Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log, (all internet browser .exe(s) terminate upon launch) [URGENT]


  • This topic is locked This topic is locked
12 replies to this topic

#1 deviantartfan1

deviantartfan1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 24 August 2014 - 05:13 PM

Hi,

 

After trying various tools, (Rkill, Malwarebytes, McAfee) the .exe of my web browsers still randomly execute. (i.e. Chrome will sometimes boot-up when requested to, and other times will not boot up when requested to.) I have Firefox, Chrome, Safari and IE.

 

I've already cleared up any problems that could be related to the browsers, and at this time I don't think the problem is from the programs themselves.

 

Unfortunately, without knowing the possible dangers of doing so, I've ran ComboFix.

I am now posting the log to see if I was indeed infected, and if I wasn't how to remove the program and reverse any damage that could have been inflicted onto my computer.

 

(SYSTEM SPECS)

Windows XP Professional, Ver. 2002 SP3

AMD Athlon 64 X2 Dual Core 5600+ 2.81GHz

3 GB RAM

 

A swift reply would be appreciated, as I am very scared that I may have damaged my computer.

 

Attached is my ComboFix log.

 

 

Thanks,

deviantartfan1

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 29 August 2014 - 07:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 September 2014 - 06:50 PM

Ok...

 

 

***AdwCleaner Log BEFORE cleaning***

 

 

 

# AdwCleaner v3.309 - Report created 02/09/2014 at 16:10:24
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Richard Robinson - R3COMPUTER1
# Running from : F:\Documents and Settings\Richard Robinson\My Documents\Downloads\adwcleaner_3.309.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kjjpeodeilefdpblgopdaoojammobcaf.crx
File Found : F:\END
File Found : F:\WINDOWS\system32\conduitEngine.tmp
Folder Found : F:\Documents and Settings\Alexander Robinson\Application Data\FCSB000063941
Folder Found : F:\Documents and Settings\Alexander Robinson\Local Settings\Application Data\Conduit
Folder Found : F:\Documents and Settings\Alexander Robinson\Local Settings\Application Data\ConduitEngine
Folder Found : F:\Documents and Settings\All Users\Application Data\Ask
Folder Found : F:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : F:\Documents and Settings\All Users\Application Data\SweetIM
Folder Found : F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Folder Found : F:\Documents and Settings\All Users\Start Menu\Programs\PC Speed Maximizer
Folder Found : F:\Documents and Settings\All Users\Start Menu\Programs\Smart Driver Updater
Folder Found : F:\Documents and Settings\All Users\Start Menu\Programs\VAFPlayer
Folder Found : F:\Documents and Settings\Jennifer\Application Data\PC Speed Maximizer
Folder Found : F:\Documents and Settings\Jennifer\Local Settings\Application Data\Conduit
Folder Found : F:\Documents and Settings\Richard Robinson\Application Data\PC Speed Maximizer
Folder Found : F:\Documents and Settings\Richard Robinson\Application Data\Smart Driver Updater
Folder Found : F:\Documents and Settings\Richard Robinson\Application Data\Strongvault
Folder Found : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Conduit
Folder Found : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\PackageAware
Folder Found : F:\Documents and Settings\Richard Robinson\My Documents\PC Speed Maximizer
Folder Found : F:\Documents and Settings\William Robinson\Application Data\FCSB000063941
Folder Found : F:\Documents and Settings\William Robinson\Application Data\Smart Driver Updater
Folder Found : F:\Documents and Settings\William Robinson\Local Settings\Application Data\Conduit
Folder Found : F:\Documents and Settings\William Robinson\Local Settings\Application Data\ConduitEngine
Folder Found : F:\Program Files\HiDefMedia
Folder Found : F:\Program Files\OApps
Folder Found : F:\Program Files\PC Speed Maximizer
Folder Found : F:\Program Files\Smart Driver Updater
Folder Found : F:\Program Files\SweetIM
Folder Found : F:\Program Files\tuguu sl
Folder Found : F:\Program Files\Uninstaller
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKCU\Software\pc speed maximizer
Key Found : HKCU\Software\Smart Driver Updater
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\tuguu sl
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Found : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Speed Maximizer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smart Driver Updater_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Trymedia Systems
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [F:\WINDOWS\system32\ARFC\wrtc.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984\prefs.js ]
 
Line Found : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
 
[ File : F:\Documents and Settings\William Robinson\Application Data\Mozilla\Firefox\Profiles\90ecx7d7.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : F:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
 
[ File : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Found [Extension] : kjjpeodeilefdpblgopdaoojammobcaf
 
[ File : F:\Documents and Settings\William Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12577 octets] - [02/09/2014 16:10:24]
 
########## EOF - F:\AdwCleaner\AdwCleaner[R0].txt - [12638 octets] ##########
 
 
 
***AdwCleaner Log AFTER cleaning***
 
 
 
