Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help. Computer is zombie! Scanned Results below.


  • Please log in to reply
7 replies to this topic

#1 realresults13

realresults13

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 01 June 2014 - 08:24 AM

Hi, Im a newbie. Our laptop is horribly slow all of a sudden. Its Windows 7 Home Premium. Intel i3 CPU 2.27GHz 4GB RAM and 63 bit op system. It has a 500GB hard drive and 240GB is used. Below are some results from tests Ive ran using some links on this site. Any help would be appreciated.

 

Farbar Service Scanner Version: 21-05-2014
Ran by vicki (administrator) on 01-06-2014 at 07:07:35
Running from "C:\Users\vicki\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 21:47] - [2013-01-04 00:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
 
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.
 
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
---------------------------------------------------------------------------------------------------------------------
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by vicki (administrator) on 01-06-2014 at 07:09:21
Running from "C:\Users\vicki\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : vicki-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 88-25-2C-35-BD-2F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 88-25-2C-35-BD-2F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3814:f14f:1af5:b904%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.85(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, June 01, 2014 5:47:35 AM
   Lease Expires . . . . . . . . . . : Monday, June 02, 2014 5:47:34 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 327689516
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FB-8D-17-88-AE-1D-54-EB-5E
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 88-AE-1D-54-EB-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 28:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{3320062E-1C27-4948-AE5A-390CA23DE63B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{2F6B13A6-EB58-44BC-B534-5F45004BCE27}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:c06::66
 74.125.21.113
 74.125.21.101
 74.125.21.102
 74.125.21.138
 74.125.21.139
 74.125.21.100
 
 
Pinging google.com [74.125.21.139] with 32 bytes of data:
Reply from 74.125.21.139: bytes=32 time=44ms TTL=42
Reply from 74.125.21.139: bytes=32 time=43ms TTL=42
 
Ping statistics for 74.125.21.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 44ms, Average = 43ms
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=82ms TTL=48
Reply from 98.139.183.24: bytes=32 time=78ms TTL=48
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 82ms, Average = 80ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 24...88 25 2c 35 bd 2f ......Microsoft Virtual WiFi Miniport Adapter
 13...88 25 2c 35 bd 2f ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
 11...88 ae 1d 54 eb 5e ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 33...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.85     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.85    281
     192.168.1.85  255.255.255.255         On-link      192.168.1.85    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.85    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.85    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.85    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::3814:f14f:1af5:b904/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/29/2014 04:09:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8128
 
Error: (05/29/2014 04:09:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8128
 
Error: (05/29/2014 04:09:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 04:09:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7036
 
Error: (05/29/2014 04:09:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7036
 
Error: (05/29/2014 04:09:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 04:09:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022
 
Error: (05/29/2014 04:09:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6022
 
Error: (05/29/2014 04:09:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 04:09:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024
 
 
System errors:
=============
Error: (06/01/2014 06:30:23 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (06/01/2014 06:30:23 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (06/01/2014 05:53:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
 
Error: (06/01/2014 05:53:47 AM) (Source: DCOM) (User: )
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
 
Error: (06/01/2014 05:49:03 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (06/01/2014 05:49:03 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (06/01/2014 05:48:36 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (06/01/2014 05:48:36 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (06/01/2014 05:48:36 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (06/01/2014 05:48:36 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-04 00:17:10.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 11:10:34.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 11:10:34.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-01 16:29:00.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-01 16:28:59.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-31 00:34:41.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-31 00:34:40.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-03 23:16:24.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-03 23:16:24.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Advanced SystemCare 7 (Version: 7.3.0)
Akamai NetSession Interface
Amazon Links (Version: 2.02)
Apple Application Support (Version: 3.0)
Apple Mobile Device Support (Version: 7.1.0.32)
Apple Software Update (Version: 2.1.3.127)
AVG Security Toolbar (Version: 18.1.0.443)
Avira Free Antivirus (Version: 14.0.3.350)
Bonjour (Version: 3.0.0.10)
CCScore (Version: 6.02.1001.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Download Internet Explorer 10 10.0.01 (Version: 10.0.01)
Driver Booster (Version: 1.2)
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.1001.0001)
ESSgui (Version: 6.02.1001.0001)
ESSini (Version: 6.02.1001.0001)
ESSPCD (Version: 6.02.1001.0001)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.02.1001.0001)
FirstClass Client (Version: 11.063)
Free YouTube to MP3 Converter version 3.11.33.1005 (Version: 3.11.33.1005)
Google Chrome (Version: 35.0.1916.114)
Google Update Helper (Version: 1.3.24.7)
HTC Driver Installer (Version: 2.0.7.018)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
IObit Apps Toolbar v9.2 (Version: 9.2)
IObit Malware Fighter (Version: 2.3)
IObit Uninstaller (Version: 3.2.10.2466)
iTunes (Version: 11.1.4.62)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 17 (Version: 6.0.170)
Junk Mail filter update (Version: 16.4.3528.0331)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KSU (Version: 632.62.0004.0001)
Label@Once 1.0 (Version: 1.0)
Lexmark Pro800-Pro900 Series
McAfee Online Backup (Version: 1.16.4.0)
McAfee SiteAdvisor (Version: 3.6.129)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4615.1002)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft OneDrive (Version: 17.0.4035.0328)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Movie Maker (Version: 16.4.3528.0331)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
netbrdg (Version: 6.02.1001.0001)
Notifier (Version: 6.02.0001.0001)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4615.1002)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002)
Office 15 Click-to-Run Localization Component (Version: 15.0.4615.1002)
OfotoXMI (Version: 6.02.0001.0001)
PCDADDIN (Version: 6.02.0001.0003)
PCDHELP (Version: 6.02.0001.0001)
PhoneClean 3.2.1 (Version: 3.2.1)
Photo Gallery (Version: 16.4.3528.0331)
PhotoScape
PlayReady PC Runtime amd64 (Version: 1.3.0)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Realtek WLAN Driver (Version: 2.00.0012)
RegistryKit v2.0 (Version: 2.0)
Rich Media Player (Version: 1.0.0.799)
Safari (Version: 5.34.57.2)
SFR (Version: 6.02.0001.0001)
Shared C Run-time for x64 (Version: 10.0.0)
SHASTA (Version: 6.02.0001.0001)
SKIN0001 (Version: 6.02.1001.0001)
SKINXSDK (Version: 6.02.1001.0001)
Slick Savings (Version: 1.3)
Smart Defrag 2 (Version: 2.9)
staticcr (Version: 5.03.0000.0001)
Surfing Protection (Version: 1.0)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Tansee iPhone Transfer Photo 6.1.0.0 (Version: 6.1.0.0)
Tansee iPhone/iPad/iPod Photo/Camera Transfer 2.0.0.0 (Version: 2.0.0.0)
tooltips (Version: 6.02.0001.0001)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.21C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.8.0)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.51)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.52.1C)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
VPRINTOL (Version: 6.02.0001.0001)
Windows Live Communications Platform (Version: 16.4.3528.0331)
Windows Live Essentials (Version: 16.4.3528.0331)
Windows Live Family Safety (Version: 16.4.3528.0331)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3528.0331)
Windows Live Mail (Version: 16.4.3528.0331)
Windows Live Messenger (Version: 16.4.3528.0331)
Windows Live MIME IFilter (Version: 16.4.3528.0331)
Windows Live Photo Common (Version: 16.4.3528.0331)
Windows Live PIMT Platform (Version: 16.4.3528.0331)
Windows Live SOXE (Version: 16.4.3528.0331)
Windows Live SOXE Definitions (Version: 16.4.3528.0331)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 16.4.3528.0331)
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331)
Windows Live Writer (Version: 16.4.3528.0331)
Windows Live Writer Resources (Version: 16.4.3528.0331)
WIRELESS (Version: 6.02.0001.0001)
Youtube Download (Version: 1.0)
 
