Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus on my laptop need help to remove.


  • This topic is locked This topic is locked
46 replies to this topic

#1 geridear

geridear

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 16 May 2014 - 03:32 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.55.2
Run by Geraldine at 17:06:25 on 2014-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3032.1389 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1F90A12C-18DA-4A4C-9441-D9190CB0EF29} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC} : NameServer = 208.67.222.222
TCP: Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC}\05C65737E6564775962756C6563737 : NameServer = 208.67.222.222
TCP: Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC}\05C65737E6564775962756C6563737 : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: biblioscape - <Clsid value has no data>
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI]  CARD\WLTRAY.EXE
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: biblioscape - <Clsid value has no data>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-12-5 783864]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-3-17 345456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-17 55280]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-13 29208]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2012-12-31 45736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-15 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-15 857912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-5-15 178528]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-12-10 517632]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-5-15 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-5-15 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-5-14 185792]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-3-17 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-17 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-13 119512]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-3-17 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-3-17 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-1 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-1 393728]
S2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2014-4-11 640016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-15 328928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2008-7-29 1075712]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-3-17 70592]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-14 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-5-15 197704]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-3-27 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-6 1255736]
.
=============== Created Last 30 ================
.
2014-05-15 15:46:09 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-15 15:46:09 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-15 15:46:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-15 15:46:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 06:14:24 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-05-15 06:13:05 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-05-15 06:12:17 -------- d-----w- C:\Program Files\McAfee.com
2014-05-15 06:12:17 -------- d-----w- C:\Program Files\McAfee
2014-05-15 06:12:12 -------- d-----w- C:\Program Files (x86)\McAfee
2014-05-14 19:25:47 -------- d-----w- C:\FRST
2014-05-14 18:15:19 -------- d-----w- C:\Program Files\stinger
2014-05-14 18:14:29 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-05-14 18:14:28 -------- d-----w- C:\Program Files\Common Files\McAfee
2014-05-14 14:52:18 -------- d-----w- C:\Users\Geraldine\AppData\Local\Dell Edoc Viewer
2014-05-14 12:12:56 -------- d-----w- C:\ProgramData\RegRun
2014-05-14 12:10:14 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-05-14 12:04:15 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-05-14 12:04:06 2 --shatr- C:\Windows\winstart.bat
2014-05-14 12:03:56 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-05-14 12:03:51 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-05-14 09:19:10 -------- d-----w- C:\Users\Geraldine\AppData\Local\CrashDumps
2014-05-14 08:49:11 -------- d-----w- C:\Users\Geraldine\AppData\Local\AvgSetupLog
2014-05-14 08:49:11 -------- d-----w- C:\Users\Geraldine\AppData\Local\Avg
2014-05-14 08:27:53 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2014-05-13 17:36:01 -------- d-----w- C:\ProgramData\Oracle
2014-05-13 17:35:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-13 12:10:16 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-13 06:11:51 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
.
==================== Find3M  ====================
.
2014-05-16 15:54:48 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-05-14 11:07:26 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 11:07:26 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-27 21:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-03-27 21:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-03-17 18:02:08 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-03-17 17:54:54 345456 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-03-17 17:49:44 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-03-17 17:47:30 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-03-17 17:45:38 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-03-17 17:44:40 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/12/2011 11:21:50
System Uptime: 16/05/2014 16:53:51 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0F642T
Processor: Pentium® Dual-Core CPU       T4400  @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 120.107 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP238: 13/05/2014 08:35:23 - Restore Operation
RP239: 13/05/2014 09:36:56 - Removed Microsoft Silverlight
RP240: 13/05/2014 18:34:10 - Installed Java 7 Update 55
RP241: 13/05/2014 18:37:22 - Removed Java™ 6 Update 17 (64-bit)
RP242: 13/05/2014 23:05:25 - Installed Smart-X AppLocker
RP243: 13/05/2014 23:12:08 - Removed Smart-X AppLocker
RP244: 14/05/2014 02:40:41 - Restore Operation
RP245: 14/05/2014 19:27:55 - Removed Visual Studio 2012 x86 Redistributables
RP246: 14/05/2014 19:28:47 - Removed Visual Studio 2012 x64 Redistributables
RP247: 14/05/2014 19:29:19 - Removed Visual Studio 2010 x64 Redistributables
RP248: 16/05/2014 10:55:32 - McAfee Vulnerability Scanner
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.06)
Advanced Audio FX Engine
AVG
AVG Zen
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DriverUpdate
FMW 1
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HTC Sync Manager
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPTInstaller
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
Lexmark S300-S400 Series
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 7.0
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
My Dell
PC Image Editor
Photo Common
Photo Gallery
Plusnet Assist
Plusnet Protect
PowerDVD DX
Quickset64
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Serif DrawPlus Starter Edition
Skype Click to Call
Skype Web Plugin
Skype™ 6.14
Spelling Dictionaries Support For Adobe Reader 9
Strongvault Online Backup
UnHackMe 7.11 release
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
16/05/2014 16:58:52, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
16/05/2014 16:54:51, Error: Service Control Manager [7003]  - The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
16/05/2014 16:54:50, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVGIDSHA
16/05/2014 16:54:19, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
16/05/2014 16:54:11, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
16/05/2014 16:54:11, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
16/05/2014 16:54:11, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
16/05/2014 16:54:11, Error: Service Control Manager [7000]  - The AVG Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
16/05/2014 16:54:09, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
16/05/2014 13:53:38, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
16/05/2014 13:53:38, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
16/05/2014 13:53:38, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/05/2014 08:38:56, Error: Service Control Manager [7000]  - The MBAMWebAccessControl service failed to start due to the following error:  There are no more endpoints available from the endpoint mapper.
.
==== End Of File ========================

 

The virus happened when I upgraded AVG, this program will not uninstall.

I was on this page requesting help and I have been advised to post on this site.http://www.bleepingcomputer.com/forums/t/534343/virus-this-prog-is-blocked-by-group-policy



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 19 May 2014 - 01:43 PM

Hi geridear and Welcome to Bleeping Computer

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 19 May 2014 - 04:56 PM

Hello geridear

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

I have looked over your over topic and it looks like you have tried removing AVG though Add and remove programs and have run the AVG Remover with no success. I would like you to try the following steps

Step 1
Now we need to remove a service.

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc config aswHwid start= disabled
           
    * Close the Command Prompt window

Now Restart your computer.

When your computer has rebooted:-

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc delete aswHwid
           
    * Close the Command Prompt window


Step 2


Remove AVG using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller

Select AVG and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official AVG uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked to.

After this has completed please repeat this for AVG ZEN

Step 3

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg                                                                                                                                                   
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 20 May 2014 - 02:24 AM

 

Hello geridear

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

I have looked over your over topic and it looks like you have tried removing AVG though Add and remove programs and have run the AVG Remover with no success. I would like you to try the following steps

Step 1
Now we need to remove a service.

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc config aswHwid start= disabled
           
    * Close the Command Prompt window

Now Restart your computer.

When your computer has rebooted:-

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc delete aswHwid
           
    * Close the Command Prompt window


Step 2


Remove AVG using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller

Select AVG and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official AVG uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked to.

After this has completed please repeat this for AVG ZEN

Step 3

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg                                                                                                                                                   
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

 

Hi thank you for your help, I tried the very first step and it said - (SC) open service FAILED 5 :  Access is denied.   Do you want me to continue ?



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 20 May 2014 - 03:12 PM

Hi geridear

We'll address the "access denied error" later using another method. Please follow the following steps


Step 1

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

Step 2

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 20 May 2014 - 04:18 PM

 

Hello geridear

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

I have looked over your over topic and it looks like you have tried removing AVG though Add and remove programs and have run the AVG Remover with no success. I would like you to try the following steps

Step 1
Now we need to remove a service.

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc config aswHwid start= disabled
           
    * Close the Command Prompt window

Now Restart your computer.

When your computer has rebooted:-

    * Click Start >> Run, type cmd into the Open editbox and click the Ok button.

    * Copy/paste the line below into the Command Prompt window and press the Enter key:
            sc delete aswHwid
           
    * Close the Command Prompt window


Step 2


Remove AVG using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller

Select AVG and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official AVG uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked to.

After this has completed please repeat this for AVG ZEN

Step 3

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg                                                                                                                                                   
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/05/2014
Scan Time: 22:14:59
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Geraldine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264001
Time Elapsed: 37 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 21 May 2014 - 02:31 AM

Thank you for the Log.

 

When you reply back, please just include the logs from the reports. I am having to do a lot of scrolling to find your reply to my questions :)

 

Once I get the FRST logs, we can have another go at getting rid of AVG.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 21 May 2014 - 02:39 AM

Thank you for the Log.

 

When you reply back, please just include the logs from the reports. I am having to do a lot of scrolling to find your reply to my questions :)

 

Once I get the FRST logs, we can have another go at getting rid of AVG.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/05/2014
Scan Time: 22:14:59
Logfile: scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Geraldine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264001
Time Elapsed: 37 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

 

Is this the one you want ?