# AdwCleaner v3.309 - Report created 02/09/2014 at 16:18:20
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Richard Robinson - R3COMPUTER1
# Running from : F:\Documents and Settings\Richard Robinson\My Documents\Downloads\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : F:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : F:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : F:\Documents and Settings\All Users\Application Data\SweetIM
[x] Not Deleted : F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[x] Not Deleted : F:\Documents and Settings\All Users\Start Menu\Programs\PC Speed Maximizer
[x] Not Deleted : F:\Documents and Settings\All Users\Start Menu\Programs\Smart Driver Updater
[x] Not Deleted : F:\Documents and Settings\All Users\Start Menu\Programs\VAFPlayer
[x] Not Deleted : F:\Program Files\HiDefMedia
[x] Not Deleted : F:\Program Files\OApps
[x] Not Deleted : F:\Program Files\PC Speed Maximizer
[x] Not Deleted : F:\Program Files\Smart Driver Updater
Folder Deleted : F:\Program Files\SweetIM
Folder Deleted : F:\Program Files\tuguu sl
[x] Not Deleted : F:\Program Files\Uninstaller
Folder Deleted : F:\Documents and Settings\Alexander Robinson\Local Settings\Application Data\Conduit
Folder Deleted : F:\Documents and Settings\Alexander Robinson\Local Settings\Application Data\ConduitEngine
Folder Deleted : F:\Documents and Settings\Alexander Robinson\Application Data\FCSB000063941
Folder Deleted : F:\Documents and Settings\Jennifer\Local Settings\Application Data\Conduit
[x] Not Deleted : F:\Documents and Settings\Jennifer\Application Data\PC Speed Maximizer
Folder Deleted : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Conduit
Folder Deleted : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\PackageAware
[x] Not Deleted : F:\Documents and Settings\Richard Robinson\Application Data\PC Speed Maximizer
[x] Not Deleted : F:\Documents and Settings\Richard Robinson\Application Data\Smart Driver Updater
[x] Not Deleted : F:\Documents and Settings\Richard Robinson\Application Data\Strongvault
[x] Not Deleted : F:\Documents and Settings\Richard Robinson\My Documents\PC Speed Maximizer
Folder Deleted : F:\Documents and Settings\William Robinson\Local Settings\Application Data\Conduit
Folder Deleted : F:\Documents and Settings\William Robinson\Local Settings\Application Data\ConduitEngine
Folder Deleted : F:\Documents and Settings\William Robinson\Application Data\FCSB000063941
[x] Not Deleted : F:\Documents and Settings\William Robinson\Application Data\Smart Driver Updater
File Deleted : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kjjpeodeilefdpblgopdaoojammobcaf.crx
File Deleted : F:\END
File Deleted : F:\WINDOWS\system32\conduitEngine.tmp
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kjjpeodeilefdpblgopdaoojammobcaf
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[x] Not Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [F:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\Smart Driver Updater
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\tuguu sl
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smart Driver Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984\prefs.js ]
 
Line Deleted : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
 
[ File : F:\Documents and Settings\William Robinson\Application Data\Mozilla\Firefox\Profiles\90ecx7d7.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : F:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
 
[ File : F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : kjjpeodeilefdpblgopdaoojammobcaf
 
[ File : F:\Documents and Settings\William Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12719 octets] - [02/09/2014 16:10:24]
AdwCleaner[R1].txt - [12780 octets] - [02/09/2014 16:15:17]
AdwCleaner[S0].txt - [12801 octets] - [02/09/2014 16:18:20]
 