========================= Devices: ================================
 
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3890.67 MB
Available physical RAM: 1363.31 MB
Total Pagefile: 7779.48 MB
Available Pagefile: 3835.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.59 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI105837W0G) (Fixed) (Total:454.17 GB) (Free:241.79 GB) NTFS
2 Drive d: (Apr 10 2014) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\VICKI-PC
 
Administrator            Guest                    vicki                    
 
 
**** End of log ****
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 6/1/2014 7:25:34 AM, SYSTEM, VICKI-PC, Protection, Malware Protection, Starting, 
Protection, 6/1/2014 7:25:34 AM, SYSTEM, VICKI-PC, Protection, Malware Protection, Started, 
Protection, 6/1/2014 7:25:34 AM, SYSTEM, VICKI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/1/2014 7:25:34 AM, SYSTEM, VICKI-PC, Protection, Malicious Website Protection, Failed, 
Error, 6/1/2014 7:25:34 AM, SYSTEM, VICKI-PC, Protection, MWAC::CreateList - Block List, 3221225473, 
Update, 6/1/2014 7:25:48 AM, SYSTEM, VICKI-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.5.21.1, 
Update, 6/1/2014 7:25:52 AM, SYSTEM, VICKI-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.1.4, 
Protection, 6/1/2014 7:25:52 AM, SYSTEM, VICKI-PC, Protection, Refresh, Starting, 
Protection, 6/1/2014 7:25:57 AM, SYSTEM, VICKI-PC, Protection, Refresh, Success, 
Detection, 6/1/2014 7:28:29 AM, SYSTEM, VICKI-PC, Protection, Malware Protection, File, PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, Quarantine, [ca7e7300cbb03bfba2ca6f16e0226b95]
Protection, 6/1/2014 7:28:29 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
Error, 6/1/2014 7:28:29 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
Detection, 6/1/2014 7:28:32 AM, SYSTEM, VICKI-PC, Protection, Malware Protection, File, PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, Quarantine, [ca7e7300cbb03bfba2ca6f16e0226b95]
Protection, 6/1/2014 7:28:33 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
Error, 6/1/2014 7:28:33 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
Detection, 6/1/2014 7:28:43 AM, SYSTEM, VICKI-PC, Protection, Malware Protection, File, PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, Quarantine, [ca7e7300cbb03bfba2ca6f16e0226b95]
Protection, 6/1/2014 7:28:43 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
Error, 6/1/2014 7:28:43 AM, SYSTEM, VICKI-PC, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll, 
 
(end)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
More to come after I restart the computer.
 

 



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:02 PM

Posted 01 June 2014 - 08:44 AM

Hi realresults13,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 realresults13

realresults13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 01 June 2014 - 09:02 AM

Thanks xXToffeeXx that is actually next on my list that I found on another post. Between the cooking the kids breakfast and this slow computer I am slowly getting it all done. lol

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_17
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4079665152, free: 1607778304
 
Downloaded database version: v2014.06.01.04
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
------------ Kernel report ------------
     06/01/2014 08:22:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\McPvDrv.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\MOBK.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\EEK\RUN\a2ddax64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\mfeapfk.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006899060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049a9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006899060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006894b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006899060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049a9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D1334478
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 952467456
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955541504  Numsec = 21231616
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} --> [Trojan.BHO]
Infected: C:\Users\vicki\0.8806935471681189.exe --> [Trojan.Agent.Gen]
Infected: C:\Users\vicki\0.963303172816655.exe --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\CLASSES\.EXE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\.EXE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND| --> [Hijack.StartMenuInternet]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND| --> [Hijack.StartMenuInternet]
Scan finished


#4 realresults13

realresults13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 01 June 2014 - 09:07 AM

Rkill 2.6.6 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/01/2014 09:04:06 AM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\windows\system32\lxdncoms.exe (PID: 2484) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
  * HKLM\Software\Classes\.exe\DefaultIcon found and deleted!
 
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!
 
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS Reparse Point/Junction found!
 
     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpClient.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCommu.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpClient.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCommu.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => c:\windows\system32\config [File]
 
Checking Windows Service Integrity: 
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * BFE [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 
 * iphlpsvc [Missing ImagePath]
 * SharedAccess [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
Program finished at: 06/01/2014 09:06:38 AM
Execution time: 0 hours(s), 2 minute(s), and 32 seconds(s)


#5 realresults13

realresults13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 01 June 2014 - 09:10 AM

I haven't done the "Clean Up' on the Root Kit yet, Should I to get rid of the things below?  I figured there was a reason why it said not to do it yet.

 

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} --> [Trojan.BHO]
Infected: C:\Users\vicki\0.8806935471681189.exe --> [Trojan.Agent.Gen]
Infected: C:\Users\vicki\0.963303172816655.exe --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\CLASSES\.EXE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\.EXE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND| --> [Hijack.StartMenuInternet]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND| --> [Hijack.StartMenuInternet]


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:02 PM

Posted 01 June 2014 - 09:13 AM

Hi realresults13,
 
Hehe, yeah. No worries on that, just post the logs when you can.
Yes, certain items need certain fixes to be removed safely, and it's best to see what is being detected before you remove the detections. From now on, you just need to run what I put in my posts, and hopefully it should go a lot quicker :)
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 realresults13

realresults13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 01 June 2014 - 09:32 AM

