Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to do system restore, Error 0x800423F


  • Please log in to reply
5 replies to this topic

#1 cheng2000x

cheng2000x

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 11 May 2014 - 11:02 AM

Hi,
 
My computer has a bleeping cursor, and I have trouble using Internet Explorer. I tried to restore the system to an earlier date but got an error 0x800423F. I searched the internet trying to fix the error but I was not able to take ownership of my system file no matter what I do.
 
I then ran Hijackthis, would you please help me fix my problem, otherwise I will have to erase everything on my computer.
thank you in advance!
 
----
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:08 AM, on 5/11/2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\IDMSQ\idmsq.exe
C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\cheng2000x\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Users\cheng2000x\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
E:\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&iwk=%iwk&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: topbuyeer - {001B6575-F1EC-C845-A0A0-FAA6640466CD} - C:\ProgramData\topbuyeer\N0Wt5i.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TidyNetwork - {22EDC8B9-F66A-33BE-F392-3C973B599989} - C:\Program Files (x86)\TidyNetwork\petn.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: PrinceCoupon - {306AB692-2D25-5B66-D042-3746BF763486} - C:\ProgramData\PrinceCoupon\1KzBwntDG7.dll
O2 - BHO: Idmsq Extension - {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\cheng2000x\AppData\Roaming\IDMSQ\idmsqext.dll
O2 - BHO: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll
O2 - BHO: EXEeCCHHecker - {4D349727-64EE-6608-AB55-8BE94663AE4C} - C:\ProgramData\EXEeCCHHecker\bvnhIZ.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111111000920.dll
O2 - BHO: saverNoet - {8CAD72D1-4D93-8CCE-A69F-41E7C273D31A} - C:\ProgramData\saverNoet\W.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Laflurla - {b4a89cd3-c5f5-49c4-abcf-5f26d636476f} - C:\Program Files (x86)\Laflurla\Laflurlabho.dll
O2 - BHO: deaLipeak - {C87B6F70-7D0E-4D3D-DC72-570AAC69E75E} - C:\ProgramData\deaLipeak\QqnFUBV.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Users\cheng2000x\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
O4 - HKLM\..\Run: [ShopAtHomeUpdater] C:\Users\cheng2000x\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
O4 - HKLM\..\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
O4 - HKLM\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Updater] C:\ProgramData\Updater\updater.exe
O4 - HKCU\..\Run: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
O4 - HKCU\..\Run: [InstallX Search Protect for Yahoo] "C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [Updater] C:\ProgramData\Updater\updater.exe (User '?')
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup (User '?')
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [InstallX Search Protect for Yahoo] "C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe" (User '?')
O4 - HKUS\S-1-5-21-1487290883-3752395232-2594958781-1000\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean (User '?')
O4 - S-1-5-21-1487290883-3752395232-2594958781-1000 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User '?')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {DABA1849-E884-4DC0-B7E6-41E49B5D7C37} (ISiteExt Control) - https://ive-crdc.kp.org/Integrations/,DanaInfo=10.214.2.32,CT=java+iSiteExt.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Dragon Service (DragonSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Internet Updater (InternetUpdater) - Unknown owner - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Laflurla - Unknown owner - C:\Program Files (x86)\Laflurla\updateLaflurla.exe
O23 - Service: Util Laflurla - Unknown owner - C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 16828 bytes

Edited by Queen-Evie, 11 May 2014 - 12:34 PM.
moved from Introductions to the appropriate forum. HJT logs are allowed only in Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 16 May 2014 - 10:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run these tools and submit the files for my review.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

HijackThis doesn't handle your version of the operating well. In your case I need to see a FRST Log.
You should remove HijackThis using the Add/Remove Programs list. Use the FRST tool from now on.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 cheng2000x

cheng2000x
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 18 May 2014 - 03:12 PM

Dear Nasdaq,

 

I am eternally grateful to your help! the cursor is not blinking anymore, the IE seems to be working. I did not dare to try the restore function since I don't know which earlier date is good. here are the logs, thanks a million!!

