Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee, Malwarebytes won't run (Group Policy Error) - UqquKetug.dll to blame?


  • Please log in to reply
9 replies to this topic

#1 JayGettingHelp

JayGettingHelp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 21 June 2014 - 02:32 AM

Hello, I became unable to run both McAfee SecurityCentre and MalwareBytes - they give the error 'This program is blocked by group policy. For more information, contact your system administrator.' 

 

The computer also runs very slow and I cannot turn on the windows firewall, as it is grabbed by McAfee. 

 

Doing Live Chat with McAfee, they scanned and turned up a UqquKetug.dll file that was flagged as suspicious, but were unwilling to help without charging money for removal. I can do that as a last resort, but am not too impressed.

 

I tried to run in safe mode - and did a full scan with McAfee (which did start in safe mode), nothing showed up. When I tried to run Chameleon (MalwareBytes), it fell over at ntmarta.dll (?).

 

Anyway, I include my log files below if any kind person here can advise me. Many thanks for looking.

:thumbup2:

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.51.2
Run by Jayant Gosai at 7:51:06 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.4056.1328 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [UqquKetug] regsvr32.exe "C:\ProgramData\UqquKetug\UqquKetug.dat"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\JAYANT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5B8769C6-9BB9-48F2-874C-A82A182B6EEF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E3F101E3-E559-487F-B4D7-3F0753A1FC6D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E3F101E3-E559-487F-B4D7-3F0753A1FC6D}\4514C4B44514C4B4D2335423247353 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-2 346760]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-17 55280]
R1 RapportCerberus_68261;RapportCerberus_68261;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [2014-5-15 631096]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-5-25 299512]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-13 328928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-26 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-3-13 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-13 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-13 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-13 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-13 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-3-13 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-2 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-6-2 189912]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-6-2 70592]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-6-2 311856]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-6-2 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-1 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-1 393728]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GetSusp;GetSusp;C:\Windows\GetSusp.sys [2014-6-20 16680]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-17 197704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-2-25 358552]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-5-25 414232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-06-20 16:34:35 951808 ----a-w- C:\Windows\System32\gpedit (2).dll
2014-06-20 16:30:52 295936 ----a-w- C:\Windows\SysWow64\appmgr.dll
2014-06-20 16:30:51 -------- d-----w- C:\Windows\SysWow64\GPBAK
2014-06-20 16:30:44 707354 ----a-w- C:\Windows\unins000.exe
2014-06-20 16:19:48 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-20 16:19:48 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-20 16:19:48 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-20 16:19:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 15:56:16 16680 ----a-w- C:\Windows\GetSusp.sys
2014-06-20 15:50:48 -------- d-----w- C:\ProgramData\Citrix
2014-06-20 15:45:59 -------- d-----w- C:\Program Files (x86)\Citrix
2014-06-20 15:40:33 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\Citrix
2014-06-16 20:56:38 -------- d-----w- C:\ProgramData\UqquKetug
2014-06-14 18:46:49 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{7D03FF42-B788-4395-A645-6F420E25A6DA}
2014-06-07 12:45:25 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{412A95C8-8B29-40D7-B182-A92808819C10}
2014-06-06 08:53:48 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{97043247-7D67-4AEF-9FB7-8FE8C12E7BDE}
2014-06-03 18:33:41 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{5BAF35FC-B229-45A7-A7FE-60FD156BB812}
2014-06-03 02:05:44 -------- d-----w- C:\Windows\System32\SPReview
2014-06-02 18:33:39 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{8AF2CA97-017F-4A97-BBA8-085201F25362}
2014-05-29 13:58:19 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{69B09BF6-23CD-436E-8E93-37F70A065B6B}
2014-05-29 13:57:06 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{ABCE780E-2097-4D56-B5EC-A30702E36706}
2014-05-27 20:50:07 -------- d-----w- C:\Users\Jayant Gosai\AppData\Local\{13620B4C-D7D1-4DC9-94EC-76EC7AFEFFF8}
.
==================== Find3M  ====================
.
2014-05-25 14:24:04 358552 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-05-15 14:01:58 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-15 14:01:57 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-21 20:47:11 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-03 16:23:54 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-04-03 16:16:04 346760 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-04-03 16:15:34 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-04-03 16:10:34 784760 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-04-03 16:08:04 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-04-03 16:06:04 311856 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-04-03 16:03:32 177544 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-03-31 21:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH:  7:53:48.34 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 21 June 2014 - 07:45 PM

:welcome:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JayGettingHelp

JayGettingHelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 22 June 2014 - 12:33 PM

Master Surgeon General,

 

Many thanks for your reply. The Laptop is my Father-in-laws, and I will need to get around there again to run the software. I hope you can bear with me while I do this.