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 21 May 2014 - 08:30 AM

Hi ,

 

I need you to run this one. When you reply back, please just include the logs from the reports and not quoting what I have said. I am having to do a lot of scrolling to find your reply to my questions :)

 

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 21 May 2014 - 09:10 AM

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Geraldine at 2014-05-21 14:59:30
Running from C:\Users\Geraldine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFVAR0QN
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG (HKLM\...\AvgZen) (Version: 1.0.229 - AVG Technologies)
AVG Zen (Version: 1.0.229 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
DriverUpdate (HKLM-x32\...\{554D1038-9882-4CC8-9CC5-F8AB6C556469}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
FMW 1 (Version: 1.0.178 - AVG) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{B78CFC07-B623-4995-ADCC-B2B4D59D083A}) (Version: 3.3.21 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PC Image Editor (HKLM-x32\...\PC Image Editor) (Version: 4.0 - www.program4pc.com)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plusnet Assist (HKLM-x32\...\Plusnet Assist) (Version:  - )
Plusnet Protect (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
UnHackMe 7.11 release (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-05-2014 22:05:25 Installed Smart-X AppLocker
13-05-2014 22:12:08 Removed Smart-X AppLocker
14-05-2014 01:40:41 Restore Operation
14-05-2014 18:27:55 Removed Visual Studio 2012 x86 Redistributables
14-05-2014 18:28:47 Removed Visual Studio 2012 x64 Redistributables
14-05-2014 18:29:19 Removed Visual Studio 2010 x64 Redistributables
16-05-2014 09:55:32 McAfee Vulnerability Scanner
18-05-2014 20:13:28 Windows Backup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {166E23BE-BD5D-48B8-857A-7F81F39F2AE8} - System32\Tasks\{4E76DD75-2A4F-44EC-A4B3-347640FF3C64} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116.259/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {1B53A1BA-9B73-4F2B-8D7B-D3BBA4EF6261} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {349DF8C8-6B6A-45BA-A8C8-D6E730E33025} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {391D66A9-BDE8-4AA6-B9E0-D22591985033} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3C2085BC-F39D-4094-B00B-72E0B65FE269} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2014-03-28] (Greatis Software)
Task: {5A72FE55-E039-4D88-814C-E4FC51ECBB68} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {66167FDE-2F4F-45F0-A595-83CD34FB8309} - System32\Tasks\task56238 => C:\Users\Geraldine\AppData\Roaming\EIQGM.exe
Task: {6A0F10FD-5AC6-4011-905A-866DD7892946} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7859B141-E6AF-4656-84D9-530F8BA4BAC6} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] ()
Task: {844BD81C-48BB-4EF7-928C-69D0632AF553} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)
Task: {BE6A6521-7F6C-4E5B-A0F1-64A76513EA28} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CC361AF8-6447-4572-9C01-FCC4ED73DC36} - System32\Tasks\DHKCMSJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {EA61EB3A-86E0-4714-8A82-CB93DC8B3A43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-17 08:29 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-03-17 08:29 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2011-12-04 12:47 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00655360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-15 17:46 - 2013-11-15 17:46 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2009-10-15 09:10 - 2009-10-15 09:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-11-13 22:15 - 2009-11-13 22:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2013-11-15 17:45 - 2013-11-15 17:45 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-15 17:47 - 2013-11-15 17:47 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-15 17:48 - 2013-11-15 17:48 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: btbb_McciTrayApp => OTIFIER.EXE"
MSCONFIG\startupreg: EzPrint => T.EXE"
MSCONFIG\startupreg: HotKeysCmds => DOWS\SYSTEM32\HKCMD.EXE
MSCONFIG\startupreg: IAAnotif => OTIF.EXE
MSCONFIG\startupreg: IgfxTray => DOWS\SYSTEM32\IGFXTRAY.EXE
MSCONFIG\startupreg: lxeamon.exe => .EXE"
MSCONFIG\startupreg: Persistence => DOWS\SYSTEM32\IGFXPERS.EXE
MSCONFIG\startupreg: SynTPEnh => H.EXE

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2014 01:00:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x670
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/17/2014 06:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1398
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/16/2014 06:26:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time stamp: 0x4fecfb0e
Exception code: 0xc0000005
Fault offset: 0x002d7c8d
Faulting process id: 0xbf0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/15/2014 07:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x123c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (05/21/2014 01:15:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (05/21/2014 01:11:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (05/21/2014 01:11:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHA

Error: (05/21/2014 01:11:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (05/21/2014 01:11:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (05/21/2014 01:10:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/21/2014 01:10:55 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (05/21/2014 01:10:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%1053

Error: (05/21/2014 01:10:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.

Error: (05/21/2014 01:10:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (05/18/2014 01:00:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d67001cf7285c5f9407fC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxf38e35bd-de83-11e3-81ef-a4badba8c2fa

Error: (05/17/2014 06:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d139801cf71d3199bd9dbC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxbfeb5730-ddea-11e3-a053-a4badba8c2fa

Error: (05/16/2014 06:26:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7MSHTML.dll9.0.8112.164484fecfb0ec0000005002d7c8dbf001cf711f8da12f9dC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll39ef86c6-dd1f-11e3-8378-a4badba8c2fa

Error: (05/15/2014 07:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d123c01cf705e9accbda1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxba86c7b0-dc5e-11e3-b2ac-a4badba8c2fa

==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 3032.36 MB
Available physical RAM: 835.57 MB
Total Pagefile: 6062.92 MB
Available Pagefile: 3475.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:118.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 880B8533)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ========