 

mbamlogfile

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/18/2014
Scan Time: 12:15:33 PM
Logfile: MBamlogfile.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: cheng2000x

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297654
Time Elapsed: 20 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

=========================================

 

 

 

Adwcleanerlogfile.ext

 

# AdwCleaner v3.209 - Report created 18/05/2014 at 12:31:07
# Updated 18/05/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# Username : cheng2000x - CHENG2000X-PC
# Running from : F:\adwcleaner_3.209.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[!] Folder Deleted : C:\ProgramData\InternetUpdater
[!] Folder Deleted : C:\ProgramData\PC Optimizer Pro
[!] Folder Deleted : C:\ProgramData\RHelpers
[!] Folder Deleted : C:\ProgramData\Systweak
[!] Folder Deleted : C:\ProgramData\CoOlSaleCCoupon
[!] Folder Deleted : C:\ProgramData\deaLipeak
[!] Folder Deleted : C:\ProgramData\PrinceCoupon
[!] Folder Deleted : C:\ProgramData\saverNoet
[!] Folder Deleted : C:\ProgramData\seaVeiittkeep
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Program Files (x86)\File Type Assistant
[!] Folder Deleted : C:\Program Files (x86)\IDMSQ
[!] Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
[!] Folder Deleted : C:\Program Files (x86)\TidyNetwork
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Windows\SysWOW64\SearchProtect
[!] Folder Deleted : C:\Program Files\PC Optimizer Pro
[!] Folder Deleted : C:\Users\CHENG2~1\AppData\Local\Temp\mt_ffx
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Local\FileTypeAssistant
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Local\visi_coupon
[!] Folder Deleted : C:\Users\cheng2000x\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\cheng2000x\AppData\LocalLow\Delta
[!] Folder Deleted : C:\Users\cheng2000x\AppData\LocalLow\Inbox Toolbar
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Roaming\digitalsite
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Roaming\IDMSQ
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
[!] Folder Deleted : C:\Users\joyce\AppData\LocalLow\Inbox Toolbar
[!] Folder Deleted : C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
[!] Folder Deleted : C:\Users\joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{614925F9-841A-53FE-A28F-DC30FA07239B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Websteroids
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb

[ File : C:\Users\joyce\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb

*************************

AdwCleaner[R0].txt - [12105 octets] - [18/05/2014 12:18:47]
AdwCleaner[R1].txt - [9943 octets] - [18/05/2014 12:28:53]
AdwCleaner[S0].txt - [4014 octets] - [18/05/2014 12:26:13]
AdwCleaner[S1].txt - [9206 octets] - [18/05/2014 12:31:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9266 octets] ##########

 

 

===========

 

FRSTlog

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by cheng2000x (administrator) on CHENG2000X-PC on 18-05-2014 12:40:17
Running from F:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(InstallX, LLC) C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6931488 2008-12-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [136600 2009-03-20] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-16] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [InstallX Search Protect for Yahoo] => C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe [958536 2014-03-30] (InstallX, LLC)
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\MountPoints2: {1d7f199a-1b39-11de-a199-0024e8083b84} - setupSNK.exe
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\MountPoints2: {23ec8317-5b71-11e1-810d-0024e8083b84} - K:\HPLauncher.exe
Startup: C:\Users\Amy Cheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\cheng2000x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1487290883-3752395232-2594958781-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {4913827A-E9E3-4D72-9024-BE87687B8803} URL = http://search.us.com/serp?guid={6DE95953-30A2-4073-A8EF-21607FDC245A}&k={searchTerms}
SearchScopes: HKCU - {75740CEF-07FE-4284-8874-B28EED4D383C} URL = http://isearch.shopathome.com?user_id={C5949E5A-1447-4F01-A3FE-C5AE0CE2E7A9}&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140313,19669,0,IE8,8178
SearchScopes: HKCU - {E95CA123-DB0F-4A02-B3E3-9A28D11DFAEE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111111000920.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111111000920.dll (McAfee, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
DPF: HKLM-x32 {DABA1849-E884-4DC0-B7E6-41E49B5D7C37} https://ive-crdc.kp.org/Integrations/,DanaInfo=10.214.2.32,CT=java+iSiteExt.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\cheng2000x\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cheng2000x\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-01-02]