########## EOF - F:\AdwCleaner\AdwCleaner[S0].txt - [12862 octets] ##########
 
 
***FRST Log***
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Richard Robinson (administrator) on R3COMPUTER1 on 02-09-2014 16:30:43
Running from F:\Documents and Settings\Richard Robinson\Desktop\FRST
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) F:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Broadcom Corporation.) F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ArcSoft Inc.) F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) F:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) F:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) F:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(McAfee, Inc.) F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) F:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) F:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) F:\WINDOWS\system32\nvsvc32.exe
() F:\WINDOWS\system32\PnkBstrA.exe
() F:\WINDOWS\system32\PSIService.exe
(Protexis Inc.) F:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Seagate Technology LLC) F:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Microsoft Corporation) F:\WINDOWS\system32\rundll32.exe
(Seagate Technology LLC) F:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) F:\Program Files\Microsoft IntelliType Pro\itype.exe
(IBM Corp.) F:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Analog Devices, Inc.) F:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) F:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(McAfee, Inc.) F:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) F:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() F:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(McAfee, Inc.) F:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(ArcSoft Inc.) F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) F:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) F:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) F:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Oracle Corporation) F:\Program Files\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(McAfee, Inc.) F:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Seagate Technology LLC) F:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
() C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe
(Apple Inc.) F:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [itype] => F:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [LXCFCATS] => rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [SoundMAXPnP] => F:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-10-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => F:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [Corel File Shell Monitor] => F:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()
HKLM\...\Run: [ISUSScheduler] => F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKLM\...\Run: [DNS7reminder] => F:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM\...\Run: [mcui_exe] => F:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [mcpltui_exe] => F:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => F:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => F:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
HKLM\...\Run: [DBAgent] => F:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM\...\Run: [Adobe ARM] => F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => F:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [ISUSPM] => F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [OM2_Monitor] => F:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [igndlm.exe] => F:\Program Files\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [PC Speed Maximizer] => F:\Program Files\PC Speed Maximizer\SPMLauncher.exe [80016 2012-03-01] (Avanquest Software)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [cdloader] => F:\Documents and Settings\Richard Robinson\Application Data\mjusbsp\cdloader2.exe [50592 2010-12-03] (magicJack L.P.)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Run: [Uploader] => F:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Policies\system: [NoDiSPMPL] 0
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\MountPoints2: {0d87f2cc-811c-11e1-8c9e-00022db5ddbb} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1757981266-1275210071-839522115-1003\...\MountPoints2: {f5621698-ac80-11e1-8cce-00022db5ddbb} - G:\LaunchU3.exe -a
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk
ShortcutTarget: 2Wire Wireless Client Manager.lnk -> C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe ()
Startup: F:\Documents and Settings\William Robinson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {BFE4A9C0-EDC5-42C4-A7E9-4EDE9654CEC2} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> F:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> F:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> F:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> F:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - F:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - F:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} F:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - f:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 F:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984
FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @fileplanet.com/fpdlm -> F:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin: @Google.com/GoogleEarthPlugin -> F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> f:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> F:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> F:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> F:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.6.0 -> F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> F:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: F:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: WOT - F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-24]