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Geraldine (administrator) on GERALDINE-PC on 21-05-2014 14:57:28
Running from C:\Users\Geraldine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFVAR0QN
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] =>  CARD\WLTRAY.EXE
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3246749680-152605928-1057695041-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3246749680-152605928-1057695041-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: biblioscape - No CLSID Value -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: biblioscape - No CLSID Value -
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC}: [NameServer]208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "Google");: user_pref("browser.search.order.1,S", "Google");
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "http_port", ""
FF NetworkProxy: "http", ""
FF NetworkProxy: "type", ""
FF NewTab: user_pref("browser.newtab.url", "");
FF NetworkProxy: "autoconfig_url", ""
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\Search_Results.xml
FF Extension: Birowsey22saave - C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net [2013-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-15]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-29] (Alcatel-Lucent)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-13] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-05-14] (Greatis Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-21] ()
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-21 13:15 - 2014-05-21 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-21 09:16 - 2014-05-21 09:16 - 00000864 _____ () C:\Users\Geraldine\Desktop\mal.txt
2014-05-21 08:35 - 2014-05-21 08:35 - 00001051 _____ () C:\Users\Geraldine\Desktop\scan.txt
2014-05-17 06:02 - 2014-05-17 06:02 - 00025600 _____ () C:\Users\Geraldine\Documents\Ray.wps
2014-05-16 17:08 - 2014-05-16 17:14 - 00018818 _____ () C:\Users\Geraldine\Desktop\dds.txt
2014-05-16 17:08 - 2014-05-16 17:13 - 00007357 _____ () C:\Users\Geraldine\Desktop\attach.txt
2014-05-16 17:06 - 2014-05-16 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 10:59 - 2014-05-16 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 10:59 - 2014-05-16 10:59 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 16:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 16:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 07:15 - 2014-05-21 13:15 - 00001846 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2014-05-15 07:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-15 07:12 - 2014-05-21 13:10 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-15 07:12 - 2014-05-15 07:14 - 00000000 ____D () C:\Program Files\McAfee
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-15 00:09 - 2014-05-15 00:09 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Geraldine\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-05-15 00:09 - 2014-05-15 00:09 - 00120252 _____ () C:\Users\Geraldine\Downloads\avgremover.log
2014-05-14 22:55 - 2014-05-14 22:57 - 00003116 _____ () C:\Users\Geraldine\Desktop\Rkill.txt
2014-05-14 20:27 - 2014-05-14 20:28 - 00026914 _____ () C:\Users\Geraldine\Downloads\Addition.txt
2014-05-14 20:26 - 2014-05-14 20:28 - 00037567 _____ () C:\Users\Geraldine\Downloads\FRST.txt
2014-05-14 20:25 - 2014-05-21 14:57 - 00000000 ____D () C:\FRST
2014-05-14 20:25 - 2014-05-14 20:25 - 02066944 _____ (Farbar) C:\Users\Geraldine\Downloads\FRST64.exe
2014-05-14 20:23 - 2014-05-14 20:23 - 00001837 _____ () C:\Users\Geraldine\Desktop\fixlist.txt
2014-05-14 20:10 - 2014-05-14 20:10 - 00009290 _____ () C:\Users\Geraldine\Desktop\HKLM_safer.txt
2014-05-14 19:39 - 2014-05-14 19:39 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-14 19:38 - 2014-05-21 13:10 - 00000250 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-05-14 19:15 - 2014-05-15 07:06 - 00000000 ____D () C:\Program Files\stinger
2014-05-14 19:14 - 2014-05-20 19:47 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-14 19:14 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Dell Edoc Viewer
2014-05-14 15:49 - 2014-05-14 15:49 - 00001101 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_154949.txt
2014-05-14 13:12 - 2014-05-14 13:13 - 00000000 ____D () C:\ProgramData\RegRun
2014-05-14 13:10 - 2014-05-14 13:10 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-05-14 13:04 - 2014-05-14 13:13 - 00000000 ____D () C:\Users\Geraldine\Documents\RegRun2
2014-05-14 13:04 - 2014-05-14 13:04 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-05-14 13:04 - 2014-05-14 13:04 - 00003340 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-05-14 13:03 - 2014-05-15 07:20 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-05-14 13:03 - 2014-05-14 13:04 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-05-14 13:03 - 2014-05-14 13:03 - 00000969 _____ () C:\Users\Geraldine\Desktop\UnHackMe.lnk
2014-05-14 13:03 - 2014-05-14 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-05-14 13:03 - 2014-03-28 13:01 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-05-14 10:19 - 2014-05-18 13:00 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\CrashDumps
2014-05-14 09:49 - 2014-05-14 09:50 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\AvgSetupLog
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Avg
2014-05-14 09:48 - 2014-05-14 09:48 - 00178423 _____ () C:\Users\Geraldine\AppData\Local\census.cache
2014-05-14 09:48 - 2014-05-14 09:48 - 00082578 _____ () C:\Users\Geraldine\AppData\Local\ars.cache
2014-05-14 09:27 - 2012-06-05 08:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-05-14 09:26 - 2014-05-14 09:26 - 00000036 _____ () C:\Users\Geraldine\AppData\Local\housecall.guid.cache
2014-05-14 03:33 - 2014-05-14 03:33 - 00003893 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05142014_033310.txt
2014-05-14 03:32 - 2014-05-14 03:32 - 00003669 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_033256.txt
2014-05-13 21:39 - 2014-05-13 21:39 - 00003286 _____ () C:\Windows\System32\Tasks\{D10A1D8F-8A21-49FF-9568-8A04257A872E}
2014-05-13 19:34 - 2014-05-21 13:10 - 00006656 _____ () C:\Windows\PFRO.log
2014-05-13 19:29 - 2014-05-13 19:29 - 00003256 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05132014_192937.txt
2014-05-13 19:18 - 2014-05-13 19:18 - 00003086 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05132014_191837.txt
2014-05-13 19:12 - 2014-05-14 03:33 - 00000000 ____D () C:\Users\Geraldine\Desktop\RK_Quarantine
2014-05-13 19:11 - 2014-05-13 19:11 - 03972608 _____ () C:\Users\Geraldine\Desktop\RogueKiller.exe
2014-05-13 19:10 - 2014-05-13 19:10 - 03972608 _____ () C:\Users\Geraldine\Downloads\RogueKiller.exe
2014-05-13 19:09 - 2014-05-13 19:09 - 00011776 _____ () C:\Users\Geraldine\Documents\virus.wps
2014-05-13 18:36 - 2014-05-13 18:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 18:35 - 2014-05-14 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 18:35 - 2014-05-13 18:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-13 18:34 - 2014-05-13 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-13 17:49 - 2014-05-21 13:10 - 00002688 _____ () C:\Windows\setupact.log
2014-05-13 17:49 - 2014-05-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-13 17:41 - 2014-05-13 17:41 - 00000276 _____ () C:\Users\Geraldine\Desktop\Deleteevents.bat
2014-05-13 17:37 - 2014-05-13 17:37 - 00000276 _____ () C:\Users\Geraldine\Documents\Deleteevents.bat
2014-05-13 16:38 - 2014-05-13 16:38 - 00009216 _____ () C:\Users\Geraldine\Documents\ClearAll.bat..wps
2014-05-13 13:10 - 2014-05-21 14:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 12:54 - 2014-05-13 12:55 - 00000000 _____ () C:\Users\Geraldine\notepad
2014-05-13 12:54 - 2014-05-13 12:55 - 00000000 _____ () C:\Users\Geraldine\cd
2014-05-13 07:11 - 2014-05-13 07:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 23:36 - 2014-04-30 23:36 - 00011264 _____ () C:\Users\Geraldine\Documents\Life.wps
2014-04-26 18:39 - 2014-04-26 18:39 - 00017408 _____ () C:\Users\Geraldine\Documents\Untitled Document dan 2014.wps
2014-04-26 17:55 - 2014-04-26 17:55 - 00016079 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016059 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016057 _____ () C:\Users\Geraldine\Downloads\Wd0000017.docm
2014-04-26 15:07 - 2014-04-26 15:07 - 00055808 _____ () C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps
2014-04-26 13:47 - 2014-04-26 13:47 - 00016034 _____ () C:\Users\Geraldine\Downloads\Wd0000012.docm
2014-04-26 13:46 - 2014-04-26 13:46 - 00016012 _____ () C:\Users\Geraldine\Downloads\Wd0000011.docm