Oh wow!  We only use this computer for downloading and editing pictures, Face Book, searching the internet and of course my Fantasy Football.  I just ran the Recovery Scan Tool. Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by vicki (administrator) on VICKI-PC on 01-06-2014 09:29:37
Running from C:\Users\vicki\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxeccoms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Akamai Technologies, Inc.) C:\Users\vicki\AppData\Local\Akamai\netsession_win.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\vicki\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
() C:\Windows\System32\spool\drivers\x64\3\lxecpswx.exe
() C:\Windows\System32\spool\drivers\x64\3\lxecpswx.exe
() C:\Windows\System32\spool\drivers\x64\3\lxecjswx.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corp.) C:\Users\vicki\Desktop\mbar-1.07.0.1009 (2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\vicki\Desktop\mbar\mbar.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2557976 2014-04-28] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\runonceex: [] - 
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1667580268-1160428968-2608427205-1000\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=14196&l=dis
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.2\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.2\iobitappsToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Users\vicki\AppData\Local\bnm.exe -a C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {04FEA0D4-08FF-49EE-9EC8-DB45A0171AE4} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2928C2BB-8820-02CC-9E09-2665701134A0} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
SearchScopes: HKCU - DefaultScope {70D98456-9CC3-4FF0-8EB7-C69E20FCBC90} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {00220DBC-CD19-4FD6-990B-D8D10F051C3A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {19B47332-0FB6-4A4E-B2C9-3F3E688D19EA} URL = http://search.conduit.com/Results.aspx?ctid=CT3300039&SearchSource=45&q={searchTerms}
SearchScopes: HKCU - {392E1720-4D4D-4C88-9D7B-81C11D0910BF} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {70D98456-9CC3-4FF0-8EB7-C69E20FCBC90} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {7381C00D-485C-48D6-A999-36A4C051424C} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {96FD61F9-30D4-4D2A-B2A4-C84F47FEB528} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&lng=en
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\vicki\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.2\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\vicki\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: No Name - {38791CF8-E87C-11E1-881B-7B83F6A1EC23} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -  No File
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.2\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.2\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @funwebproducts.com/Plugin - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\4.bin\NPMyWebS.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\4.bin
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-07-08]
 