FF Extension: TrafficLight - F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984\Extensions\trafficlight@bitdefender.com.xpi [2014-08-24]
FF Extension: Bluhell Firewall - F:\Documents and Settings\Richard Robinson\Application Data\Mozilla\Firefox\Profiles\cuv7zxvo.default-1408948222984\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-08-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-27]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - F:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - F:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-28]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - F:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - F:\Program Files\McAfee\SiteAdvisor [2009-11-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - F:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/?.lts=1336693812
CHR Plugin: (Widevine Content Decryption Module) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - F:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - F:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - F:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1\McChPlg.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - F:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - F:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - F:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - F:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - F:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.6.0) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (IGN Download Manager Plug-in) - F:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - F:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - F:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee SiteAdvisor) - F:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - F:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - F:\WINDOWS\system32\npdeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - f:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR CustomProfile: F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-09]
CHR Extension: (Google Drive) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-09]
CHR Extension: (Adblock Plus) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-09]
CHR Extension: (Google Search) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-09]
CHR Extension: (SiteAdvisor) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-09]
CHR Extension: (Into The Mist) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-08-09]
CHR Extension: (Ghostery) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-09]
CHR Extension: (ActiveGS) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph [2014-08-13]
CHR Extension: (Google Wallet) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - F:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-03-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - F:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
CHR HKCU\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BEService; F:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-01-06] () [File not signed]
R2 HomeNetSvc; F:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 hpqcxs08; F:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; F:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; F:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; F:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-24] (Oracle Corporation)
S3 lxcf_device; F:\WINDOWS\system32\lxcfcoms.exe [491520 2005-07-25] ( )
R2 MbaeSvc; F:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; F:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-07-28] (McAfee, Inc.)
R2 McAPExe; F:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; F:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; F:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; F:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; F:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; F:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; F:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; F:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; F:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; F:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 Net Driver HPZ12; F:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; F:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; F:\WINDOWS\system32\PnkBstrA.exe [76888 2014-04-25] ()
R2 ProtexisLicensing; F:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 RapportMgmtService; F:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Seagate Dashboard Services; F:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
U2 Seagate MobileBackup Service; F:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADIDTSFiltService; F:\WINDOWS\System32\drivers\adidts.sys [139776 2006-08-31] (Analog Devices, Inc.)
R3 Afc; F:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 AmdK8; F:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 BCM43XX; F:\WINDOWS\System32\DRIVERS\bcmwl5.sys [371712 2009-04-28] (Broadcom Corporation)
S3 btaudio; F:\WINDOWS\System32\drivers\btaudio.sys [534440 2008-04-15] (Broadcom Corporation.)
R3 BTDriver; F:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; F:\WINDOWS\System32\DRIVERS\btkrnl.sys [990632 2008-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; F:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)
S3 btwhid; F:\WINDOWS\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)
S3 BTWUSB; F:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)
R3 cfwids; F:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R1 ESProtectionDriver; F:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [44760 2014-06-04] ()
S3 HipShieldK; F:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HPZid412; F:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
R3 HPZipr12; F:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