Chrome:
=======
CHR HomePage: hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140313,19670,0,IE8,8178
CHR RestoreOnStartup: "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140313,19670,0,IE8,8178",
   "hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5EF5C58D-B9A7-454A-A1A6-C1D22BDBCEC1&SSPV="
CHR DefaultSearchKeyword: yahoo
CHR DefaultSearchProvider: Yahoo! Search
CHR DefaultSearchURL: http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140313,19669,0,IE8,8178
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Docs) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-04]
CHR Extension: (Google Drive) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-04]
CHR Extension: (YouTube) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-04]
CHR Extension: (RoyaalShhopPerAppp) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenbaoaobffhhneijnlfmlghdniklijk [2014-03-17]
CHR Extension: (Google Search) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-04]
CHR Extension: (EXEeCCHHecker) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakggcdcblhhfehdichlcafehgipcajk [2014-02-02]
CHR Extension: (SiteAdvisor) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-04]
CHR Extension: (topbuyeer) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdphjjcehnjkkoliepimkadifjeijce [2014-03-09]
CHR Extension: (Google Wallet) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Internet Download Manager Squared) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-04-05]
CHR Extension: (Gmail) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-04]
CHR Extension: (deaLipeak) - C:\ProgramData\mfedgknfdhhcjmmdpcbiflkjhdehbbnc [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\cheng2000x\AppData\Roaming\IDMSQ\IDMSQ.crx [2011-02-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502032 2012-03-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-10-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-10-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-10-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [X]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-18 12:40 - 2014-05-18 12:40 - 00000000 ____D () C:\FRST
2014-05-18 12:17 - 2014-05-18 12:31 - 00000000 ____D () C:\AdwCleaner
2014-05-18 11:54 - 2014-05-18 12:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 11:52 - 2014-05-18 11:52 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 11:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 11:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 11:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 11:42 - 2014-05-18 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-17 02:14 - 2014-05-17 02:30 - 00039424 _____ () C:\Users\cheng2000x\Desktop\6-2014.wps
2014-05-17 00:48 - 2014-05-17 00:48 - 00034816 _____ () C:\Users\cheng2000x\Desktop\6-2014 empty.wps
2014-05-04 22:36 - 2014-05-04 22:37 - 00000000 ____D () C:\Users\cheng2000x\Desktop\pictures(3)
2014-05-04 21:00 - 2014-05-17 01:42 - 00042496 _____ () C:\Users\cheng2000x\Desktop\2014-5-1 nani.wps
2014-05-04 12:49 - 2014-05-04 13:15 - 00000000 ____D () C:\9d57db321621c40a0287ee241e8c