Chrome: 
=======
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28]
CHR Extension: (Google Drive) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28]
CHR Extension: (YouTube) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28]
CHR Extension: (Google Search) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28]
CHR Extension: (Download Video) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni [2013-07-12]
CHR Extension: (SiteAdvisor) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-11-12]
CHR Extension: (Add to BabyList Registry) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjjbpfpjokemlcoglbdpcgnlkchhfhlk [2014-05-28]
CHR Extension: (Ads Removal) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-01-05]
CHR Extension: (Domain Error Assistant) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-03-02]
CHR Extension: (WhiteSmoke New) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-01-05]
CHR Extension: (Slick Savings) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-01-05]
CHR Extension: (AVG Security Toolbar) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-02-02]
CHR Extension: (Google Wallet) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (MySearchDial) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-05]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-01-05]
CHR Extension: (Gmail) - C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\vicki\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-07-08]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\vicki\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-07-04]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\vicki\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-07-08]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-09]
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\vicki\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\vicki\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\vicki\AppData\Local\Slick Savings\coupons.crx [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\vicki\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-07-08]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S2 lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-28] (AVG Secure Search)
S2 0037781401038731mcinstcleanup; C:\windows\TEMP\003778~1.EXE -cleanup -nolog [X]
S3 AdobeActiveFileMonitor8.0; No ImagePath
S2 AudioEndpointBuilder32; No ImagePath
S2 TBS32; No ImagePath
S2 TOSHIBA HDD SSD Alert Service32; No ImagePath
S2 TrkWks32; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-01-14] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-14] (Emsisoft GmbH)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-06-01] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-06-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R0 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-01 09:29 - 2014-06-01 09:29 - 00040076 _____ () C:\Users\vicki\Downloads\FRST.txt
2014-06-01 09:29 - 2014-06-01 09:29 - 00000000 ____D () C:\FRST
2014-06-01 09:28 - 2014-06-01 09:28 - 02067456 _____ (Farbar) C:\Users\vicki\Downloads\FRST64.exe
2014-06-01 09:04 - 2014-06-01 09:06 - 00013370 _____ () C:\Users\vicki\Desktop\Rkill.txt
2014-06-01 09:03 - 2014-06-01 09:04 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\vicki\Downloads\rkill.exe
2014-06-01 08:22 - 2014-06-01 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-01 08:20 - 2014-06-01 08:21 - 00000000 ____D () C:\Users\vicki\Desktop\mbar
2014-06-01 07:32 - 2014-06-01 07:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Desktop\mbar-1.07.0.1009 (2).exe
2014-06-01 07:31 - 2014-06-01 07:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Downloads\mbar-1.07.0.1009 (1).exe
2014-06-01 07:30 - 2014-06-01 07:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Downloads\mbar-1.07.0.1009.exe
2014-06-01 07:25 - 2014-06-01 08:22 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 07:25 - 2014-06-01 07:25 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 07:25 - 2014-06-01 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 07:24 - 2014-06-01 08:21 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-01 07:24 - 2014-06-01 07:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 07:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-01 07:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-01 07:23 - 2014-06-01 07:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\vicki\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 07:09 - 2014-06-01 07:10 - 00029589 _____ () C:\Users\vicki\Downloads\Result.txt
2014-06-01 07:08 - 2014-06-01 07:08 - 00982016 _____ (Farbar) C:\Users\vicki\Downloads\MiniToolBox.exe
2014-06-01 07:07 - 2014-06-01 07:07 - 00410112 _____ (Farbar) C:\Users\vicki\Downloads\FSS.exe
2014-06-01 07:07 - 2014-06-01 07:07 - 00004928 _____ () C:\Users\vicki\Downloads\FSS.txt
2014-06-01 06:49 - 2014-06-01 06:49 - 00854367 _____ () C:\Users\vicki\Downloads\SecurityCheck (1).exe
2014-06-01 06:48 - 2014-06-01 06:48 - 00854367 _____ () C:\Users\vicki\Downloads\SecurityCheck.exe
2014-06-01 06:46 - 2014-06-01 06:46 - 00000097 _____ () C:\Users\vicki\Desktop\netsvcs has CPU at 100% - Am I infected- What do I do-.url
2014-06-01 06:30 - 2014-06-01 07:27 - 00000187 _____ () C:\Users\vicki\Downloads\FixNimda.log
2014-06-01 06:29 - 2014-06-01 06:29 - 00468648 _____ (Symantec Corporation) C:\Users\vicki\Downloads\Fixnimda.com
2014-06-01 06:05 - 2014-06-01 06:05 - 01696192 _____ (ESET) C:\Users\vicki\Downloads\eset_nod32_antivirus_live_installer (1).exe
2014-06-01 06:03 - 2014-06-01 06:03 - 01696192 _____ (ESET) C:\Users\vicki\Downloads\eset_nod32_antivirus_live_installer.exe
2014-06-01 05:53 - 2014-06-01 05:53 - 00000000 ____D () C:\windows\system32\SPReview
2014-05-26 21:30 - 2014-05-26 21:30 - 00000000 ____D () C:\Users\vicki\AppData\Roaming\ProductData
2014-05-26 21:29 - 2014-05-26 21:29 - 00001203 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-05-25 14:53 - 2014-06-01 05:52 - 00000000 ____D () C:\Users\vicki\Desktop\Champ Game 05 2014
2014-05-25 12:59 - 2014-05-25 12:59 - 00000000 ____D () C:\windows\en
2014-05-25 12:58 - 2014-05-25 12:58 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-25 12:58 - 2014-05-25 12:58 - 00001276 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-25 12:25 - 2014-05-25 12:25 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-05-25 12:25 - 2014-05-25 12:25 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\Users\vicki\Desktop\Random Pics
2014-05-25 12:21 - 2014-05-25 12:21 - 17938608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 21:13 - 2014-05-06 21:13 - 00001268 _____ () C:\Users\vicki\Desktop\iDevice Photo&Camera Transfer.lnk
2014-05-06 21:13 - 2014-05-06 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tansee iDevice Photo Camera Transfer
2014-05-06 21:12 - 2014-05-06 21:13 - 00000000 ____D () C:\Program Files (x86)\Tansee iDevice Photo Camera Transfer
2014-05-06 21:10 - 2014-05-06 21:11 - 06880760 _____ (Tansee, Inc. ) C:\Users\vicki\Downloads\iDevicePhotoCameraTransfer.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-01 09:30 - 2010-12-24 13:02 - 00000000 ____D () C:\Users\vicki\AppData\Local\Temp
2014-06-01 09:29 - 2014-06-01 09:29 - 00040076 _____ () C:\Users\vicki\Downloads\FRST.txt
2014-06-01 09:29 - 2014-06-01 09:29 - 00000000 ____D () C:\FRST
2014-06-01 09:28 - 2014-06-01 09:28 - 02067456 _____ (Farbar) C:\Users\vicki\Downloads\FRST64.exe
2014-06-01 09:06 - 2014-06-01 09:04 - 00013370 _____ () C:\Users\vicki\Desktop\Rkill.txt
2014-06-01 09:04 - 2014-06-01 09:03 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\vicki\Downloads\rkill.exe
2014-06-01 08:51 - 2012-04-01 12:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 08:45 - 2013-07-08 10:45 - 00000292 _____ () C:\windows\Tasks\MySearchDial.job
2014-06-01 08:38 - 2010-12-26 16:13 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 08:23 - 2014-06-01 08:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-01 08:22 - 2014-06-01 07:25 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 08:21 - 2014-06-01 08:20 - 00000000 ____D () C:\Users\vicki\Desktop\mbar
2014-06-01 08:21 - 2014-06-01 07:24 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-01 07:32 - 2014-06-01 07:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Desktop\mbar-1.07.0.1009 (2).exe
2014-06-01 07:31 - 2014-06-01 07:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Downloads\mbar-1.07.0.1009 (1).exe
2014-06-01 07:31 - 2014-06-01 07:30 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vicki\Downloads\mbar-1.07.0.1009.exe
2014-06-01 07:28 - 2011-01-09 16:17 - 00000000 ____D () C:\Users\vicki\AppData\Local\CrashDumps
2014-06-01 07:27 - 2014-06-01 06:30 - 00000187 _____ () C:\Users\vicki\Downloads\FixNimda.log
2014-06-01 07:26 - 2010-08-16 18:53 - 01949706 _____ () C:\windows\WindowsUpdate.log
2014-06-01 07:25 - 2014-06-01 07:25 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 07:25 - 2014-06-01 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 07:25 - 2014-06-01 07:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 07:24 - 2014-06-01 07:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 07:24 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 07:24 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 07:23 - 2014-06-01 07:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\vicki\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 07:10 - 2014-06-01 07:09 - 00029589 _____ () C:\Users\vicki\Downloads\Result.txt
2014-06-01 07:08 - 2014-06-01 07:08 - 00982016 _____ (Farbar) C:\Users\vicki\Downloads\MiniToolBox.exe
2014-06-01 07:07 - 2014-06-01 07:07 - 00410112 _____ (Farbar) C:\Users\vicki\Downloads\FSS.exe
2014-06-01 07:07 - 2014-06-01 07:07 - 00004928 _____ () C:\Users\vicki\Downloads\FSS.txt
2014-06-01 06:49 - 2014-06-01 06:49 - 00854367 _____ () C:\Users\vicki\Downloads\SecurityCheck (1).exe
2014-06-01 06:48 - 2014-06-01 06:48 - 00854367 _____ () C:\Users\vicki\Downloads\SecurityCheck.exe
2014-06-01 06:46 - 2014-06-01 06:46 - 00000097 _____ () C:\Users\vicki\Desktop\netsvcs has CPU at 100% - Am I infected- What do I do-.url
2014-06-01 06:29 - 2014-06-01 06:29 - 00468648 _____ (Symantec Corporation) C:\Users\vicki\Downloads\Fixnimda.com
2014-06-01 06:05 - 2014-06-01 06:05 - 01696192 _____ (ESET) C:\Users\vicki\Downloads\eset_nod32_antivirus_live_installer (1).exe
2014-06-01 06:03 - 2014-06-01 06:03 - 01696192 _____ (ESET) C:\Users\vicki\Downloads\eset_nod32_antivirus_live_installer.exe
2014-06-01 06:02 - 2010-12-26 16:13 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 05:55 - 2013-12-26 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-01 05:53 - 2014-06-01 05:53 - 00000000 ____D () C:\windows\system32\SPReview
2014-06-01 05:52 - 2014-05-25 14:53 - 00000000 ____D () C:\Users\vicki\Desktop\Champ Game 05 2014
2014-06-01 05:48 - 2014-02-05 00:14 - 00000430 _____ () C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - vicki).job
2014-06-01 05:48 - 2013-12-15 17:08 - 00002180 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-05-26 21:38 - 2012-09-05 22:52 - 00000000 ____D () C:\Users\vicki\Tracing
2014-05-26 21:36 - 2010-12-24 13:02 - 00000000 ____D () C:\Users\vicki
2014-05-26 21:30 - 2014-05-26 21:30 - 00000000 ____D () C:\Users\vicki\AppData\Roaming\ProductData
2014-05-26 21:30 - 2013-12-15 17:08 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-26 21:29 - 2014-05-26 21:29 - 00001203 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-05-26 21:29 - 2014-03-25 06:12 - 00002886 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-05-26 21:29 - 2013-12-15 17:09 - 00002854 _____ () C:\windows\System32\Tasks\ASC7_SkipUac_vicki
2014-05-26 21:29 - 2013-12-15 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-26 03:05 - 2010-08-16 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-26 03:04 - 2013-10-06 15:56 - 00000000 ____D () C:\windows\system32\MRT
2014-05-26 03:02 - 2010-12-25 06:01 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-25 14:53 - 2009-07-14 00:13 - 00779306 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-25 13:05 - 2013-12-18 09:47 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 12:59 - 2014-05-25 12:59 - 00000000 ____D () C:\windows\en
2014-05-25 12:59 - 2014-02-06 20:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-25 12:59 - 2010-03-24 00:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-25 12:58 - 2014-05-25 12:58 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-25 12:58 - 2014-05-25 12:58 - 00001276 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-25 12:56 - 2012-09-11 17:49 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-25 12:56 - 2012-09-11 17:49 - 00001429 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-25 12:55 - 2010-03-24 00:28 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-25 12:54 - 2012-09-11 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-25 12:49 - 2014-03-23 15:29 - 00002190 _____ () C:\Users\vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-25 12:25 - 2014-05-25 12:25 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-05-25 12:25 - 2014-05-25 12:25 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\Users\vicki\Desktop\Random Pics
2014-05-25 12:23 - 2012-04-01 12:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-25 12:23 - 2012-04-01 12:19 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-25 12:23 - 2011-06-05 11:18 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-25 12:21 - 2014-05-25 12:21 - 17938608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-25 12:20 - 2013-12-16 18:31 - 00002772 _____ () C:\ProgramData\lxec.log
2014-05-12 07:26 - 2014-06-01 07:24 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 07:24 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 09:46 - 2013-12-04 00:25 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-11 09:30 - 2013-12-04 00:20 - 00003999 _____ () C:\ProgramData\lxecscan.log
2014-05-11 09:14 - 2013-12-04 00:04 - 00000286 _____ () C:\windows\Tasks\Driver Booster Update.job
2014-05-11 09:14 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-11 08:30 - 2011-02-05 15:51 - 00000400 _____ () C:\windows\Tasks\EasyShare Registration Task.job
2014-05-09 18:09 - 2013-12-04 00:26 - 00060162 _____ () C:\ProgramData\lxecJSW.log
2014-05-09 18:08 - 2013-02-12 12:59 - 00262144 _____ () C:\windows\system32\config\ELAM
2014-05-09 18:00 - 2014-01-07 23:12 - 00720896 _____ () C:\windows\system32\config\default.iodefrag.bak
2014-05-09 18:00 - 2014-01-07 23:12 - 00057344 _____ () C:\windows\system32\config\sam.iodefrag.bak
2014-05-09 18:00 - 2014-01-07 23:12 - 00028672 _____ () C:\windows\system32\config\security.iodefrag.bak
2014-05-09 18:00 - 2014-01-07 23:11 - 89030656 _____ () C:\windows\system32\config\software.iodefrag.bak
2014-05-09 18:00 - 2014-01-07 23:11 - 43634688 _____ () C:\windows\system32\config\components.iodefrag.bak
2014-05-09 17:33 - 2010-12-26 16:13 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 17:33 - 2010-12-26 16:13 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 21:17 - 2014-02-04 15:54 - 00000000 ____D () C:\Users\vicki\Desktop\New folder
2014-05-06 21:13 - 2014-05-06 21:13 - 00001268 _____ () C:\Users\vicki\Desktop\iDevice Photo&Camera Transfer.lnk
2014-05-06 21:13 - 2014-05-06 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tansee iDevice Photo Camera Transfer
2014-05-06 21:13 - 2014-05-06 21:12 - 00000000 ____D () C:\Program Files (x86)\Tansee iDevice Photo Camera Transfer
2014-05-06 21:11 - 2014-05-06 21:10 - 06880760 _____ (Tansee, Inc. ) C:\Users\vicki\Downloads\iDevicePhotoCameraTransfer.exe
2014-05-03 17:09 - 2014-02-25 11:42 - 00000000 ____D () C:\Users\vicki\AppData\Roaming\Slick Savings
 