R3 HPZius12; F:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R2 MDC8021X; F:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications) [File not signed]
R3 mfeapfk; F:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; F:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; F:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; F:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; F:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; F:\WINDOWS\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; F:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
S3 mfendisk; F:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; F:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; F:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R3 MTsensor; F:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R3 NVENETFD; F:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2006-05-16] (NVIDIA Corporation)
R3 NVHDA; F:\WINDOWS\System32\drivers\nvhda32.sys [128440 2012-12-18] (NVIDIA Corporation)
R3 nvnetbus; F:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2006-05-16] (NVIDIA Corporation)
R3 Pcouffin; F:\WINDOWS\System32\Drivers\Pcouffin.sys [34656 2011-09-29] (VSO Software) [File not signed]
R2 PfModNT; F:\WINDOWS\system32\PfModNT.sys [6752 2001-09-07] (Creative Technology Ltd.) [File not signed]
R1 RapportCerberus_80049; F:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [433240 2014-08-18] ()
R1 RapportEI; F:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251928 2014-08-21] (IBM Corp.)
R0 RapportKELL; F:\WINDOWS\System32\Drivers\RapportKELL.sys [206520 2014-08-21] (IBM Corp.)
S3 USR1806V; F:\WINDOWS\System32\DRIVERS\USR1806V.SYS [794399 2001-08-17] (U.S. Robotics, Inc.)
S3 wltwo48b; F:\WINDOWS\System32\DRIVERS\wltwo48b.sys [170496 2007-02-06] (2wire)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
U5 ScsiPort; F:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 16:30 - 2014-09-02 16:30 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Desktop\FRST
2014-09-02 16:28 - 2014-09-02 16:30 - 00000000 ____D () F:\FRST
2014-09-02 16:28 - 2014-09-02 16:28 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-09-02 16:25 - 2014-09-02 16:25 - 00012943 _____ () F:\Documents and Settings\Richard Robinson\Desktop\AdwCleaner[S0].txt
2014-09-02 16:14 - 2014-09-02 16:14 - 00012719 _____ () F:\Documents and Settings\Richard Robinson\Desktop\AdwCleaner[R0].txt
2014-08-25 12:14 - 2014-08-25 12:14 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Sun
2014-08-24 23:42 - 2014-08-24 23:42 - 00001542 _____ () F:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-08-24 23:42 - 2014-08-24 23:42 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-08-24 23:40 - 2014-08-24 23:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-24 23:40 - 2014-08-24 23:40 - 00000000 ____D () F:\Program Files\iPod
2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\RealNetworks
2014-08-24 23:30 - 2014-08-24 23:30 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Desktop\Old Firefox Data
2014-08-24 18:29 - 2014-08-24 18:29 - 00272808 _____ (Oracle Corporation) F:\WINDOWS\system32\javaws.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00175528 _____ (Oracle Corporation) F:\WINDOWS\system32\javaw.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00175528 _____ (Oracle Corporation) F:\WINDOWS\system32\java.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00096680 _____ (Oracle Corporation) F:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-24 18:29 - 2014-08-24 18:29 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-08-24 18:27 - 2014-08-24 18:27 - 00000000 ____D () F:\Program Files\RealNetworks
2014-08-24 18:27 - 2014-08-24 18:27 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-24 18:26 - 2014-08-24 23:31 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-08-24 18:26 - 2014-08-24 23:31 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Real
2014-08-24 18:26 - 2014-08-24 18:27 - 00000000 ____D () F:\Program Files\Real
2014-08-24 18:25 - 2014-08-24 23:31 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Real
2014-08-24 16:47 - 2014-08-24 16:47 - 00000000 ___SD () F:\ComboFix
2014-08-24 14:56 - 2014-09-02 16:31 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00029921 _____ () F:\ComboFix.txt
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\William Robinson\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\LocalService\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\Jennifer\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\Alexander Robinson\Local Settings\temp
2014-08-24 14:43 - 2014-08-24 14:43 - 00008192 ____H () F:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00008192 ____H () F:\WINDOWS\system32\config\default.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\system.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\software.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\SAM.tmp.LOG
2014-08-24 14:24 - 2011-06-25 23:45 - 00256000 _____ () F:\WINDOWS\PEV.exe
2014-08-24 14:24 - 2010-11-07 10:20 - 00208896 _____ () F:\WINDOWS\MBR.exe
2014-08-24 14:24 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) F:\WINDOWS\NIRCMD.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) F:\WINDOWS\SWREG.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) F:\WINDOWS\SWSC.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) F:\WINDOWS\SWXCACLS.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00098816 _____ () F:\WINDOWS\sed.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00080412 _____ () F:\WINDOWS\grep.exe
2014-08-24 14:24 - 2000-08-30 17:00 - 00068096 _____ () F:\WINDOWS\zip.exe
2014-08-24 14:23 - 2014-08-24 16:47 - 00000000 ____D () F:\Qoobox
2014-08-24 14:22 - 2014-08-24 14:53 - 00000000 ____D () F:\WINDOWS\erdnt
2014-08-24 14:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) F:\WINDOWS\system32\sqlite3.dll
2014-08-24 14:19 - 2014-09-02 16:25 - 00000000 ____D () F:\AdwCleaner