==================== One Month Modified Files and Folders =======

2014-05-18 12:41 - 2009-03-20 16:17 - 02079588 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 12:40 - 2014-05-18 12:40 - 00000000 ____D () C:\FRST
2014-05-18 12:38 - 2009-05-12 19:28 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{353C2EC6-F38D-4867-84CD-103A48280E1D}.job
2014-05-18 12:36 - 2014-05-18 11:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 12:35 - 2013-12-12 00:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef7081b569830.job
2014-05-18 12:35 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 12:35 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 12:34 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 12:33 - 2014-04-06 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 12:33 - 2008-01-20 20:26 - 00451274 _____ () C:\Windows\PFRO.log
2014-05-18 12:32 - 2006-11-02 08:42 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 12:31 - 2014-05-18 12:17 - 00000000 ____D () C:\AdwCleaner
2014-05-18 12:15 - 2014-03-30 19:53 - 00000000 ____D () C:\Users\cheng2000x\AppData\Roaming\IDM2
2014-05-18 12:15 - 2014-03-09 19:29 - 00000000 ____D () C:\ProgramData\topbuyeer
2014-05-18 12:15 - 2014-02-01 00:01 - 00000000 ____D () C:\ProgramData\EXEeCCHHecker
2014-05-18 12:15 - 2013-11-02 12:47 - 00000000 ____D () C:\Users\cheng2000x\AppData\Roaming\ShopAtHome
2014-05-18 12:12 - 2013-08-04 11:55 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 11:52 - 2014-05-18 11:52 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 11:52 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 11:45 - 2012-04-15 01:03 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-18 11:44 - 2012-04-15 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-18 11:42 - 2014-05-18 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-18 11:42 - 2009-03-28 20:59 - 00001693 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-05-18 11:42 - 2009-03-27 19:35 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B952A3CF-64AC-4F3B-BB4C-6C79C34609BE}
2014-05-18 11:42 - 2009-03-27 19:35 - 00000428 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B952A3CF-64AC-4F3B-BB4C-6C79C34609BE}.job
2014-05-18 11:41 - 2014-04-06 23:32 - 00042239 _____ () C:\Windows\wininit.ini
2014-05-17 02:30 - 2014-05-17 02:14 - 00039424 _____ () C:\Users\cheng2000x\Desktop\6-2014.wps
2014-05-17 02:30 - 2009-03-29 11:50 - 00008806 _____ () C:\Users\cheng2000x\AppData\Roaming\wklnhst.dat
2014-05-17 01:42 - 2014-05-04 21:00 - 00042496 _____ () C:\Users\cheng2000x\Desktop\2014-5-1 nani.wps
2014-05-17 01:39 - 2014-03-22 00:41 - 00044032 _____ () C:\Users\cheng2000x\Desktop\2014-5-1.wps
2014-05-17 00:48 - 2014-05-17 00:48 - 00034816 _____ () C:\Users\cheng2000x\Desktop\6-2014 empty.wps
2014-05-17 00:44 - 2014-02-23 22:06 - 00000000 ____D () C:\Users\cheng2000x\Desktop\New Folder (2)
2014-05-04 22:37 - 2014-05-04 22:36 - 00000000 ____D () C:\Users\cheng2000x\Desktop\pictures(3)
2014-05-04 20:30 - 2009-03-27 18:47 - 00000000 ___RD () C:\Users\cheng2000x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 13:33 - 2006-11-02 05:34 - 00000240 _____ () C:\Windows\win.ini
2014-05-04 13:19 - 2011-02-17 20:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-04 13:15 - 2014-05-04 12:49 - 00000000 ____D () C:\9d57db321621c40a0287ee241e8c
2014-05-04 13:15 - 2013-07-24 07:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-04 12:51 - 2006-11-02 05:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\cheng2000x\CTX.DAT
C:\Users\joyce\CTX.DAT

Some content of TEMP:
====================
C:\Users\cheng2000x\AppData\Local\Temp\ose00000.exe
C:\Users\cheng2000x\AppData\Local\Temp\Quarantine.exe
C:\Users\cheng2000x\AppData\Local\Temp\_is710A.exe
C:\Users\joyce\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\joyce\AppData\Local\Temp\jna3369966855079391155.dll
C:\Users\joyce\AppData\Local\Temp\jna3662322317364018627.dll
C:\Users\joyce\AppData\Local\Temp\jna5856343510484204446.dll
C:\Users\joyce\AppData\Local\Temp\jna6428107070896550826.dll
C:\Users\joyce\AppData\Local\Temp\jna6886954419013911814.dll
C:\Users\joyce\AppData\Local\Temp\jna7061145812978674195.dll
C:\Users\joyce\AppData\Local\Temp\jna7461035667766927243.dll
C:\Users\joyce\AppData\Local\Temp\jna8708044397759211761.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-16 19:06] - [2009-03-02 21:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-18 12:42

==================== End Of Log ============================

 

 

============================

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by cheng2000x at 2014-05-18 12:42:28
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0917.0336 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0917.337.4556 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help English (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help French (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help German (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
ccc-utility64 (Version: 2008.0917.337.4556 - ATI) Hidden
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Compact Wireless-G USB Adapter (HKLM-x32\...\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
Intel® Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0 - Intel) Hidden
Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java™ 6 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.0.0.3 - Juniper Networks)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.3.15 - ShopAtHome.com)
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
topbuyeer (HKLM-x32\...\{FE139F4C-CE5B-121A-8A2D-191FA2226094}) (Version:  - topbuyer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2006-11-02 05:34 - 2014-03-30 19:54 - 00000804 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