Files to move or delete:
====================
C:\Users\vicki\0.8806935471681189.exe
C:\Users\vicki\0.963303172816655.exe
 
 
Some content of TEMP:
====================
C:\Users\vicki\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2014-05-25 14:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by vicki at 2014-06-01 09:30:25
Running from C:\Users\vicki\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.0.443 - AVG Technologies)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Internet Explorer 10 10.0.01 (HKLM-x32\...\{D745D5CB-3FF0-4066-A7A8-418E25DF3FE0}_is1) (Version: 10.0.01 - Download Internet Explorer 10)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.2 - IObit)
ESSCDBK (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.2.0001.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) (Version: 11.063 - OpenText)
Free YouTube to MP3 Converter version 3.11.33.1005 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.33.1005 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
IObit Apps Toolbar v9.2 (HKLM-x32\...\{4F5E5430-1DA8-4B2B-BB26-B29C0E7DBFDB}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0004.0001 - EASTMAN KODAK Company) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.129 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Notifier (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OfotoXMI (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PCDADDIN (x32 Version: 6.02.0001.0003 - EASTMAN KODAK Company) Hidden
PCDHELP (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PhoneClean 3.2.1 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.2.1 - iMobie Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0012 - Realtek)
RegistryKit v2.0 (HKLM-x32\...\RegistryKit) (Version: 2.0 - RegistryKit.com)
Rich Media Player (HKLM-x32\...\Rich Media Player) (Version: 1.0.0.799 - Radiocom) <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SFR (x32 Version: 6.02.0001.0001 - Eastman Kodak Company) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHASTA (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.9 - IObit)
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Tansee iPhone Transfer Photo 6.1.0.0 (HKLM-x32\...\Tansee iPhone Transfer Photo_is1) (Version: 6.1.0.0 - Tansee, Inc.)
Tansee iPhone/iPad/iPod Photo/Camera Transfer 2.0.0.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod Photo/Camera Transfer_is1) (Version: 2.0.0.0 - Tansee, Inc.)
tooltips (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.21C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.21C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.51 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VPRINTOL (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Youtube Download (HKLM-x32\...\youtube) (Version: 1.0 - downloadskey.com)
 