==================== One Month Modified Files and Folders =======

2014-05-21 14:57 - 2014-05-14 20:25 - 00000000 ____D () C:\FRST
2014-05-21 14:44 - 2014-05-13 13:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 14:11 - 2011-12-04 13:14 - 00000000 ____D () C:\Users\Geraldine\AppData\Roaming\Skype
2014-05-21 14:07 - 2012-08-07 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 13:18 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 13:18 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 13:15 - 2014-05-21 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-21 13:15 - 2014-05-15 07:15 - 00001846 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2014-05-21 13:12 - 2014-03-27 09:08 - 00002860 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-05-21 13:12 - 2014-03-27 09:08 - 00000426 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-05-21 13:11 - 2014-03-27 09:08 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-21 13:11 - 2013-12-08 18:47 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\HTC MediaHub
2014-05-21 13:11 - 2013-06-01 16:20 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Htc
2014-05-21 13:10 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-21 13:10 - 2014-05-14 19:38 - 00000250 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-05-21 13:10 - 2014-05-13 19:34 - 00006656 _____ () C:\Windows\PFRO.log
2014-05-21 13:10 - 2014-05-13 17:49 - 00002688 _____ () C:\Windows\setupact.log
2014-05-21 13:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 09:16 - 2014-05-21 09:16 - 00000864 _____ () C:\Users\Geraldine\Desktop\mal.txt
2014-05-21 08:35 - 2014-05-21 08:35 - 00001051 _____ () C:\Users\Geraldine\Desktop\scan.txt
2014-05-20 19:47 - 2014-05-14 19:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-20 16:47 - 2009-07-14 06:10 - 01354765 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 16:44 - 2013-05-22 09:13 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-19 19:24 - 2012-08-21 16:29 - 00040907 _____ () C:\Users\Geraldine\Documents\Wd0000000.docm
2014-05-18 23:47 - 2010-03-17 08:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-18 14:08 - 2012-01-19 13:46 - 00329673 _____ () C:\ProgramData\lxeaJSW.log
2014-05-18 14:08 - 2011-12-04 12:49 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-18 13:00 - 2014-05-14 10:19 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\CrashDumps
2014-05-17 08:23 - 2011-12-04 12:25 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\VirtualStore
2014-05-17 06:02 - 2014-05-17 06:02 - 00025600 _____ () C:\Users\Geraldine\Documents\Ray.wps
2014-05-17 06:02 - 2011-12-11 19:38 - 00008194 _____ () C:\Users\Geraldine\AppData\Roaming\wklnhst.dat
2014-05-16 17:14 - 2014-05-16 17:08 - 00018818 _____ () C:\Users\Geraldine\Desktop\dds.txt
2014-05-16 17:13 - 2014-05-16 17:08 - 00007357 _____ () C:\Users\Geraldine\Desktop\attach.txt
2014-05-16 17:06 - 2014-05-16 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 17:00 - 2011-12-04 12:44 - 00000000 ____D () C:\Users\Geraldine\AppData\Roaming\Adobe
2014-05-16 10:59 - 2014-05-16 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 10:59 - 2014-05-16 10:59 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-16 10:58 - 2012-03-07 15:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 10:58 - 2011-12-04 15:45 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Adobe
2014-05-15 18:45 - 2010-03-17 08:52 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-15 16:49 - 2013-04-27 12:13 - 00000000 ____D () C:\ProgramData\Birowsey22saave
2014-05-15 16:46 - 2014-05-15 16:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 07:20 - 2014-05-14 13:03 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-05-15 07:14 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-15 07:06 - 2014-05-14 19:15 - 00000000 ____D () C:\Program Files\stinger
2014-05-15 00:09 - 2014-05-15 00:09 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Geraldine\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-05-15 00:09 - 2014-05-15 00:09 - 00120252 _____ () C:\Users\Geraldine\Downloads\avgremover.log
2014-05-15 00:07 - 2012-12-31 14:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-14 22:57 - 2014-05-14 22:55 - 00003116 _____ () C:\Users\Geraldine\Desktop\Rkill.txt
2014-05-14 20:28 - 2014-05-14 20:27 - 00026914 _____ () C:\Users\Geraldine\Downloads\Addition.txt
2014-05-14 20:28 - 2014-05-14 20:26 - 00037567 _____ () C:\Users\Geraldine\Downloads\FRST.txt
2014-05-14 20:25 - 2014-05-14 20:25 - 02066944 _____ (Farbar) C:\Users\Geraldine\Downloads\FRST64.exe
2014-05-14 20:23 - 2014-05-14 20:23 - 00001837 _____ () C:\Users\Geraldine\Desktop\fixlist.txt
2014-05-14 20:10 - 2014-05-14 20:10 - 00009290 _____ () C:\Users\Geraldine\Desktop\HKLM_safer.txt
2014-05-14 19:40 - 2012-10-13 21:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-14 19:39 - 2014-05-14 19:39 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-14 19:26 - 2013-10-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Coupon Printer
2014-05-14 19:25 - 2013-10-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2014-05-14 15:53 - 2010-03-17 08:39 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-14 15:52 - 2014-05-14 15:52 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Dell Edoc Viewer
2014-05-14 15:49 - 2014-05-14 15:49 - 00001101 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_154949.txt
2014-05-14 13:13 - 2014-05-14 13:12 - 00000000 ____D () C:\ProgramData\RegRun
2014-05-14 13:13 - 2014-05-14 13:04 - 00000000 ____D () C:\Users\Geraldine\Documents\RegRun2
2014-05-14 13:12 - 2011-12-04 12:22 - 00000000 ___RD () C:\Users\Geraldine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 13:10 - 2014-05-14 13:10 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-05-14 13:04 - 2014-05-14 13:04 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-05-14 13:04 - 2014-05-14 13:04 - 00003340 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-05-14 13:04 - 2014-05-14 13:03 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-05-14 13:03 - 2014-05-14 13:03 - 00000969 _____ () C:\Users\Geraldine\Desktop\UnHackMe.lnk
2014-05-14 13:03 - 2014-05-14 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-05-14 12:07 - 2012-08-07 14:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:07 - 2012-08-07 14:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:07 - 2011-12-11 16:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:50 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\AvgSetupLog
2014-05-14 09:50 - 2013-07-31 10:43 - 00000000 ____D () C:\ProgramData\AVG
2014-05-14 09:50 - 2012-12-31 14:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Avg
2014-05-14 09:48 - 2014-05-14 09:48 - 00178423 _____ () C:\Users\Geraldine\AppData\Local\census.cache
2014-05-14 09:48 - 2014-05-14 09:48 - 00082578 _____ () C:\Users\Geraldine\AppData\Local\ars.cache
2014-05-14 09:26 - 2014-05-14 09:26 - 00000036 _____ () C:\Users\Geraldine\AppData\Local\housecall.guid.cache
2014-05-14 08:55 - 2012-09-19 08:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-14 03:33 - 2014-05-14 03:33 - 00003893 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05142014_033310.txt
2014-05-14 03:33 - 2014-05-13 19:12 - 00000000 ____D () C:\Users\Geraldine\Desktop\RK_Quarantine
2014-05-14 03:32 - 2014-05-14 03:32 - 00003669 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_033256.txt
2014-05-14 03:14 - 2011-12-04 12:21 - 00000000 ____D () C:\Users\Geraldine
2014-05-14 03:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-05-14 03:09 - 2012-04-03 09:54 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Google
2014-05-14 02:55 - 2014-05-13 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-14 02:54 - 2010-03-17 08:28 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-14 02:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-13 21:39 - 2014-05-13 21:39 - 00003286 _____ () C:\Windows\System32\Tasks\{D10A1D8F-8A21-49FF-9568-8A04257A872E}
2014-05-13 19:29 - 2014-05-13 19:29 - 00003256 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05132014_192937.txt
2014-05-13 19:29 - 2012-01-11 15:20 - 00000000 __SHD () C:\Users\Geraldine\AppData\Local\{ac885259-cf8e-e18c-def4-d232aa8b8ff8}
2014-05-13 19:18 - 2014-05-13 19:18 - 00003086 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05132014_191837.txt
2014-05-13 19:11 - 2014-05-13 19:11 - 03972608 _____ () C:\Users\Geraldine\Desktop\RogueKiller.exe
2014-05-13 19:10 - 2014-05-13 19:10 - 03972608 _____ () C:\Users\Geraldine\Downloads\RogueKiller.exe
2014-05-13 19:09 - 2014-05-13 19:09 - 00011776 _____ () C:\Users\Geraldine\Documents\virus.wps
2014-05-13 18:36 - 2014-05-13 18:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 18:35 - 2014-05-13 18:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-13 18:34 - 2014-05-13 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-13 17:49 - 2014-05-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-13 17:41 - 2014-05-13 17:41 - 00000276 _____ () C:\Users\Geraldine\Desktop\Deleteevents.bat
2014-05-13 17:37 - 2014-05-13 17:37 - 00000276 _____ () C:\Users\Geraldine\Documents\Deleteevents.bat
2014-05-13 17:03 - 2013-09-23 10:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 17:03 - 2011-12-05 19:36 - 00000000 ____D () C:\Users\Geraldine\Tracing
2014-05-13 17:03 - 2010-03-17 11:07 - 00000000 ____D () C:\Windows\Panther
2014-05-13 16:38 - 2014-05-13 16:38 - 00009216 _____ () C:\Users\Geraldine\Documents\ClearAll.bat..wps
2014-05-13 14:22 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2014-05-13 13:09 - 2012-08-22 10:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 12:55 - 2014-05-13 12:54 - 00000000 _____ () C:\Users\Geraldine\notepad
2014-05-13 12:55 - 2014-05-13 12:54 - 00000000 _____ () C:\Users\Geraldine\cd
2014-05-13 09:48 - 2009-07-14 06:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 09:39 - 2012-09-30 09:22 - 00000000 ____D () C:\Windows\pss
2014-05-13 09:29 - 2011-12-04 16:13 - 00000000 ____D () C:\Users\Geraldine\Downloads\2000 - Copy
2014-05-13 08:44 - 2011-12-04 12:47 - 02030534 _____ () C:\ProgramData\lxeascan.log
2014-05-13 07:12 - 2013-04-11 14:24 - 00000000 ____D () C:\Program Files\Google
2014-05-13 07:11 - 2014-05-13 07:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-01 13:00 - 2012-08-14 15:06 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Windows Live
2014-05-01 12:51 - 2013-05-26 21:34 - 00006144 _____ () C:\Users\Geraldine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-30 23:36 - 2014-04-30 23:36 - 00011264 _____ () C:\Users\Geraldine\Documents\Life.wps
2014-04-27 20:14 - 2012-03-13 23:29 - 00238080 _____ () C:\Users\Geraldine\Documents\Untitled Document.wps
2014-04-26 18:39 - 2014-04-26 18:39 - 00017408 _____ () C:\Users\Geraldine\Documents\Untitled Document dan 2014.wps
2014-04-26 17:55 - 2014-04-26 17:55 - 00016079 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016059 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016057 _____ () C:\Users\Geraldine\Downloads\Wd0000017.docm
2014-04-26 17:54 - 2013-05-04 10:12 - 00016033 _____ () C:\Users\Geraldine\Downloads\Wd0000015.docm
2014-04-26 17:28 - 2012-12-31 17:49 - 00220968 _____ () C:\Windows\system32\LexFiles.ulf
2014-04-26 17:27 - 2012-12-31 17:50 - 00002003 _____ () C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
2014-04-26 17:26 - 2012-12-31 17:49 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-04-26 15:07 - 2014-04-26 15:07 - 00055808 _____ () C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps
2014-04-26 13:47 - 2014-04-26 13:47 - 00016034 _____ () C:\Users\Geraldine\Downloads\Wd0000012.docm
2014-04-26 13:46 - 2014-04-26 13:46 - 00016012 _____ () C:\Users\Geraldine\Downloads\Wd0000011.docm
2014-04-25 08:26 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 17:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 17:32

==================== End Of Log =========



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 21 May 2014 - 03:19 PM

Hi Geridear

Step 1

Please delete the following file

C:\Users\Geraldine\Desktop\fixlist.txt

Step 2

Please download Farbar Recovery Scan Tool 64-Bit and save it to your Desktop.


Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Handler: biblioscape - No CLSID Value -
Handler-x32: biblioscape - No CLSID Value -
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml
FF Extension: Birowsey22saave - C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net [2013-05-04]
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG Technologies CZ, s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys
2014-04-26 17:55 - 2014-04-26 17:55 - 00016079 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016059 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016057 _____ () C:\Users\Geraldine\Downloads\Wd0000017.docm
2014-04-26 15:07 - 2014-04-26 15:07 - 00055808 _____ () C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps
2014-04-26 13:47 - 2014-04-26 13:47 - 00016034 _____ () C:\Users\Geraldine\Downloads\Wd0000012.docm
2014-04-26 13:46 - 2014-04-26 13:46 - 00016012 _____ () C:\Users\Geraldine\Downloads\Wd0000011.docm
2014-05-15 16:49 - 2013-04-27 12:13 - 00000000 ____D () C:\ProgramData\Birowsey22saave
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll
Task: {391D66A9-BDE8-4AA6-B9E0-D22591985033} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {66167FDE-2F4F-45F0-A595-83CD34FB8309} - System32\Tasks\task56238 => C:\Users\Geraldine\AppData\Roaming\EIQGM.exe
C:\Users\Geraldine\AppData\Roaming\EIQGM.exe

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 3

---> Exit all running programs!

---> Run RogueKiller

---> Click [Scan]

---> Then click [Report] Once the scan is complete, copy and paste the report on the forum.

(The report is also on the desktop)


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 21 May 2014 - 08:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Geraldine at 2014-05-22 02:30:35 Run:1
Running from C:\Users\Geraldine\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL
=
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Handler: biblioscape - No CLSID Value -
Handler-x32: biblioscape - No CLSID Value -
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml
FF Extension: Birowsey22saave - C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net [2013-05-04]
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG
Technologies CZ, s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys
2014-04-26 17: 55 - 2014-04-26  17: 55 - 00016079  _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016059 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016057 _____ () C:\Users\Geraldine\Downloads\Wd0000017.docm
2014-04-26 15: 07 - 2014-04-26  15:07 - 00055808 _____ () C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps
2014-04-26 13:47 - 2014-04-26 13:47 - 00016034 _____ () C:\Users\Geraldine\Downloads\Wd0000012.docm
2014-04-26 13:46 - 2014-04-26 13:46 - 00016012 _____ () C:\Users\Geraldine\Downloads\Wd0000011.docm
2014-05-15 16:49 - 2013-04-27 12:13 - 00000000 ____D () C:\ProgramData\Birowsey22saave
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll
Task: {391D66A9-BDE8-4AA6-B9E0-D22591985033} - System32\Tasks\0
=> Iexplore.exe  <==== ATTENTION
Task: {66167FDE-2F4F-45F0-A595-83CD34FB8309} - System32\Tasks\task56238 => C:\Users\Geraldine\AppData\Roaming\EIQGM.exe
C:\Users\Geraldine\AppData\Roaming\EIQGM.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} => Value deleted successfully.
HKCR\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Value deleted successfully.
HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Key not found.
HKCR\PROTOCOLS\Handler\Handler: biblioscape - No CLSID Value - => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: biblioscape - No CLSID Value - => Key not found.
C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net => Moved successfully.
avgsvc => Service deleted successfully.
aswHwid => Service stopped successfully.
aswHwid => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
C:\Users\Geraldine\Downloads\Wd0000016.docm.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000016.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000017.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000012.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000011.docm => Moved successfully.
C:\ProgramData\Birowsey22saave => Moved successfully.
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll => Moved successfully.
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{391D66A9-BDE8-4AA6-B9E0-D22591985033} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{391D66A9-BDE8-4AA6-B9E0-D22591985033} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66167FDE-2F4F-45F0-A595-83CD34FB8309} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66167FDE-2F4F-45F0-A595-83CD34FB8309} => Key deleted successfully.
C:\Windows\System32\Tasks\task56238 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task56238 => Key deleted successfully.
"C:\Users\Geraldine\AppData\Roaming\EIQGM.exe" => File/Directory not found.

==== End of Fixlog ====



#13 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 21 May 2014 - 08:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Geraldine at 2014-05-22 02:30:35 Run:1
Running from C:\Users\Geraldine\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_uid=0968319085034240&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL
=
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Handler: biblioscape - No CLSID Value -
Handler-x32: biblioscape - No CLSID Value -
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml
FF Extension: Birowsey22saave - C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net [2013-05-04]
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG
Technologies CZ, s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys
2014-04-26 17: 55 - 2014-04-26  17: 55 - 00016079  _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016059 _____ () C:\Users\Geraldine\Downloads\Wd0000016.docm
2014-04-26 17:54 - 2014-04-26 17:54 - 00016057 _____ () C:\Users\Geraldine\Downloads\Wd0000017.docm
2014-04-26 15: 07 - 2014-04-26  15:07 - 00055808 _____ () C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps
2014-04-26 13:47 - 2014-04-26 13:47 - 00016034 _____ () C:\Users\Geraldine\Downloads\Wd0000012.docm
2014-04-26 13:46 - 2014-04-26 13:46 - 00016012 _____ () C:\Users\Geraldine\Downloads\Wd0000011.docm
2014-05-15 16:49 - 2013-04-27 12:13 - 00000000 ____D () C:\ProgramData\Birowsey22saave
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll
Task: {391D66A9-BDE8-4AA6-B9E0-D22591985033} - System32\Tasks\0
=> Iexplore.exe  <==== ATTENTION
Task: {66167FDE-2F4F-45F0-A595-83CD34FB8309} - System32\Tasks\task56238 => C:\Users\Geraldine\AppData\Roaming\EIQGM.exe
C:\Users\Geraldine\AppData\Roaming\EIQGM.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} => Value deleted successfully.
HKCR\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Value deleted successfully.
HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Key not found.
HKCR\PROTOCOLS\Handler\Handler: biblioscape - No CLSID Value - => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: biblioscape - No CLSID Value - => Key not found.
C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\Extensions\qqk.gib@p-xrrf.net => Moved successfully.
avgsvc => Service deleted successfully.
aswHwid => Service stopped successfully.
aswHwid => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
C:\Users\Geraldine\Downloads\Wd0000016.docm.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000016.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000017.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000011 buttle.wps => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000012.docm => Moved successfully.
C:\Users\Geraldine\Downloads\Wd0000011.docm => Moved successfully.
C:\ProgramData\Birowsey22saave => Moved successfully.
C:\Users\Geraldine\AppData\Local\Temp\cw_vufox.dll => Moved successfully.
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{391D66A9-BDE8-4AA6-B9E0-D22591985033} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{391D66A9-BDE8-4AA6-B9E0-D22591985033} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66167FDE-2F4F-45F0-A595-83CD34FB8309} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66167FDE-2F4F-45F0-A595-83CD34FB8309} => Key deleted successfully.
C:\Windows\System32\Tasks\task56238 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task56238 => Key deleted successfully.
"C:\Users\Geraldine\AppData\Roaming\EIQGM.exe" => File/Directory not found.

==== End of Fixlog ====

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Geraldine [Admin rights]
Mode : Scan -- Date : 05/22/2014 02:40:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FDF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FB741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719176AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FBBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FB8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FDE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FE428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71907525)
[Address] EAT @iexplore.exe (CloseThemeData) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F1FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FD464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7190436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FE776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FE5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FDB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FA70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7190786D)
[Address] EAT @iexplore.exe (EnableTheming) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FCF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719063AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FEBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FDA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71907155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71900190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F4B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F6651)
[Address] EAT @iexplore.exe (GetThemeColor) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F27C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F27C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B997)
[Address] EAT @iexplore.exe (GetThemeFont) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719076A2)
[Address] EAT @iexplore.exe (GetThemeInt) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F27C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F2F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719055B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F289F)
[Address] EAT @iexplore.exe (GetThemePosition) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71900923)
[Address] EAT @iexplore.exe (GetThemeRect) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B936)
[Address] EAT @iexplore.exe (GetThemeStream) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71905530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F89FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7190778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718FE1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7190535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71902DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71907009)
[Address] EAT @iexplore.exe (IsCompositionActive) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F65DF)
[Address] EAT @iexplore.exe (IsThemeActive) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71906F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F30CF)
[Address] EAT @iexplore.exe (OpenThemeData) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F5F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719006FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7191CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71907AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F9E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718F4571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : comctl32.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x719175ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 62cc25cfbcb558f2981edac4c0fe486b
[BSP] c0fa0c0e981836701e4d42c6171c1c09 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05222014_024020.txt >>
RKreport[0]_D_05132014_192937.txt;RKreport[0]_D_05142014_033310.txt;RKreport[0]_S_05132014_191837.txt
RKreport[0]_S_05142014_033256.txt;RKrepo



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:15 AM

Posted 22 May 2014 - 05:36 PM

Hi geridear

Step 1

We need to re-run FRST.

  • Double Click the Program to Run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.

Step 2

Download ESET Services repair tool (ServicesRepair.exe) to your Desktop:
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

  • Double-click the services repair tool (ServicesRepair.exe) that you downloaded in the previous step.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Press "Scan".
When finished, It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log in your next reply.

