all your help.

Adam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users