==================== Restore Points  =========================
 
28-05-2014 01:10:49 Windows 7 Service Pack 1
29-05-2014 00:50:19 Windows Update
29-05-2014 08:00:14 Windows Update
01-06-2014 10:50:52 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {002552C8-97BC-4E68-A4BB-9C95D4D5B8F6} - System32\Tasks\5c115b00 => C:\Users\vicki\AppData\Local\Temp\\setup899003620.exe <==== ATTENTION
Task: {0BB16BEF-E731-4FAB-9D1A-7C88DED2DFC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-25] (Microsoft Corporation)
Task: {18A032BF-C82B-4932-96EA-0A2527F40950} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: {231427BF-730F-4591-83F8-A8ADCA1B2972} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26] (Google Inc.)
Task: {2FADAFC9-6045-47D7-AF7B-4F9EDC141FAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-25] (Microsoft Corporation)
Task: {322F080E-9E94-4014-BEEC-94D5038E0FC5} - System32\Tasks\2b6113a0 => C:\Users\vicki\AppData\Local\Temp\\setup3354853836.exe <==== ATTENTION
Task: {37F73D0F-49D0-4866-B869-E802BE1A290F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-25] (Adobe Systems Incorporated)
Task: {4654BDA1-03A5-4DCF-87AA-9A48C361EE09} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {47623D8B-6EF3-42A5-B56E-F03E46DC355E} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {47B2F14D-6BBC-436F-9956-24151F0CF189} - System32\Tasks\{ABADF6E9-1BE4-4208-9E11-5A3219E65E32} => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2014-04-21] (IObit)
Task: {4ECE22FA-A6D7-4150-B51A-CA1833139C4D} - System32\Tasks\5c7f3be0 => C:\Users\vicki\AppData\Local\Temp\\setup2340528484.exe <==== ATTENTION
Task: {4FCA4964-34C6-48B7-B860-6084C512A925} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {52498FFB-AC7D-4598-81E6-E52A6BF3CE80} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16
Task: {52DC8DE1-1ED3-40A3-BE0A-861B8E13594F} - System32\Tasks\ASC7_SkipUac_vicki => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {55E52C08-D470-4738-8166-801AA25A6E57} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)
Task: {572CB6A7-BF25-44C8-91F8-4B5B05986E6E} - System32\Tasks\{9F9D7097-6AEE-490E-BD1F-5AE174895CF0} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {5C416B6D-36A3-49EC-85E0-B82C183C98EA} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {61EF3754-2D10-45B4-B5D0-CA3077B56D6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {672EDE08-99F8-41A5-A587-AE000894BA26} - System32\Tasks\{D44703CC-A5FF-4768-8426-C53388A90F1F} => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2014-04-21] (IObit)
Task: {67CCCBDD-C338-4ED4-B0C3-FA0530047C92} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {68B8913F-1F03-42B4-939F-171EFADC27AE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6D302BD1-5EA9-4D99-872D-4395FA492869} - System32\Tasks\800dfec8 => C:\Users\vicki\AppData\Local\Temp\\setup1244509192.exe <==== ATTENTION
Task: {6DFE5887-2126-496E-B275-C5DE5EF8A8CF} - System32\Tasks\11c5c568 => C:\Users\vicki\AppData\Local\Temp\\setup3355670080.exe <==== ATTENTION
Task: {73E40D0A-79D6-4D65-8AC0-C8F93D3272C8} - System32\Tasks\4715 => Wscript.exe C:\Users\vicki\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {B7C4CE32-EF76-48D1-AD52-248632F57BF4} - System32\Tasks\{B7B4638F-C812-4ADD-B218-3A5806348730} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {C08B216D-D45D-4F6C-A02B-06AE64D7D1F4} - System32\Tasks\8c5c2148 => C:\Users\vicki\AppData\Local\Temp\\setup307574448.exe <==== ATTENTION
Task: {C601F2E3-FE7B-464E-9E04-F2E1213CA36B} - System32\Tasks\7a57d4b8 => C:\Users\vicki\AppData\Local\Temp\\setup1320854476.exe <==== ATTENTION
Task: {CDEEB4DB-4D81-4FBE-8CA9-48CF9F417F65} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {CFB2D696-4E95-4289-A3A0-5380D1935618} - System32\Tasks\MySearchDial => C:\Users\vicki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DCB7F269-FDC2-4CCC-B829-E65849BE56AE} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\vicki\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {E6B8F409-58F5-4ADB-8DD7-5EB54AC38ADE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
Task: {E9BB7397-8370-4325-A0D2-B7D4C4540190} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - vicki) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {EBE654ED-3F8A-4DA8-B40E-3262269974E9} - System32\Tasks\39f9b84 => C:\Users\vicki\AppData\Local\Temp\\setup694787584.exe <==== ATTENTION
Task: {F26ABA8C-5B03-47F4-9A6E-92C8C2F95F95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26] (Google Inc.)
Task: {FDE65963-433F-43DA-B973-29A4DA3A2FC0} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Bomgar Task 2876268.job => C:\Program Files (x86)\Internet Explorer\iexplore.exe
Task: C:\windows\Tasks\Bomgar Task 519982.job => C:\Program Files (x86)\Internet Explorer\iexplore.exe
Task: C:\windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job =>
Ïv­öC…øQ£7¼lF^<
 sÀ €!Þ+n!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16vicki0Û2
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MySearchDial.job => C:\Users\vicki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\PC TuneUp Maestro Disk Defrag Analysis.job => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
Task: C:\windows\Tasks\PC TuneUp Maestro Scan.job => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - vicki).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-16 15:11 - 2009-08-13 13:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-12-04 00:19 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2013-12-04 00:17 - 2010-04-01 13:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro800-Pro900 Series\lxecdrs64.dll
2013-12-04 00:17 - 2009-03-10 01:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro800-Pro900 Series\lxeccaps64.dll
2014-04-28 04:29 - 2014-04-28 04:28 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-24 00:22 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-12-04 00:16 - 2013-01-23 14:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2013-12-04 00:16 - 2013-01-23 14:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-11-25 14:54 - 2014-04-28 04:28 - 02557976 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-12-04 00:18 - 2009-05-18 09:32 - 01416192 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecptpc.dll
2013-12-04 00:18 - 2009-11-04 09:19 - 00198656 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecdrui.dll
2013-12-04 00:18 - 2009-11-09 04:36 - 00142336 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecPRPR.DLL
2013-12-04 00:18 - 2009-11-04 09:17 - 00280576 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecdr.dll
2013-12-04 00:18 - 2009-11-09 04:18 - 01732096 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecPRP.DLL
2013-12-04 00:18 - 2009-11-09 04:36 - 06232576 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecprpb.dll
2013-12-04 00:18 - 2009-11-09 04:06 - 00065536 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecgcfg.dll
2013-12-04 00:18 - 2010-03-09 05:00 - 01072128 _____ () C:\windows\system32\spool\drivers\x64\3\lxeccomx.dll
2010-04-13 21:11 - 2010-04-13 21:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2013-12-04 00:18 - 2009-10-30 14:36 - 01351680 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecHPEC.DLL
2013-12-04 00:18 - 2009-05-27 08:17 - 00195072 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecdatr.dll
2013-12-04 00:18 - 2010-04-14 16:08 - 01377448 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecPSWX.EXE
2013-12-04 00:18 - 2009-11-09 04:32 - 02786304 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxeclpa.dll
2013-12-04 00:18 - 2009-11-09 04:12 - 01794048 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecpsw.dll
2013-12-04 00:16 - 2009-02-20 04:48 - 00023552 _____ () C:\windows\system32\lxecsmr.dll
2013-12-04 00:18 - 2009-05-27 08:13 - 00070144 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxeccats.dll
2013-12-04 00:16 - 2009-02-20 04:48 - 00381440 _____ () C:\windows\system32\lxecsm.dll
2013-12-04 00:18 - 2009-11-09 04:36 - 00170496 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecpswr.dll
2013-12-04 00:18 - 2009-11-09 04:36 - 01864192 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecpswb.dll
2013-12-04 00:18 - 2009-10-21 06:06 - 00399360 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxeccui.dll
2013-12-04 00:18 - 2010-04-14 16:08 - 01245352 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxecJSWX.EXE
2013-12-04 00:18 - 2010-03-09 05:00 - 01072128 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxeccomx.dll
2013-12-04 00:18 - 2009-12-04 08:25 - 00962560 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Job Status\x64\lxecjsw.dll
2014-03-21 22:01 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-06 20:09 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-05-25 12:54 - 2014-05-25 12:54 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-05 01:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-28 04:29 - 2014-04-28 04:28 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2013-12-04 00:16 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2013-12-04 00:16 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2013-12-04 00:16 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2013-12-04 00:16 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2013-12-04 00:16 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2013-12-04 00:16 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2013-12-04 00:16 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2013-12-04 00:16 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2013-12-04 00:16 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2013-12-04 00:16 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2013-12-04 00:16 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2013-12-04 00:16 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2013-12-04 00:16 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2013-12-04 00:16 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2007-02-20 06:23 - 2007-02-20 06:23 - 00338944 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2007-02-20 06:21 - 2007-02-20 06:21 - 00246272 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2007-02-20 06:19 - 2007-02-20 06:19 - 00338944 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2006-12-06 23:19 - 2006-12-06 23:19 - 00013824 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MEshim.dll
2007-02-20 06:19 - 2007-02-20 06:19 - 00232448 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2007-02-20 06:32 - 2007-02-20 06:32 - 00223744 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2007-02-20 06:15 - 2007-02-20 06:15 - 00086016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2007-02-20 06:33 - 2007-02-20 06:33 - 00077312 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2007-02-20 06:11 - 2007-02-20 06:11 - 00061952 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 11:05 - 2006-03-07 11:05 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2007-02-20 06:44 - 2007-02-20 06:44 - 00667648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2007-02-20 06:23 - 2007-02-20 06:23 - 00083968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2007-02-20 06:14 - 2007-02-20 06:14 - 00120832 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2007-02-20 06:37 - 2007-02-20 06:37 - 01035264 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2006-12-20 16:32 - 2006-12-20 16:32 - 00770048 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
2006-12-20 16:32 - 2006-12-20 16:32 - 00835584 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
2006-12-21 12:47 - 2006-12-21 12:47 - 00430080 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
2006-12-21 12:48 - 2006-12-21 12:48 - 00495616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
2006-12-21 12:48 - 2006-12-21 12:48 - 00786432 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
2006-12-21 12:47 - 2006-12-21 12:47 - 02052096 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
2007-02-12 10:54 - 2007-02-12 10:54 - 01339392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
2007-02-20 06:17 - 2007-02-20 06:17 - 00115200 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2007-02-20 06:32 - 2007-02-20 06:32 - 00171008 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2007-02-20 06:31 - 2007-02-20 06:31 - 00051712 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2007-02-20 06:30 - 2007-02-20 06:30 - 00139264 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2007-02-20 06:14 - 2007-02-20 06:14 - 00081920 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2007-02-20 04:09 - 2007-02-20 04:09 - 00009728 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2007-02-20 06:51 - 2007-02-20 06:51 - 00335872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2007-02-20 06:41 - 2007-02-20 06:41 - 00095744 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2007-02-20 06:42 - 2007-02-20 06:42 - 00303104 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2007-02-20 06:32 - 2007-02-20 06:32 - 00679936 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2007-02-20 06:50 - 2007-02-20 06:50 - 00405504 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2007-02-20 06:10 - 2007-02-20 06:10 - 00192512 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
2007-02-20 04:34 - 2007-02-20 04:34 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll
2007-02-20 06:09 - 2007-02-20 06:09 - 00094208 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
2007-02-20 06:16 - 2007-02-20 06:16 - 00057344 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2013-12-15 17:08 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-12-15 17:08 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2013-12-15 17:08 - 2013-12-02 19:06 - 01281312 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll
2014-05-25 12:54 - 2014-05-25 12:54 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-25 13:04 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
 