2014-08-24 14:14 - 2014-08-24 14:16 - 00002940 _____ () F:\Documents and Settings\Richard Robinson\Desktop\Rkill.txt
2014-08-21 16:43 - 2014-08-21 16:43 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Chromium
2014-08-21 16:03 - 2014-08-21 16:03 - 00206520 _____ (IBM Corp.) F:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-08-19 16:09 - 2014-08-19 16:09 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-19 16:01 - 2014-08-19 16:02 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Google Chrome Bookmarks (as of 8-19-14)
2014-08-18 20:24 - 2014-08-19 23:48 - 00000640 _____ () F:\WINDOWS\Tasks\Richard Robinson.job
2014-08-18 20:24 - 2014-08-19 02:59 - 00000652 _____ () F:\WINDOWS\Tasks\Richard Robinson Merge.job
2014-08-18 20:14 - 2014-08-19 02:57 - 00000420 _____ () F:\WINDOWS\Tasks\Seagate_Install_Launch.job
2014-08-18 20:14 - 2014-08-18 20:14 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Nero
2014-08-18 20:10 - 2014-08-18 20:10 - 00001924 _____ () F:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Program Files\Seagate
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Program Files\Common Files\Nero
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Nero
2014-08-18 20:06 - 2014-08-18 20:06 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Seagate
2014-08-18 20:06 - 2014-08-18 20:06 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Seagate
2014-08-17 23:54 - 2014-08-18 00:00 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Audacity
2014-08-17 23:50 - 2014-08-17 23:52 - 22180353 _____ (Audacity Team ) F:\Documents and Settings\Richard Robinson\My Documents\audacity-win-2.0.5.exe
2014-08-17 23:45 - 2014-08-17 23:45 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Tor Browser
2014-08-17 22:03 - 2014-08-17 23:13 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Tropico 4
2014-08-17 19:57 - 2014-08-17 19:57 - 00001868 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-08-17 19:57 - 2014-08-17 19:57 - 00001862 _____ () F:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-08-17 19:57 - 2014-08-17 19:57 - 00000000 ____D () F:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-08-17 19:56 - 2014-08-17 19:56 - 29592768 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows-KB890830-V5.15.exe
2014-08-17 19:56 - 2014-08-17 19:56 - 08669472 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows7UpgradeAdvisorSetup.exe
2014-08-17 01:31 - 2014-08-24 18:22 - 00002347 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-17 00:15 - 2014-08-17 00:15 - 05487016 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows8-UpgradeAssistant.exe
2014-08-16 19:26 - 2014-08-16 19:26 - 00000906 _____ () F:\Documents and Settings\All Users\Desktop\The Sims 4 Create A Sim Demo.lnk
2014-08-16 19:26 - 2014-08-16 19:26 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\The Sims 4 Create A Sim Demo
2014-08-16 14:26 - 2014-08-16 14:26 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Maxis
2014-08-16 13:46 - 2014-08-16 13:46 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Kalypso Media
2014-08-14 20:03 - 2014-08-14 20:04 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Copies (Downloads)
2014-08-13 23:27 - 2014-08-13 23:27 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\ActiveGSLocalData
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 16:31 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\temp
2014-09-02 16:30 - 2014-09-02 16:30 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Desktop\FRST
2014-09-02 16:30 - 2014-09-02 16:28 - 00000000 ____D () F:\FRST
2014-09-02 16:28 - 2014-09-02 16:28 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-09-02 16:27 - 2012-05-18 23:26 - 00000830 _____ () F:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-02 16:26 - 2009-04-17 00:42 - 01092726 _____ () F:\WINDOWS\WindowsUpdate.log
2014-09-02 16:25 - 2014-09-02 16:25 - 00012943 _____ () F:\Documents and Settings\Richard Robinson\Desktop\AdwCleaner[S0].txt
2014-09-02 16:25 - 2014-08-24 14:19 - 00000000 ____D () F:\AdwCleaner
2014-09-02 16:25 - 2013-01-03 16:26 - 00000178 ___SH () F:\Documents and Settings\UpdatusUser\ntuser.ini
2014-09-02 16:25 - 2004-08-04 05:00 - 00002422 _____ () F:\WINDOWS\system32\wpa.dbl
2014-09-02 16:23 - 2014-04-13 13:37 - 00000244 _____ () F:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-02 16:23 - 2010-08-10 20:14 - 00000902 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 16:23 - 2009-04-16 17:36 - 00000237 _____ () F:\WINDOWS\wiadebug.log
2014-09-02 16:23 - 2009-04-16 17:36 - 00000048 _____ () F:\WINDOWS\wiaservc.log
2014-09-02 16:22 - 2009-04-17 00:46 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT
2014-09-02 16:20 - 2009-04-28 22:33 - 00189633 _____ () F:\lxcf.log
2014-09-02 16:20 - 2009-04-17 00:49 - 00000178 ___SH () F:\Documents and Settings\Richard Robinson\ntuser.ini
2014-09-02 16:20 - 2009-04-17 00:49 - 00000000 ____D () F:\Documents and Settings\Richard Robinson
2014-09-02 16:20 - 2009-04-17 00:46 - 00032504 _____ () F:\WINDOWS\SchedLgU.Txt
2014-09-02 16:18 - 2013-06-10 23:54 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE
2014-09-02 16:14 - 2014-09-02 16:14 - 00012719 _____ () F:\Documents and Settings\Richard Robinson\Desktop\AdwCleaner[R0].txt
2014-09-02 16:08 - 2010-08-10 20:14 - 00000906 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 01:56 - 2009-09-30 22:40 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Corel
2014-09-02 00:44 - 2009-09-30 22:28 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\My PSP Files
2014-09-02 00:43 - 2009-09-30 22:40 - 00000848 ___SH () F:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2014-09-02 00:00 - 2009-10-01 01:28 - 00000848 ___SH () F:\WINDOWS\system32\KGyGaAvL.sys
2014-09-01 23:41 - 2013-09-05 22:53 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-01 23:39 - 2014-06-19 23:29 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-08-26 03:00 - 2009-10-16 21:38 - 00000536 _____ () F:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job