 

Kind Regards...



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 22 June 2014 - 12:46 PM

No problem.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JayGettingHelp

JayGettingHelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2014 - 09:55 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Jayant Gosai (administrator) on JAYANTGOSAI-PC on 24-06-2014 15:10:03
Running from C:\Users\Jayant Gosai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6TMV5U3
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcupdmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-02] (Google Inc.)
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\Run: [UqquKetug] => regsvr32.exe "C:\ProgramData\UqquKetug\UqquKetug.dat"
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\MountPoints2: {5412fd79-5566-11df-9800-806e6f6e6963} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2911450392-1162146915-3183591678-1000\...\MountPoints2: {8d1a9082-6e31-11e0-8c3f-a4badbb0dbc1} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.1 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jayant Gosai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm049YYgb&ptb=D7D519B1-15D2-4016-936B-798AF0338992&psa=&ind=2011051210&ptnrS=Z1xdm049YYgb&si=902522&st=sb&n=77de34ca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {2E4E2ECD-068D-48D7-BA34-17EA8282C032} URL = http://uk.search.yahoo.com/search?fr=mcafee&type=A011GB105&p={SearchTerms}
SearchScopes: HKCU - {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm049YYgb&ptb=D7D519B1-15D2-4016-936B-798AF0338992&psa=&ind=2011051210&ptnrS=Z1xdm049YYgb&si=902522&st=sb&n=77de34ca&searchfor={searchTerms}
SearchScopes: HKCU - {2E4E2ECD-068D-48D7-BA34-17EA8282C032} URL = http://uk.search.yahoo.com/search?fr=mcafee&type=A011GB105&p={SearchTerms}
SearchScopes: HKCU - {6AEA7B8F-5E85-4D64-86D3-1427CF058162} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=6885EE15-A1DA-428E-8F08-E7BA48C159B9&apn_sauid=4B916600-375C-4CE4-BB89-C37399411462
SearchScopes: HKCU - {C42AE829-71F7-4B40-B3F2-E978BB9C8051} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-06-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-06-02]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=mcafee&type=A211GB105&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jayant Gosai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (SiteAdvisor) - C:\Users\Jayant Gosai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Jayant Gosai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-20]
CHR Extension: (Google Wallet) - C:\Users\Jayant Gosai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-05-25] (Trusteer Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 GetSusp; C:\Windows\GetSusp.sys [16680 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-25] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-25] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-25] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 15:08 - 2014-06-24 15:10 - 00000000 ____D () C:\FRST
2014-06-24 15:00 - 2014-06-24 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-21 07:54 - 2014-06-21 07:54 - 00057060 _____ () C:\Users\Jayant Gosai\Desktop\attach.txt
2014-06-21 07:54 - 2014-06-21 07:53 - 00021784 _____ () C:\Users\Jayant Gosai\Desktop\dds.txt
2014-06-20 17:34 - 2009-07-14 02:15 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\gpedit (2).dll
2014-06-20 17:34 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc
2014-06-20 17:30 - 2014-06-20 17:51 - 00707354 _____ () C:\Windows\unins000.exe
2014-06-20 17:30 - 2014-06-20 17:51 - 00002606 _____ () C:\Windows\unins000.dat
2014-06-20 17:30 - 2014-06-20 17:51 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-06-20 17:30 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-06-20 17:30 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-06-20 17:20 - 2014-06-20 17:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 17:20 - 2014-06-20 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 17:19 - 2014-06-21 06:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 17:19 - 2014-06-20 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 17:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 17:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-20 16:56 - 2014-06-20 16:56 - 00016680 _____ (McAfee, Inc.) C:\Windows\GetSusp.sys
2014-06-20 16:50 - 2014-06-20 16:50 - 00000000 ____D () C:\ProgramData\Citrix
2014-06-20 16:45 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-06-20 16:40 - 2014-06-20 16:40 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\Citrix
2014-06-20 16:33 - 2014-06-20 16:33 - 00541592 _____ (McAfee, Inc.) C:\Users\Jayant Gosai\Downloads\MVTInstaller (1).exe
2014-06-20 16:29 - 2014-06-20 16:29 - 00541592 _____ (McAfee, Inc.) C:\Users\Jayant Gosai\Downloads\MVTInstaller.exe
2014-06-16 21:56 - 2014-06-16 21:56 - 00000000 ____D () C:\ProgramData\UqquKetug
2014-06-14 19:46 - 2014-06-14 19:47 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{7D03FF42-B788-4395-A645-6F420E25A6DA}
2014-06-07 13:45 - 2014-06-07 13:45 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{412A95C8-8B29-40D7-B182-A92808819C10}
2014-06-06 09:53 - 2014-06-06 09:53 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{97043247-7D67-4AEF-9FB7-8FE8C12E7BDE}
2014-06-03 19:33 - 2014-06-03 19:33 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{5BAF35FC-B229-45A7-A7FE-60FD156BB812}
2014-06-03 03:05 - 2014-06-03 03:05 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-02 19:33 - 2014-06-02 19:33 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{8AF2CA97-017F-4A97-BBA8-085201F25362}
2014-05-29 14:58 - 2014-05-29 14:58 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{69B09BF6-23CD-436E-8E93-37F70A065B6B}
2014-05-29 14:57 - 2014-05-29 14:57 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{ABCE780E-2097-4D56-B5EC-A30702E36706}
2014-05-27 21:50 - 2014-05-27 21:50 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{13620B4C-D7D1-4DC9-94EC-76EC7AFEFFF8}