==================== Faulty Device Manager Devices =============
 
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2014 08:20:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17cc
 
Start Time: 01cf7d9492704840
 
Termination Time: 12
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 73c83b92-e98f-11e3-a57f-88ae1d54eb5e
 
Error: (06/01/2014 08:19:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar-1.07.0.1009 (2).exe, version: 1.7.0.1009, time stamp: 0x50e0003a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0xf08
Faulting application start time: 0xmbar-1.07.0.1009 (2).exe0
Faulting application path: mbar-1.07.0.1009 (2).exe1
Faulting module path: mbar-1.07.0.1009 (2).exe2
Report Id: mbar-1.07.0.1009 (2).exe3
 
Error: (06/01/2014 08:18:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar-1.07.0.1009 (2).exe, version: 1.7.0.1009, time stamp: 0x50e0003a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x1178
Faulting application start time: 0xmbar-1.07.0.1009 (2).exe0
Faulting application path: mbar-1.07.0.1009 (2).exe1
Faulting module path: mbar-1.07.0.1009 (2).exe2
Report Id: mbar-1.07.0.1009 (2).exe3
 
Error: (06/01/2014 08:17:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar-1.07.0.1009 (2).exe, version: 1.7.0.1009, time stamp: 0x50e0003a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x15dc
Faulting application start time: 0xmbar-1.07.0.1009 (2).exe0
Faulting application path: mbar-1.07.0.1009 (2).exe1
Faulting module path: mbar-1.07.0.1009 (2).exe2
Report Id: mbar-1.07.0.1009 (2).exe3
 
Error: (06/01/2014 08:16:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Safari.exe, version: 5.34.57.2, time stamp: 0x4f982b5e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0xe68
Faulting application start time: 0xSafari.exe0
Faulting application path: Safari.exe1
Faulting module path: Safari.exe2
Report Id: Safari.exe3
 