Step 4

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please copy and paste the contents of that document in your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 AM

Posted 23 May 2014 - 12:12 AM

 Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Adobe Reader 9 
 Adobe Reader XI 
 Google Chrome 21.0.1180.89 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 21-05-2014
Ran by Geraldine (administrator) on 23-05-2014 at 05:55:17
Running from "C:\Users\Geraldine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNPD1FJT"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Geraldine (administrator) on GERALDINE-PC on 23-05-2014 05:27:40
Running from C:\Users\Geraldine\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] =>  CARD\WLTRAY.EXE
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3246749680-152605928-1057695041-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3246749680-152605928-1057695041-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {02BF6940-8A48-42FE-A28E-8710D4ABB3E7} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: biblioscape - No CLSID Value -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: biblioscape - No CLSID Value -
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AA9B8DDF-A9DD-41F7-B03F-E381989DBEAC}: [NameServer]208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "Google");: user_pref("browser.search.order.1,S", "Google");
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "http_port", ""
FF NetworkProxy: "http", ""
FF NetworkProxy: "type", ""
FF NewTab: user_pref("browser.newtab.url", "");
FF NetworkProxy: "autoconfig_url", ""
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Geraldine\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn42is.default-1358805642863\searchplugins\Search_Results.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-15]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-29] (Alcatel-Lucent)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-05-14] (Greatis Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-23] ()
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-23 05:27 - 2014-05-23 05:28 - 00018068 _____ () C:\Users\Geraldine\Desktop\FRST.txt
2014-05-23 05:21 - 2014-05-23 05:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-22 02:40 - 2014-05-22 02:40 - 00010683 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05222014_024020.txt
2014-05-22 02:25 - 2014-05-22 02:26 - 02067456 _____ (Farbar) C:\Users\Geraldine\Desktop\FRST64.exe
2014-05-21 09:16 - 2014-05-21 09:16 - 00000864 _____ () C:\Users\Geraldine\Desktop\mal.txt
2014-05-21 08:35 - 2014-05-21 08:35 - 00001051 _____ () C:\Users\Geraldine\Desktop\scan.txt
2014-05-17 06:02 - 2014-05-17 06:02 - 00025600 _____ () C:\Users\Geraldine\Documents\Ray.wps
2014-05-16 17:08 - 2014-05-16 17:14 - 00018818 _____ () C:\Users\Geraldine\Desktop\dds.txt
2014-05-16 17:08 - 2014-05-16 17:13 - 00007357 _____ () C:\Users\Geraldine\Desktop\attach.txt
2014-05-16 17:06 - 2014-05-16 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 10:59 - 2014-05-16 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 10:59 - 2014-05-16 10:59 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 16:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 16:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 07:15 - 2014-05-23 05:21 - 00001846 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2014-05-15 07:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-15 07:12 - 2014-05-22 14:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-15 07:12 - 2014-05-15 07:14 - 00000000 ____D () C:\Program Files\McAfee
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-15 00:09 - 2014-05-15 00:09 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Geraldine\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-05-15 00:09 - 2014-05-15 00:09 - 00120252 _____ () C:\Users\Geraldine\Downloads\avgremover.log
2014-05-14 22:55 - 2014-05-14 22:57 - 00003116 _____ () C:\Users\Geraldine\Desktop\Rkill.txt
2014-05-14 20:27 - 2014-05-14 20:28 - 00026914 _____ () C:\Users\Geraldine\Downloads\Addition.txt
2014-05-14 20:26 - 2014-05-14 20:28 - 00037567 _____ () C:\Users\Geraldine\Downloads\FRST.txt
2014-05-14 20:25 - 2014-05-23 05:27 - 00000000 ____D () C:\FRST
2014-05-14 20:25 - 2014-05-14 20:25 - 02066944 _____ (Farbar) C:\Users\Geraldine\Downloads\FRST64.exe
2014-05-14 20:10 - 2014-05-14 20:10 - 00009290 _____ () C:\Users\Geraldine\Desktop\HKLM_safer.txt
2014-05-14 19:39 - 2014-05-14 19:39 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-14 19:38 - 2014-05-23 05:14 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-05-14 19:15 - 2014-05-15 07:06 - 00000000 ____D () C:\Program Files\stinger
2014-05-14 19:14 - 2014-05-20 19:47 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-14 19:14 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Dell Edoc Viewer
2014-05-14 15:49 - 2014-05-14 15:49 - 00001101 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_154949.txt
2014-05-14 13:12 - 2014-05-14 13:13 - 00000000 ____D () C:\ProgramData\RegRun
2014-05-14 13:10 - 2014-05-14 13:10 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-05-14 13:04 - 2014-05-14 13:13 - 00000000 ____D () C:\Users\Geraldine\Documents\RegRun2
2014-05-14 13:04 - 2014-05-14 13:04 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-05-14 13:04 - 2014-05-14 13:04 - 00003340 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-05-14 13:03 - 2014-05-15 07:20 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-05-14 13:03 - 2014-05-14 13:04 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-05-14 13:03 - 2014-05-14 13:03 - 00000969 _____ () C:\Users\Geraldine\Desktop\UnHackMe.lnk
2014-05-14 13:03 - 2014-05-14 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-05-14 13:03 - 2014-03-28 13:01 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-05-14 10:19 - 2014-05-22 13:13 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\CrashDumps
2014-05-14 09:49 - 2014-05-14 09:50 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\AvgSetupLog
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Avg
2014-05-14 09:48 - 2014-05-14 09:48 - 00178423 _____ () C:\Users\Geraldine\AppData\Local\census.cache
2014-05-14 09:48 - 2014-05-14 09:48 - 00082578 _____ () C:\Users\Geraldine\AppData\Local\ars.cache
2014-05-14 09:27 - 2012-06-05 08:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-05-14 09:26 - 2014-05-14 09:26 - 00000036 _____ () C:\Users\Geraldine\AppData\Local\housecall.guid.cache
2014-05-14 03:33 - 2014-05-14 03:33 - 00003893 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05142014_033310.txt
2014-05-14 03:32 - 2014-05-14 03:32 - 00003669 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_033256.txt
2014-05-13 21:39 - 2014-05-13 21:39 - 00003286 _____ () C:\Windows\System32\Tasks\{D10A1D8F-8A21-49FF-9568-8A04257A872E}
2014-05-13 19:34 - 2014-05-22 14:41 - 00007016 _____ () C:\Windows\PFRO.log
2014-05-13 19:29 - 2014-05-13 19:29 - 00003256 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05132014_192937.txt
2014-05-13 19:18 - 2014-05-13 19:18 - 00003086 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05132014_191837.txt
2014-05-13 19:12 - 2014-05-14 03:33 - 00000000 ____D () C:\Users\Geraldine\Desktop\RK_Quarantine
2014-05-13 19:11 - 2014-05-13 19:11 - 03972608 _____ () C:\Users\Geraldine\Desktop\RogueKiller.exe
2014-05-13 19:10 - 2014-05-13 19:10 - 03972608 _____ () C:\Users\Geraldine\Downloads\RogueKiller.exe
2014-05-13 19:09 - 2014-05-13 19:09 - 00011776 _____ () C:\Users\Geraldine\Documents\virus.wps
2014-05-13 18:36 - 2014-05-13 18:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 18:35 - 2014-05-14 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-13 18:35 - 2014-05-13 18:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-13 18:34 - 2014-05-13 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-13 17:49 - 2014-05-23 05:14 - 00002968 _____ () C:\Windows\setupact.log
2014-05-13 17:49 - 2014-05-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-13 17:41 - 2014-05-13 17:41 - 00000276 _____ () C:\Users\Geraldine\Desktop\Deleteevents.bat
2014-05-13 17:37 - 2014-05-13 17:37 - 00000276 _____ () C:\Users\Geraldine\Documents\Deleteevents.bat
2014-05-13 16:38 - 2014-05-13 16:38 - 00009216 _____ () C:\Users\Geraldine\Documents\ClearAll.bat..wps
2014-05-13 13:10 - 2014-05-23 05:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 12:54 - 2014-05-13 12:55 - 00000000 _____ () C:\Users\Geraldine\notepad
2014-05-13 12:54 - 2014-05-13 12:55 - 00000000 _____ () C:\Users\Geraldine\cd
2014-05-13 07:11 - 2014-05-13 07:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 23:36 - 2014-04-30 23:36 - 00011264 _____ () C:\Users\Geraldine\Documents\Life.wps
2014-04-26 18:39 - 2014-04-26 18:39 - 00017408 _____ () C:\Users\Geraldine\Documents\Untitled Document dan 2014.wps