==================== One Month Modified Files and Folders =======

2014-06-24 15:10 - 2014-06-24 15:08 - 00000000 ____D () C:\FRST
2014-06-24 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 15:04 - 2010-04-02 08:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 15:04 - 2009-07-14 06:10 - 01329206 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 15:00 - 2014-06-24 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-24 15:00 - 2013-04-06 07:35 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-06-24 14:53 - 2010-04-02 08:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 14:53 - 2010-03-23 20:58 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\SoftThinks
2014-06-24 14:53 - 2010-03-23 20:58 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-24 14:53 - 2010-03-23 20:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-24 14:53 - 2010-03-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-24 14:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 14:52 - 2009-07-14 05:51 - 00168305 _____ () C:\Windows\setupact.log
2014-06-22 17:37 - 2012-05-02 06:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 07:56 - 2011-12-26 09:56 - 00000000 ____D () C:\Trash
2014-06-21 07:54 - 2014-06-21 07:54 - 00057060 _____ () C:\Users\Jayant Gosai\Desktop\attach.txt
2014-06-21 07:53 - 2014-06-21 07:54 - 00021784 _____ () C:\Users\Jayant Gosai\Desktop\dds.txt
2014-06-21 06:22 - 2014-06-20 17:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 20:22 - 2013-10-07 17:03 - 00079360 ___SH () C:\Users\Jayant Gosai\Desktop\Thumbs.db
2014-06-20 20:21 - 2013-08-21 15:27 - 00000000 ____D () C:\Users\Jayant Gosai\Desktop\20130821
2014-06-20 18:02 - 2010-03-17 18:16 - 00559320 _____ () C:\Windows\PFRO.log
2014-06-20 17:51 - 2014-06-20 17:30 - 00707354 _____ () C:\Windows\unins000.exe
2014-06-20 17:51 - 2014-06-20 17:30 - 00002606 _____ () C:\Windows\unins000.dat
2014-06-20 17:51 - 2014-06-20 17:30 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-06-20 17:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-06-20 17:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-20 17:20 - 2014-06-20 17:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 17:20 - 2014-06-20 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 17:20 - 2014-06-20 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 16:56 - 2014-06-20 16:56 - 00016680 _____ (McAfee, Inc.) C:\Windows\GetSusp.sys
2014-06-20 16:50 - 2014-06-20 16:50 - 00000000 ____D () C:\ProgramData\Citrix
2014-06-20 16:45 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-06-20 16:40 - 2014-06-20 16:40 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\Citrix
2014-06-20 16:33 - 2014-06-20 16:33 - 00541592 _____ (McAfee, Inc.) C:\Users\Jayant Gosai\Downloads\MVTInstaller (1).exe
2014-06-20 16:29 - 2014-06-20 16:29 - 00541592 _____ (McAfee, Inc.) C:\Users\Jayant Gosai\Downloads\MVTInstaller.exe
2014-06-20 09:56 - 2010-04-03 13:47 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Roaming\Skype
2014-06-19 10:53 - 2010-03-17 16:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-19 10:53 - 2010-03-17 16:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-19 09:01 - 2010-12-23 16:31 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\Windows Live
2014-06-18 06:47 - 2013-07-26 07:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 06:47 - 2010-04-01 12:58 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 06:47 - 2010-03-17 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 21:57 - 2014-04-17 16:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-16 21:56 - 2014-06-16 21:56 - 00000000 ____D () C:\ProgramData\UqquKetug
2014-06-16 12:00 - 2013-05-02 13:39 - 00011892 _____ () C:\Users\Jayant Gosai\Documents\Deepa.xlsx
2014-06-16 11:58 - 2012-04-07 19:36 - 00014876 _____ () C:\Users\Jayant Gosai\Documents\meera 3.xlsx
2014-06-14 19:47 - 2014-06-14 19:46 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{7D03FF42-B788-4395-A645-6F420E25A6DA}
2014-06-09 07:13 - 2013-08-21 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-06-08 12:38 - 2011-11-24 18:01 - 00008479 _____ () C:\Users\Jayant Gosai\Documents\stocks'11.xlsx
2014-06-07 13:45 - 2014-06-07 13:45 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{412A95C8-8B29-40D7-B182-A92808819C10}
2014-06-06 09:53 - 2014-06-06 09:53 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{97043247-7D67-4AEF-9FB7-8FE8C12E7BDE}
2014-06-03 19:33 - 2014-06-03 19:33 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{5BAF35FC-B229-45A7-A7FE-60FD156BB812}
2014-06-03 03:05 - 2014-06-03 03:05 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-02 19:33 - 2014-06-02 19:33 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{8AF2CA97-017F-4A97-BBA8-085201F25362}
2014-06-02 19:05 - 2013-04-02 07:00 - 00011091 _____ () C:\Users\Jayant Gosai\Documents\Jamal 2014.xlsx
2014-06-02 18:55 - 2014-03-24 12:27 - 00013310 _____ () C:\Users\Jayant Gosai\Documents\Tax2014.xlsx
2014-05-31 13:28 - 2013-03-03 15:02 - 00012558 _____ () C:\Users\Jayant Gosai\Documents\GASELECT 2013.xlsx
2014-05-29 14:58 - 2014-05-29 14:58 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{69B09BF6-23CD-436E-8E93-37F70A065B6B}
2014-05-29 14:57 - 2014-05-29 14:57 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{ABCE780E-2097-4D56-B5EC-A30702E36706}
2014-05-27 21:50 - 2014-05-27 21:50 - 00000000 ____D () C:\Users\Jayant Gosai\AppData\Local\{13620B4C-D7D1-4DC9-94EC-76EC7AFEFFF8}
2014-05-25 15:24 - 2011-02-25 08:03 - 00358552 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys

Some content of TEMP:
====================
C:\Users\Jayant Gosai\AppData\Local\Temp\APNStub.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\dob5zxnf.dll
C:\Users\Jayant Gosai\AppData\Local\Temp\femfprdt.dll
C:\Users\Jayant Gosai\AppData\Local\Temp\g9s3zbvt.dll
C:\Users\Jayant Gosai\AppData\Local\Temp\hpifhm6g.dll
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\mssinstaller.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\ose00000.exe
C:\Users\Jayant Gosai\AppData\Local\Temp\_isAACB.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-03 10:24

==================== End Of Log ============================

Attached File  Addition.txt   31.19KB   1 downloads

Attached File  Shortcut.txt   65.59KB   0 downloads

 



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 24 June 2014 - 03:41 PM

Hi, 
 
Please remove the following programs throughout the Control Panel:
 
Ask Toolbar
Ask Toolbar Updater
 
Download the enclosed file. 
 
Save it in the same location FRST64 is saved.
 
Run FRST64, except that this time around, click on the Fix button and wait.
 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 

Download AdwCleaner from here or from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
     
    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JayGettingHelp

JayGettingHelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 25 June 2014 - 01:41 AM

Thanks MSG!

 

As before, I'll have to drive over to the FIL, so it may be tomorrow or friday before I get to scan.

I don't want to be cheeky and steal his laptop.   :)

 

Thanks for your patience and help.

 

Jeff



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 25 June 2014 - 10:40 AM

No problem.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 27 July 2014 - 10:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:50 PM

Posted 30 July 2014 - 07:10 AM

Opened at the request of the member.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users