Error: (06/01/2014 08:15:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Safari.exe, version: 5.34.57.2, time stamp: 0x4f982b5e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x2350
Faulting application start time: 0xSafari.exe0
Faulting application path: Safari.exe1
Faulting module path: Safari.exe2
Report Id: Safari.exe3
 
Error: (06/01/2014 07:48:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ScriptHelper.exe, version: 18.1.0.443, time stamp: 0x534a47d4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x2114
Faulting application start time: 0xScriptHelper.exe0
Faulting application path: ScriptHelper.exe1
Faulting module path: ScriptHelper.exe2
Report Id: ScriptHelper.exe3
 
Error: (06/01/2014 07:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ScriptHelper.exe, version: 18.1.0.443, time stamp: 0x534a47d4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x1cb8
Faulting application start time: 0xScriptHelper.exe0
Faulting application path: ScriptHelper.exe1
Faulting module path: ScriptHelper.exe2
Report Id: ScriptHelper.exe3
 
Error: (06/01/2014 07:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.2.220, time stamp: 0x52939c01
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x14a8
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3
 
Error: (06/01/2014 07:37:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ASCTray.exe, version: 7.0.0.331, time stamp: 0x5354d144
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75194d62
Faulting process id: 0x118c
Faulting application start time: 0xASCTray.exe0
Faulting application path: ASCTray.exe1
Faulting module path: ASCTray.exe2
Report Id: ASCTray.exe3
 
 
System errors:
=============
Error: (06/01/2014 09:04:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The lxdn_device service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2014 08:15:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (06/01/2014 08:15:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (06/01/2014 08:15:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (06/01/2014 08:15:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (06/01/2014 07:48:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F25AF245-4A81-40DC-92F9-E9021F207706}
 
Error: (06/01/2014 07:32:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (06/01/2014 07:25:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (06/01/2014 07:25:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (06/01/2014 06:30:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-04 00:17:10.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 11:10:34.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 11:10:34.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-01 16:29:00.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-01 16:28:59.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-31 00:34:41.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-31 00:34:40.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-03 23:16:24.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-03 23:16:24.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 69%
Total physical RAM: 3890.67 MB
Available physical RAM: 1191.39 MB
Total Pagefile: 7779.48 MB
Available Pagefile: 3858.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (TI105837W0G) (Fixed) (Total:454.17 GB) (Free:241.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Apr 10 2014) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D1334478)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
 
==================== End Of Log ============================


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:02 PM

Posted 01 June 2014 - 01:18 PM

Hi realresults13,
 
Yes, it can be simple to get infected, even when not doing anything risky as such.
 
--------------
 
What Antivirus are you running?
 
--------------
 
Personally, I would suggest uninstalling IObit and anything related (Driver Booster, Smart Defrag 2, Surfing Protection) as you do not need this software since an antivirus and windows in-built utilities can do the job.
 
--------------
 
Please note Bleeping Computer does not recommend the use of registry cleaners/optimizers:
 
There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.
 
See the whole post here: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2853053
 
--------------
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
Advanced SystemCare 7
AVG Security Toolbar
Download Internet Explorer 10 10.0.01
IObit Apps Toolbar v9.2
Java™ 6 Update 17
RegistryKit v2.0
Rich Media Player
Slick Savings
Youtube Download
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\runonceex: [] - 
HKLM\...\Policies\Explorer: [NoControlPanel] 0
StartMenuInternet: IEXPLORE.EXE - C:\Users\vicki\AppData\Local\bnm.exe -a C:\Program Files (x86)\Internet Explorer\iexplore.exe
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-28] (AVG Secure Search)
S2 0037781401038731mcinstcleanup; C:\windows\TEMP\003778~1.EXE -cleanup -nolog [X]
S3 AdobeActiveFileMonitor8.0; No ImagePath
S2 AudioEndpointBuilder32; No ImagePath
S2 TBS32; No ImagePath
S2 TOSHIBA HDD SSD Alert Service32; No ImagePath
S2 TrkWks32; No ImagePath
U3 mfeavfk01; No ImagePath
C:\Users\vicki\0.8806935471681189.exe
C:\Users\vicki\0.963303172816655.exe
Task: {002552C8-97BC-4E68-A4BB-9C95D4D5B8F6} - System32\Tasks\5c115b00 => C:\Users\vicki\AppData\Local\Temp\\setup899003620.exe <==== ATTENTION
Task: {322F080E-9E94-4014-BEEC-94D5038E0FC5} - System32\Tasks\2b6113a0 => C:\Users\vicki\AppData\Local\Temp\\setup3354853836.exe <==== ATTENTION
Task: {4654BDA1-03A5-4DCF-87AA-9A48C361EE09} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {4ECE22FA-A6D7-4150-B51A-CA1833139C4D} - System32\Tasks\5c7f3be0 => C:\Users\vicki\AppData\Local\Temp\\setup2340528484.exe <==== ATTENTION
Task: {6D302BD1-5EA9-4D99-872D-4395FA492869} - System32\Tasks\800dfec8 => C:\Users\vicki\AppData\Local\Temp\\setup1244509192.exe <==== ATTENTION
Task: {6DFE5887-2126-496E-B275-C5DE5EF8A8CF} - System32\Tasks\11c5c568 => C:\Users\vicki\AppData\Local\Temp\\setup3355670080.exe <==== ATTENTION
Task: {73E40D0A-79D6-4D65-8AC0-C8F93D3272C8} - System32\Tasks\4715 => Wscript.exe C:\Users\vicki\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C08B216D-D45D-4F6C-A02B-06AE64D7D1F4} - System32\Tasks\8c5c2148 => C:\Users\vicki\AppData\Local\Temp\\setup307574448.exe <==== ATTENTION
Task: {C601F2E3-FE7B-464E-9E04-F2E1213CA36B} - System32\Tasks\7a57d4b8 => C:\Users\vicki\AppData\Local\Temp\\setup1320854476.exe <==== ATTENTION
Task: {CFB2D696-4E95-4289-A3A0-5380D1935618} - System32\Tasks\MySearchDial => C:\Users\vicki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DCB7F269-FDC2-4CCC-B829-E65849BE56AE} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\vicki\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {EBE654ED-3F8A-4DA8-B40E-3262269974E9} - System32\Tasks\39f9b84 => C:\Users\vicki\AppData\Local\Temp\\setup694787584.exe <==== ATTENTION
Task: C:\windows\Tasks\MySearchDial.job => C:\Users\vicki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\PC TuneUp Maestro Disk Defrag Analysis.job => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
Task: C:\windows\Tasks\PC TuneUp Maestro Scan.job => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
C:\Program Files (x86)\CompuClever
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Download Temp File Cleaner (TFC):

  • Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart the computer.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • What antivirus you are running
  • AdwCleaner scan log
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users