Task: {031A2B1D-D639-4165-A094-ACFBA6614E1A} - System32\Tasks\7d8e2a00 => C:\Users\joyce\AppData\Local\Temp\\setup880476160.exe <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0C51433E-8FFF-4F7E-A141-E59FCE17B14E} - System32\Tasks\532d5c00 => C:\Users\joyce\AppData\Local\Temp\\setup1569168896.exe <==== ATTENTION
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {24667FCF-1C0D-4BC1-A493-EF98035AB6CA} - System32\Tasks\45179200 => C:\Users\joyce\AppData\Local\Temp\\setup866299904.exe <==== ATTENTION
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2D8E89B6-C2D0-4550-A7B3-3FBFAD3DA1BE} - System32\Tasks\926ac800 => C:\Users\joyce\AppData\Local\Temp\\setup1619278848.exe <==== ATTENTION
Task: {302FFC65-C13D-4EDF-BB56-9345895DEAEF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4FF1024A-22A5-4407-8576-327EC6291ACA} - System32\Tasks\35feda00 => C:\Users\joyce\AppData\Local\Temp\\setup1468381696.exe <==== ATTENTION
Task: {6B671DA1-7A81-4F00-BAD0-78B718F13804} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {81CA43D0-3730-4544-B08D-9CF402DE1797} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {82B8B65F-FA2C-459B-8A9E-5C9AACD09054} - System32\Tasks\TidyNetwork Update => C:\Users\cheng2000x\AppData\Local\TidyNetwork\petnupdate.exe
Task: {BA21B83A-D847-472F-AB53-8ED6FD4FF8CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {C8AD7846-B324-4365-A1A7-864C91D0EF04} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C94068E7-F93E-4BBC-9904-BE57F0C105A9} - System32\Tasks\35072600 => C:\Users\joyce\AppData\Local\Temp\\setup70635520.exe <==== ATTENTION
Task: {D33DE6D4-3D88-424F-BBD1-6E1173FD5552} - System32\Tasks\64c23c00 => C:\Users\joyce\AppData\Local\Temp\\setup2252938240.exe <==== ATTENTION
Task: {DF32B25E-C40B-45FB-9833-1C0412E19BC9} - \RegClean Pro No Task File <==== ATTENTION
Task: {E0A1D84B-8000-425A-87E6-5A2284D53245} - System32\Tasks\49adf800 => C:\Users\joyce\AppData\Local\Temp\\setup3371992576.exe <==== ATTENTION
Task: {E81D4CB0-A3B0-48C3-B5DE-C4A73CB880D7} - System32\Tasks\101d9e00 => C:\Users\joyce\AppData\Local\Temp\\setup2795031040.exe <==== ATTENTION
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F4F03B99-8B0A-468C-A07E-9FDD281D6754} - System32\Tasks\GoogleUpdateTaskMachineCore1cef7081b569830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef7081b569830.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{353C2EC6-F38D-4867-84CD-103A48280E1D}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B952A3CF-64AC-4F3B-BB4C-6C79C34609BE}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-03-20 23:38 - 2008-10-17 03:24 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2011-06-28 18:14 - 2011-06-28 18:14 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\be6bdac46858ce3210cb162f544cdde7\VistaBridgeLibrary.ni.dll
2009-03-20 20:34 - 2009-03-20 20:34 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-09-10 07:46 - 2008-09-10 07:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2014 00:40:03 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (05/18/2014 00:38:03 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2797568 (0x00000000002ab000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 23644177221025872 (0x0054004100440050) and the actual checksum was 2931477302724 (0x000002aa89a9cdc4).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2912256 (0x00000000002c7000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 5493197220383608034 (0x4c3bc1c48a20cce2) and the actual checksum was 3053222696535 (0x000002c6e2411657).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2908160 (0x00000000002c6000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 727905341920923785 (0x0a1a0a0d474e5089) and the actual checksum was 6818486530647685461 (0x5ea0215fad0a7955).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2904064 (0x00000000002c5000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 13511005043818567 (0x0030003000320047) and the actual checksum was 3043138850089 (0x000002c48935cd29).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2899968 (0x00000000002c4000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 23362762374774851 (0x0053004f00520043) and the actual checksum was 3038840409366 (0x000002c38900cd16).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2895872 (0x00000000002c3000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 23081235857866829 (0x005200430049004d) and the actual checksum was 3034557304284 (0x000002c289b5cddc).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2891776 (0x00000000002c2000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 14073748835758249 (0x00320000000370a9) and the actual checksum was 3030277918891 (0x000002c18aa390ab).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2576384 (0x0000000000275000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 2199023255696 (0x0000020000000090) and the actual checksum was 2699583528146 (0x000002748bb79cd2).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/18/2014 00:36:14 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1472) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 2572288 (0x0000000000274000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 4702676459666276375 (0x4143435300000017) and the actual checksum was 2696244189205 (0x00000273c4ad5815).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