2014-08-25 18:48 - 2013-11-23 21:13 - 00861415 _____ () F:\WINDOWS\setupapi.log
2014-08-25 18:47 - 2009-11-26 17:55 - 00000000 ____D () F:\Program Files\Common Files\McAfee
2014-08-25 12:14 - 2014-08-25 12:14 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Sun
2014-08-24 23:45 - 2012-05-08 15:46 - 00000000 ____D () F:\Program Files\Steam
2014-08-24 23:42 - 2014-08-24 23:42 - 00001542 _____ () F:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-08-24 23:42 - 2014-08-24 23:42 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-08-24 23:41 - 2014-08-24 23:40 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-24 23:41 - 2010-06-04 19:49 - 00000000 ____D () F:\Program Files\iTunes
2014-08-24 23:40 - 2014-08-24 23:40 - 00000000 ____D () F:\Program Files\iPod
2014-08-24 23:40 - 2010-04-09 17:05 - 00000000 ____D () F:\Program Files\Common Files\Apple
2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\RealNetworks
2014-08-24 23:31 - 2014-08-24 18:26 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-08-24 23:31 - 2014-08-24 18:26 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Real
2014-08-24 23:31 - 2014-08-24 18:25 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Real
2014-08-24 23:30 - 2014-08-24 23:30 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Desktop\Old Firefox Data
2014-08-24 19:30 - 2014-05-31 14:20 - 00110296 _____ (Malwarebytes Corporation) F:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 18:29 - 2014-08-24 18:29 - 00272808 _____ (Oracle Corporation) F:\WINDOWS\system32\javaws.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00175528 _____ (Oracle Corporation) F:\WINDOWS\system32\javaw.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00175528 _____ (Oracle Corporation) F:\WINDOWS\system32\java.exe
2014-08-24 18:29 - 2014-08-24 18:29 - 00096680 _____ (Oracle Corporation) F:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-24 18:29 - 2014-08-24 18:29 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-08-24 18:29 - 2012-07-11 11:18 - 00145408 _____ (Oracle Corporation) F:\WINDOWS\system32\javacpl.cpl
2014-08-24 18:29 - 2009-12-09 23:47 - 00000000 ____D () F:\Program Files\Java
2014-08-24 18:29 - 2009-12-09 23:47 - 00000000 ____D () F:\Program Files\Common Files\Java
2014-08-24 18:27 - 2014-08-24 18:27 - 00000000 ____D () F:\Program Files\RealNetworks
2014-08-24 18:27 - 2014-08-24 18:27 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-24 18:27 - 2014-08-24 18:26 - 00000000 ____D () F:\Program Files\Real
2014-08-24 18:26 - 2007-10-19 20:37 - 00499712 _____ (Microsoft Corporation) F:\WINDOWS\system32\msvcp71.dll
2014-08-24 18:26 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) F:\WINDOWS\system32\msvcr71.dll
2014-08-24 18:25 - 2012-05-23 01:55 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-08-24 18:23 - 2012-05-18 23:26 - 00699568 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-24 18:23 - 2011-06-10 13:45 - 00071344 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-24 18:22 - 2014-08-17 01:31 - 00002347 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-24 18:22 - 2009-09-24 12:39 - 00000000 ____D () F:\Program Files\Common Files\Adobe
2014-08-24 17:42 - 2011-04-06 00:58 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
2014-08-24 17:35 - 2010-08-05 09:08 - 00000000 ____D () F:\Program Files\Electronic Arts
2014-08-24 17:35 - 2009-04-17 00:59 - 00000000 ___HD () F:\Program Files\InstallShield Installation Information
2014-08-24 17:10 - 2012-05-23 01:42 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\PC Speed Maximizer
2014-08-24 17:09 - 2012-04-07 19:02 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\U3
2014-08-24 16:47 - 2014-08-24 16:47 - 00000000 ___SD () F:\ComboFix
2014-08-24 16:47 - 2014-08-24 14:23 - 00000000 ____D () F:\Qoobox
2014-08-24 16:47 - 2013-08-09 17:05 - 00000000 ____D () F:\Documents and Settings\Jennifer
2014-08-24 16:47 - 2010-10-21 13:03 - 00000000 ____D () F:\Documents and Settings\Administrator
2014-08-24 16:47 - 2010-04-25 16:32 - 00000000 ____D () F:\Documents and Settings\William Robinson
2014-08-24 16:47 - 2010-04-10 19:12 - 00000000 ____D () F:\Documents and Settings\Alexander Robinson
2014-08-24 16:47 - 2009-04-17 00:46 - 00000000 __SHD () F:\Documents and Settings\NetworkService
2014-08-24 16:47 - 2009-04-17 00:46 - 00000000 __SHD () F:\Documents and Settings\LocalService
2014-08-24 16:47 - 2009-04-17 00:41 - 00000000 ____D () F:\WINDOWS\Registration
2014-08-24 14:56 - 2014-08-24 14:56 - 00029921 _____ () F:\ComboFix.txt
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\William Robinson\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\LocalService\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\Jennifer\Local Settings\temp
2014-08-24 14:56 - 2014-08-24 14:56 - 00000000 ____D () F:\Documents and Settings\Alexander Robinson\Local Settings\temp
2014-08-24 14:53 - 2014-08-24 14:22 - 00000000 ____D () F:\WINDOWS\erdnt
2014-08-24 14:48 - 2004-08-04 05:00 - 00000227 _____ () F:\WINDOWS\system.ini
2014-08-24 14:44 - 2009-04-16 17:31 - 00262144 _____ () F:\WINDOWS\system32\config\SECURITY.bak
2014-08-24 14:44 - 2009-04-16 17:31 - 00262144 _____ () F:\WINDOWS\system32\config\SAM.bak
2014-08-24 14:44 - 2009-04-16 17:30 - 46137344 _____ () F:\WINDOWS\system32\config\software.bak
2014-08-24 14:44 - 2009-04-16 17:30 - 11796480 _____ () F:\WINDOWS\system32\config\system.bak
2014-08-24 14:44 - 2009-04-16 17:30 - 00786432 _____ () F:\WINDOWS\system32\config\default.bak
2014-08-24 14:43 - 2014-08-24 14:43 - 00008192 ____H () F:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00008192 ____H () F:\WINDOWS\system32\config\default.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\system.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\software.tmp.LOG
2014-08-24 14:43 - 2014-08-24 14:43 - 00000000 ____H () F:\WINDOWS\system32\config\SAM.tmp.LOG
2014-08-24 14:16 - 2014-08-24 14:14 - 00002940 _____ () F:\Documents and Settings\Richard Robinson\Desktop\Rkill.txt