==================== One Month Modified Files and Folders =======

2014-05-23 05:28 - 2014-05-23 05:27 - 00018068 _____ () C:\Users\Geraldine\Desktop\FRST.txt
2014-05-23 05:27 - 2014-05-14 20:25 - 00000000 ____D () C:\FRST
2014-05-23 05:24 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 05:24 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 05:21 - 2014-05-23 05:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-23 05:21 - 2014-05-15 07:15 - 00001846 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2014-05-23 05:18 - 2014-05-13 13:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 05:18 - 2014-03-27 09:08 - 00002860 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-05-23 05:18 - 2014-03-27 09:08 - 00000426 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-05-23 05:18 - 2011-12-04 13:14 - 00000000 ____D () C:\Users\Geraldine\AppData\Roaming\Skype
2014-05-23 05:17 - 2014-03-27 09:08 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-23 05:15 - 2013-12-08 18:47 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\HTC MediaHub
2014-05-23 05:15 - 2013-06-01 16:20 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Htc
2014-05-23 05:14 - 2014-05-14 19:38 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-05-23 05:14 - 2014-05-13 17:49 - 00002968 _____ () C:\Windows\setupact.log
2014-05-23 05:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 23:07 - 2012-08-07 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 16:55 - 2009-07-14 06:10 - 01355269 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 16:52 - 2013-05-22 09:13 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-22 14:41 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-22 14:41 - 2014-05-13 19:34 - 00007016 _____ () C:\Windows\PFRO.log
2014-05-22 13:13 - 2014-05-14 10:19 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\CrashDumps
2014-05-22 02:40 - 2014-05-22 02:40 - 00010683 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05222014_024020.txt
2014-05-22 02:26 - 2014-05-22 02:25 - 02067456 _____ (Farbar) C:\Users\Geraldine\Desktop\FRST64.exe
2014-05-21 09:16 - 2014-05-21 09:16 - 00000864 _____ () C:\Users\Geraldine\Desktop\mal.txt
2014-05-21 08:35 - 2014-05-21 08:35 - 00001051 _____ () C:\Users\Geraldine\Desktop\scan.txt
2014-05-20 19:47 - 2014-05-14 19:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-19 19:24 - 2012-08-21 16:29 - 00040907 _____ () C:\Users\Geraldine\Documents\Wd0000000.docm
2014-05-18 23:47 - 2010-03-17 08:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-18 14:08 - 2012-01-19 13:46 - 00329673 _____ () C:\ProgramData\lxeaJSW.log
2014-05-18 14:08 - 2011-12-04 12:49 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-17 08:23 - 2011-12-04 12:25 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\VirtualStore
2014-05-17 06:02 - 2014-05-17 06:02 - 00025600 _____ () C:\Users\Geraldine\Documents\Ray.wps
2014-05-17 06:02 - 2011-12-11 19:38 - 00008194 _____ () C:\Users\Geraldine\AppData\Roaming\wklnhst.dat
2014-05-16 17:14 - 2014-05-16 17:08 - 00018818 _____ () C:\Users\Geraldine\Desktop\dds.txt
2014-05-16 17:13 - 2014-05-16 17:08 - 00007357 _____ () C:\Users\Geraldine\Desktop\attach.txt
2014-05-16 17:06 - 2014-05-16 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 17:00 - 2011-12-04 12:44 - 00000000 ____D () C:\Users\Geraldine\AppData\Roaming\Adobe
2014-05-16 10:59 - 2014-05-16 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 10:59 - 2014-05-16 10:59 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-16 10:58 - 2012-03-07 15:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 10:58 - 2011-12-04 15:45 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Adobe
2014-05-15 18:45 - 2010-03-17 08:52 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-15 16:46 - 2014-05-15 16:46 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 07:20 - 2014-05-14 13:03 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-05-15 07:14 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-15 07:06 - 2014-05-14 19:15 - 00000000 ____D () C:\Program Files\stinger
2014-05-15 00:09 - 2014-05-15 00:09 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Geraldine\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-05-15 00:09 - 2014-05-15 00:09 - 00120252 _____ () C:\Users\Geraldine\Downloads\avgremover.log
2014-05-15 00:07 - 2012-12-31 14:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-14 22:57 - 2014-05-14 22:55 - 00003116 _____ () C:\Users\Geraldine\Desktop\Rkill.txt
2014-05-14 20:28 - 2014-05-14 20:27 - 00026914 _____ () C:\Users\Geraldine\Downloads\Addition.txt
2014-05-14 20:28 - 2014-05-14 20:26 - 00037567 _____ () C:\Users\Geraldine\Downloads\FRST.txt
2014-05-14 20:25 - 2014-05-14 20:25 - 02066944 _____ (Farbar) C:\Users\Geraldine\Downloads\FRST64.exe
2014-05-14 20:10 - 2014-05-14 20:10 - 00009290 _____ () C:\Users\Geraldine\Desktop\HKLM_safer.txt
2014-05-14 19:40 - 2012-10-13 21:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-14 19:39 - 2014-05-14 19:39 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-14 19:26 - 2013-10-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Coupon Printer
2014-05-14 19:25 - 2013-10-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2014-05-14 15:53 - 2010-03-17 08:39 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-14 15:52 - 2014-05-14 15:52 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Dell Edoc Viewer
2014-05-14 15:49 - 2014-05-14 15:49 - 00001101 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_154949.txt
2014-05-14 13:13 - 2014-05-14 13:12 - 00000000 ____D () C:\ProgramData\RegRun
2014-05-14 13:13 - 2014-05-14 13:04 - 00000000 ____D () C:\Users\Geraldine\Documents\RegRun2
2014-05-14 13:12 - 2011-12-04 12:22 - 00000000 ___RD () C:\Users\Geraldine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 13:10 - 2014-05-14 13:10 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-05-14 13:04 - 2014-05-14 13:04 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-05-14 13:04 - 2014-05-14 13:04 - 00003340 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-05-14 13:04 - 2014-05-14 13:04 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-05-14 13:04 - 2014-05-14 13:03 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-05-14 13:03 - 2014-05-14 13:03 - 00000969 _____ () C:\Users\Geraldine\Desktop\UnHackMe.lnk
2014-05-14 13:03 - 2014-05-14 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-05-14 12:07 - 2012-08-07 14:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:07 - 2012-08-07 14:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:07 - 2011-12-11 16:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:50 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\AvgSetupLog
2014-05-14 09:50 - 2013-07-31 10:43 - 00000000 ____D () C:\ProgramData\AVG
2014-05-14 09:50 - 2012-12-31 14:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Avg
2014-05-14 09:48 - 2014-05-14 09:48 - 00178423 _____ () C:\Users\Geraldine\AppData\Local\census.cache
2014-05-14 09:48 - 2014-05-14 09:48 - 00082578 _____ () C:\Users\Geraldine\AppData\Local\ars.cache
2014-05-14 09:26 - 2014-05-14 09:26 - 00000036 _____ () C:\Users\Geraldine\AppData\Local\housecall.guid.cache
2014-05-14 08:55 - 2012-09-19 08:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-14 03:33 - 2014-05-14 03:33 - 00003893 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05142014_033310.txt
2014-05-14 03:33 - 2014-05-13 19:12 - 00000000 ____D () C:\Users\Geraldine\Desktop\RK_Quarantine
2014-05-14 03:32 - 2014-05-14 03:32 - 00003669 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05142014_033256.txt
2014-05-14 03:14 - 2011-12-04 12:21 - 00000000 ____D () C:\Users\Geraldine
2014-05-14 03:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-05-14 03:09 - 2012-04-03 09:54 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Google
2014-05-14 02:55 - 2014-05-13 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-14 02:54 - 2010-03-17 08:28 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-14 02:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-13 21:39 - 2014-05-13 21:39 - 00003286 _____ () C:\Windows\System32\Tasks\{D10A1D8F-8A21-49FF-9568-8A04257A872E}
2014-05-13 19:29 - 2014-05-13 19:29 - 00003256 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_D_05132014_192937.txt
2014-05-13 19:29 - 2012-01-11 15:20 - 00000000 __SHD () C:\Users\Geraldine\AppData\Local\{ac885259-cf8e-e18c-def4-d232aa8b8ff8}
2014-05-13 19:18 - 2014-05-13 19:18 - 00003086 _____ () C:\Users\Geraldine\Desktop\RKreport[0]_S_05132014_191837.txt
2014-05-13 19:11 - 2014-05-13 19:11 - 03972608 _____ () C:\Users\Geraldine\Desktop\RogueKiller.exe
2014-05-13 19:10 - 2014-05-13 19:10 - 03972608 _____ () C:\Users\Geraldine\Downloads\RogueKiller.exe
2014-05-13 19:09 - 2014-05-13 19:09 - 00011776 _____ () C:\Users\Geraldine\Documents\virus.wps
2014-05-13 18:36 - 2014-05-13 18:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-13 18:35 - 2014-05-13 18:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-13 18:35 - 2014-05-13 18:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-13 18:34 - 2014-05-13 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-13 17:49 - 2014-05-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-13 17:41 - 2014-05-13 17:41 - 00000276 _____ () C:\Users\Geraldine\Desktop\Deleteevents.bat
2014-05-13 17:37 - 2014-05-13 17:37 - 00000276 _____ () C:\Users\Geraldine\Documents\Deleteevents.bat
2014-05-13 17:03 - 2013-09-23 10:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 17:03 - 2011-12-05 19:36 - 00000000 ____D () C:\Users\Geraldine\Tracing
2014-05-13 17:03 - 2010-03-17 11:07 - 00000000 ____D () C:\Windows\Panther
2014-05-13 16:38 - 2014-05-13 16:38 - 00009216 _____ () C:\Users\Geraldine\Documents\ClearAll.bat..wps
2014-05-13 14:22 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2014-05-13 13:09 - 2012-08-22 10:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 12:55 - 2014-05-13 12:54 - 00000000 _____ () C:\Users\Geraldine\notepad
2014-05-13 12:55 - 2014-05-13 12:54 - 00000000 _____ () C:\Users\Geraldine\cd
2014-05-13 09:48 - 2009-07-14 06:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 09:39 - 2012-09-30 09:22 - 00000000 ____D () C:\Windows\pss
2014-05-13 09:29 - 2011-12-04 16:13 - 00000000 ____D () C:\Users\Geraldine\Downloads\2000 - Copy
2014-05-13 08:44 - 2011-12-04 12:47 - 02030534 _____ () C:\ProgramData\lxeascan.log
2014-05-13 07:12 - 2013-04-11 14:24 - 00000000 ____D () C:\Program Files\Google
2014-05-13 07:11 - 2014-05-13 07:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-01 13:00 - 2012-08-14 15:06 - 00000000 ____D () C:\Users\Geraldine\AppData\Local\Windows Live
2014-05-01 12:51 - 2013-05-26 21:34 - 00006144 _____ () C:\Users\Geraldine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-30 23:36 - 2014-04-30 23:36 - 00011264 _____ () C:\Users\Geraldine\Documents\Life.wps
2014-04-27 20:14 - 2012-03-13 23:29 - 00238080 _____ () C:\Users\Geraldine\Documents\Untitled Document.wps
2014-04-26 18:39 - 2014-04-26 18:39 - 00017408 _____ () C:\Users\Geraldine\Documents\Untitled Document dan 2014.wps
2014-04-26 17:54 - 2013-05-04 10:12 - 00016033 _____ () C:\Users\Geraldine\Downloads\Wd0000015.docm
2014-04-26 17:28 - 2012-12-31 17:49 - 00220968 _____ () C:\Windows\system32\LexFiles.ulf
2014-04-26 17:27 - 2012-12-31 17:50 - 00002003 _____ () C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
2014-04-26 17:26 - 2012-12-31 17:49 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-04-25 08:26 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 17:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Geraldine\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 17:32