System errors:
=============
Error: (05/18/2014 00:39:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (05/18/2014 00:37:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (05/18/2014 00:34:20 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/18/2014 11:38:17 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/17/2014 00:42:43 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/11/2014 08:20:03 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/04/2014 08:29:46 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/04/2014 00:45:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/04/2014 00:40:16 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (05/04/2014 00:40:16 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-18 12:41:49.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:41:49.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:41:49.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:41:49.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:36:10.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:05:08.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:05:08.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:05:08.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 12:05:07.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 11:54:07.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 6134.26 MB
Available physical RAM: 3978.37 MB
Total Pagefile: 12380.05 MB
Available Pagefile: 9919.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:294.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:0.01 GB) NTFS
Drive f: () (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 245 MB) (Disk ID: 2D7A9F1E)
Partition 1: (Not Active) - (Size=245 MB) - (Type=06)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 19 May 2014 - 08:33 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [InstallX Search Protect for Yahoo] => C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe [958536 2014-03-30] (InstallX, LLC)
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
GroupPolicyUsers\S-1-5-21-1487290883-3752395232-2594958781-1001\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - {75740CEF-07FE-4284-8874-B28EED4D383C} URL = http://isearch.shopathome.com?user_id={C5949E5A-1447-4F01-A3FE-C5AE0CE2E7A9}&q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
Toolbar: HKLM - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Toolbar: HKLM-x32 - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport.dll No File
Toolbar: HKCU - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\cheng2000x\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
"hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5EF5C58D-B9A7-454A-A1A6-C1D22BDBCEC1&SSPV="
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (RoyaalShhopPerAppp) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenbaoaobffhhneijnlfmlghdniklijk [2014-03-17]
CHR Extension: (EXEeCCHHecker) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakggcdcblhhfehdichlcafehgipcajk [2014-02-02]
CHR Extension: (topbuyeer) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdphjjcehnjkkoliepimkadifjeijce [2014-03-09]
CHR Extension: (Internet Download Manager Squared) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-04-05]
CHR Extension: (deaLipeak) - C:\ProgramData\mfedgknfdhhcjmmdpcbiflkjhdehbbnc [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\cheng2000x\AppData\Roaming\IDMSQ\IDMSQ.crx [2011-02-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 mfeavfk01; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\cheng2000x\AppData\Local\Temp\ose00000.exe
C:\Users\cheng2000x\AppData\Local\Temp\_is710A.exe
C:\Users\joyce\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\joyce\AppData\Local\Temp\jna3369966855079391155.dll
C:\Users\joyce\AppData\Local\Temp\jna3662322317364018627.dll
C:\Users\joyce\AppData\Local\Temp\jna5856343510484204446.dll
C:\Users\joyce\AppData\Local\Temp\jna6428107070896550826.dll
C:\Users\joyce\AppData\Local\Temp\jna6886954419013911814.dll
C:\Users\joyce\AppData\Local\Temp\jna7061145812978674195.dll
C:\Users\joyce\AppData\Local\Temp\jna7461035667766927243.dll
C:\Users\joyce\AppData\Local\Temp\jna8708044397759211761.dll
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options only.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Remove Policies Set By Infections
Remove Temp Files
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 24 May 2014 - 08:31 AM

Are you still with me?

#6 cheng2000x

cheng2000x
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 25 May 2014 - 01:10 PM

Hi, Nasdaq,

 

Sorry I got so busy this week and was not able to do anything until now.

 

I followed the instructions you provided, run FRST, click fix, and here is the log.

I did notice a problem, my computer now claims gmail.com as insecure, also I tried to access gmail from Google Chrome, it prompted a blue screen and had to restart the computer. unable to create a restore point ( which was the problem ), I have not run windows repair yet since I can't generate a restore point. please give me further instructions. thank you very much!!

 

=======

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 01
Ran by cheng2000x at 2014-05-25 10:46:31 Run:1
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [InstallX Search Protect for Yahoo] =>
C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe [958536 2014-03-30] (InstallX, LLC)
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
GroupPolicyUsers\S-1-5-21-1487290883-3752395232-2594958781-1001\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - {75740CEF-07FE-4284-8874-B28EED4D383C} URL = http://isearch.shopathome.com?user_id={C5949E5A-1447-4F01-A3FE-C5AE0CE2E7A9}&q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
Toolbar: HKLM - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} -
C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Toolbar: HKLM-x32 - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport.dll No File
Toolbar: HKCU - TNT2-10741 Toolbar - {2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} - C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\cheng2000x\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
"hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5EF5C58D-B9A7-454A-A1A6-C1D22BDBCEC1&SSPV="
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) -
C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (RoyaalShhopPerAppp) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenbaoaobffhhneijnlfmlghdniklijk [2014-03-17]
CHR Extension: (EXEeCCHHecker) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakggcdcblhhfehdichlcafehgipcajk [2014-02-02]
CHR Extension: (topbuyeer) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdphjjcehnjkkoliepimkadifjeijce [2014-03-09]
CHR Extension: (Internet Download Manager Squared) - C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-04-05]
CHR Extension: (deaLipeak) - C:\ProgramData\mfedgknfdhhcjmmdpcbiflkjhdehbbnc [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] -
C:\Users\cheng2000x\AppData\Roaming\IDMSQ\IDMSQ.crx [2011-02-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 mfeavfk01; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\cheng2000x\AppData\Local\Temp\ose00000.exe
C:\Users\cheng2000x\AppData\Local\Temp\_is710A.exe
C:\Users\joyce\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\joyce\AppData\Local\Temp\jna3369966855079391155.dll
C:\Users\joyce\AppData\Local\Temp\jna3662322317364018627.dll
C:\Users\joyce\AppData\Local\Temp\jna5856343510484204446.dll
C:\Users\joyce\AppData\Local\Temp\jna6428107070896550826.dll
C:\Users\joyce\AppData\Local\Temp\jna6886954419013911814.dll
C:\Users\joyce\AppData\Local\Temp\jna7061145812978674195.dll
C:\Users\joyce\AppData\Local\Temp\jna7461035667766927243.dll
C:\Users\joyce\AppData\Local\Temp\jna8708044397759211761.dll
End

*****************

HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDMSQ => Value deleted successfully.
HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-1487290883-3752395232-2594958781-1000\...\Run: [InstallX Search Protect for Yahoo] => => Value not found.
"C:\Users\cheng2000x\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe [958536 2014-03-30] (InstallX, LLC)" => File/Directory not found.
C:\Program Files (x86)\LimeWire\LimeWire.exe not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1487290883-3752395232-2594958781-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75740CEF-07FE-4284-8874-B28EED4D383C} => Key deleted successfully.
HKCR\CLSID\{75740CEF-07FE-4284-8874-B28EED4D383C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Value deleted successfully.
HKCR\CLSID\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Key deleted successfully.
"C:\Users\cheng2000x\AppData\Local\TNT2\Profiles\10741\passport64.dll No File" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Value deleted successfully.
HKCR\CLSID\{2EBC6B95-B3F8-4833-B0E9-B09FB6DA1932} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin => Key deleted successfully.
C:\Users\cheng2000x\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
"C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File" => File/Directory not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenbaoaobffhhneijnlfmlghdniklijk directory not found.
C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakggcdcblhhfehdichlcafehgipcajk directory not found.
C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdphjjcehnjkkoliepimkadifjeijce directory not found.
C:\Users\cheng2000x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal directory not found.
C:\ProgramData\mfedgknfdhhcjmmdpcbiflkjhdehbbnc => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - => Key not found.
"CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] -" => File/Directory not found.
"C:\Users\cheng2000x\AppData\Roaming\IDMSQ\IDMSQ.crx [2011-02-08]" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
mfeavfk01 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\cheng2000x\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\cheng2000x\AppData\Local\Temp\_is710A.exe => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna3369966855079391155.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna3662322317364018627.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna5856343510484204446.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna6428107070896550826.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna6886954419013911814.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna7061145812978674195.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna7461035667766927243.dll => Moved successfully.
C:\Users\joyce\AppData\Local\Temp\jna8708044397759211761.dll => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users