==================== End Of Log ========

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Geraldine at 2014-05-23 05:29:10
Running from C:\Users\Geraldine\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG (HKLM\...\AvgZen) (Version: 1.0.229 - AVG Technologies)
AVG Zen (Version: 1.0.229 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
DriverUpdate (HKLM-x32\...\{554D1038-9882-4CC8-9CC5-F8AB6C556469}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
FMW 1 (Version: 1.0.178 - AVG) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{B78CFC07-B623-4995-ADCC-B2B4D59D083A}) (Version: 3.3.21 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PC Image Editor (HKLM-x32\...\PC Image Editor) (Version: 4.0 - www.program4pc.com)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plusnet Assist (HKLM-x32\...\Plusnet Assist) (Version:  - )
Plusnet Protect (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
UnHackMe 7.11 release (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-05-2014 22:05:25 Installed Smart-X AppLocker
13-05-2014 22:12:08 Removed Smart-X AppLocker
14-05-2014 01:40:41 Restore Operation
14-05-2014 18:27:55 Removed Visual Studio 2012 x86 Redistributables
14-05-2014 18:28:47 Removed Visual Studio 2012 x64 Redistributables
14-05-2014 18:29:19 Removed Visual Studio 2010 x64 Redistributables
16-05-2014 09:55:32 McAfee Vulnerability Scanner
18-05-2014 20:13:28 Windows Backup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {166E23BE-BD5D-48B8-857A-7F81F39F2AE8} - System32\Tasks\{4E76DD75-2A4F-44EC-A4B3-347640FF3C64} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116.259/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {1B53A1BA-9B73-4F2B-8D7B-D3BBA4EF6261} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {349DF8C8-6B6A-45BA-A8C8-D6E730E33025} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {3C2085BC-F39D-4094-B00B-72E0B65FE269} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2014-03-28] (Greatis Software)
Task: {5A72FE55-E039-4D88-814C-E4FC51ECBB68} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6A0F10FD-5AC6-4011-905A-866DD7892946} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7859B141-E6AF-4656-84D9-530F8BA4BAC6} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] ()
Task: {844BD81C-48BB-4EF7-928C-69D0632AF553} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)
Task: {BE6A6521-7F6C-4E5B-A0F1-64A76513EA28} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CC361AF8-6447-4572-9C01-FCC4ED73DC36} - System32\Tasks\DHKCMSJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {EA61EB3A-86E0-4714-8A82-CB93DC8B3A43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-17 08:29 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-03-17 08:29 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2011-12-04 12:47 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-12-12 14:56 - 2012-12-12 14:56 - 00655360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2009-10-15 09:10 - 2009-10-15 09:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-11-13 22:15 - 2009-11-13 22:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2013-11-15 17:45 - 2013-11-15 17:45 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-15 17:47 - 2013-11-15 17:47 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-15 17:48 - 2013-11-15 17:48 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-12-12 14:56 - 2012-12-12 14:56 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 22:15 - 2009-11-13 22:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: btbb_McciTrayApp => OTIFIER.EXE"
MSCONFIG\startupreg: EzPrint => T.EXE"
MSCONFIG\startupreg: HotKeysCmds => DOWS\SYSTEM32\HKCMD.EXE
MSCONFIG\startupreg: IAAnotif => OTIF.EXE
MSCONFIG\startupreg: IgfxTray => DOWS\SYSTEM32\IGFXTRAY.EXE
MSCONFIG\startupreg: lxeamon.exe => .EXE"
MSCONFIG\startupreg: Persistence => DOWS\SYSTEM32\IGFXPERS.EXE
MSCONFIG\startupreg: SynTPEnh => H.EXE

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 05:17:30 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.ArgumentOutOfRangeException: startIndex cannot be larger than length of string.
Parameter name: startIndex
   at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
   at Swapdrive.Shared.BackupUtils.Reverse(String strParam)
   at Swapdrive.Shared.BackupUtils.TacoEncode(String str)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/22/2014 01:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time stamp: 0x4fecfb0e
Exception code: 0xc0000005
Fault offset: 0x00073099
Faulting process id: 0x1264
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/18/2014 01:00:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x670
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/17/2014 06:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1398
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/16/2014 06:26:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time stamp: 0x4fecfb0e
Exception code: 0xc0000005
Fault offset: 0x002d7c8d
Faulting process id: 0xbf0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/15/2014 07:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x123c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (05/23/2014 05:20:46 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (05/23/2014 05:17:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (05/23/2014 05:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}

Error: (05/23/2014 05:16:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (05/23/2014 05:16:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (05/23/2014 05:16:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/23/2014 05:15:30 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (05/23/2014 05:15:04 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (05/23/2014 05:15:04 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (05/23/2014 05:15:02 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (05/23/2014 05:17:30 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.ArgumentOutOfRangeException: startIndex cannot be larger than length of string.
Parameter name: startIndex
   at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
   at Swapdrive.Shared.BackupUtils.Reverse(String strParam)
   at Swapdrive.Shared.BackupUtils.TacoEncode(String str)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/22/2014 01:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7MSHTML.dll9.0.8112.164484fecfb0ec000000500073099126401cf758989e28907C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8176f4ad-e1aa-11e3-af25-a4badba8c2fa

Error: (05/18/2014 01:00:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d67001cf7285c5f9407fC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxf38e35bd-de83-11e3-81ef-a4badba8c2fa

Error: (05/17/2014 06:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d139801cf71d3199bd9dbC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxbfeb5730-ddea-11e3-a053-a4badba8c2fa

Error: (05/16/2014 06:26:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7MSHTML.dll9.0.8112.164484fecfb0ec0000005002d7c8dbf001cf711f8da12f9dC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll39ef86c6-dd1f-11e3-8378-a4badba8c2fa

Error: (05/15/2014 07:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164484fecf1b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d123c01cf705e9accbda1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxba86c7b0-dc5e-11e3-b2ac-a4badba8c2fa

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3032.36 MB
Available physical RAM: 1568.38 MB
Total Pagefile: 6062.92 MB
Available Pagefile: 3892.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:118.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 880B8533)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ========

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users