2014-08-21 16:43 - 2014-08-21 16:43 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Chromium
2014-08-21 16:42 - 2009-04-17 00:42 - 00000000 ____D () F:\WINDOWS\system32\DirectX
2014-08-21 16:03 - 2014-08-21 16:03 - 00206520 _____ (IBM Corp.) F:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-08-20 17:08 - 2010-12-30 03:00 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Alex & Will
2014-08-19 23:52 - 2014-01-07 01:22 - 00362408 _____ () F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1757981266-1275210071-839522115-1003-0.dat
2014-08-19 23:52 - 2014-01-07 01:22 - 00163142 _____ () F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-19 23:48 - 2014-08-18 20:24 - 00000640 _____ () F:\WINDOWS\Tasks\Richard Robinson.job
2014-08-19 23:35 - 2009-11-17 01:23 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Desktop\Unused Desktop Shortcuts
2014-08-19 17:13 - 2012-05-22 23:27 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\vlc
2014-08-19 17:06 - 2009-04-26 23:57 - 00000000 ____D () F:\Program Files\Lx_cats
2014-08-19 16:09 - 2014-08-19 16:09 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-19 16:09 - 2010-08-10 20:14 - 00000000 ____D () F:\Program Files\Google
2014-08-19 16:02 - 2014-08-19 16:01 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Google Chrome Bookmarks (as of 8-19-14)
2014-08-19 02:59 - 2014-08-18 20:24 - 00000652 _____ () F:\WINDOWS\Tasks\Richard Robinson Merge.job
2014-08-19 02:57 - 2014-08-18 20:14 - 00000420 _____ () F:\WINDOWS\Tasks\Seagate_Install_Launch.job
2014-08-18 23:12 - 2009-12-01 00:51 - 00001984 _____ () F:\WINDOWS\system32\d3d9caps.dat
2014-08-18 20:14 - 2014-08-18 20:14 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Nero
2014-08-18 20:12 - 2011-12-03 10:53 - 00000000 ___SD () F:\WINDOWS\system32\%APPDATA%
2014-08-18 20:10 - 2014-08-18 20:10 - 00001924 _____ () F:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Program Files\Seagate
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Program Files\Common Files\Nero
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
2014-08-18 20:10 - 2014-08-18 20:10 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Nero
2014-08-18 20:06 - 2014-08-18 20:06 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Seagate
2014-08-18 20:06 - 2014-08-18 20:06 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Seagate
2014-08-18 01:52 - 2013-11-30 22:27 - 00399904 _____ () F:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-18 01:41 - 2011-02-09 15:51 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\SimCity 4
2014-08-18 00:00 - 2014-08-17 23:54 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Audacity
2014-08-17 23:52 - 2014-08-17 23:50 - 22180353 _____ (Audacity Team ) F:\Documents and Settings\Richard Robinson\My Documents\audacity-win-2.0.5.exe
2014-08-17 23:45 - 2014-08-17 23:45 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Tor Browser
2014-08-17 23:13 - 2014-08-17 22:03 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Tropico 4
2014-08-17 19:57 - 2014-08-17 19:57 - 00001868 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-08-17 19:57 - 2014-08-17 19:57 - 00001862 _____ () F:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-08-17 19:57 - 2014-08-17 19:57 - 00000000 ____D () F:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-08-17 19:56 - 2014-08-17 19:56 - 29592768 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows-KB890830-V5.15.exe
2014-08-17 19:56 - 2014-08-17 19:56 - 08669472 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows7UpgradeAdvisorSetup.exe
2014-08-17 19:23 - 2011-09-03 23:20 - 00000000 ____D () F:\Program Files\Origin
2014-08-17 19:23 - 2011-09-03 23:20 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Origin
2014-08-17 01:31 - 2009-11-30 16:09 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Adobe
2014-08-17 01:31 - 2009-09-24 12:39 - 00000000 ____D () F:\Program Files\Adobe
2014-08-17 00:45 - 2009-11-26 17:55 - 00000000 ____D () F:\Program Files\McAfee
2014-08-17 00:45 - 2009-11-26 17:43 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\McAfee
2014-08-17 00:15 - 2014-08-17 00:15 - 05487016 _____ (Microsoft Corporation) F:\Documents and Settings\Richard Robinson\My Documents\Windows8-UpgradeAssistant.exe
2014-08-16 23:26 - 2013-12-28 23:15 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-16 22:47 - 2010-04-09 17:05 - 00000284 _____ () F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-16 19:27 - 2011-04-06 10:17 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Electronic Arts
2014-08-16 19:27 - 2011-04-06 01:35 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Electronic Arts
2014-08-16 19:26 - 2014-08-16 19:26 - 00000906 _____ () F:\Documents and Settings\All Users\Desktop\The Sims 4 Create A Sim Demo.lnk
2014-08-16 19:26 - 2014-08-16 19:26 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\The Sims 4 Create A Sim Demo
2014-08-16 14:26 - 2014-08-16 14:26 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Maxis
2014-08-16 14:19 - 2011-02-09 15:44 - 00000533 _____ () F:\WINDOWS\eReg.dat
2014-08-16 13:46 - 2014-08-16 13:46 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\Application Data\Kalypso Media
2014-08-16 02:00 - 2009-10-16 21:38 - 00000512 _____ () F:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
2014-08-16 01:00 - 2009-10-16 21:38 - 00000428 _____ () F:\WINDOWS\Tasks\NatSpeak Periodic Data Collection.job
2014-08-14 20:04 - 2014-08-14 20:03 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\Copies (Downloads)
2014-08-14 16:35 - 2010-07-29 12:27 - 00000000 ____D () F:\Program Files\THQ
2014-08-14 16:35 - 2009-04-17 00:39 - 00000000 ___RD () F:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-14 03:01 - 2009-04-17 01:42 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 23:27 - 2014-08-13 23:27 - 00000000 ____D () F:\Documents and Settings\Richard Robinson\My Documents\ActiveGSLocalData
2014-08-13 23:20 - 2013-08-14 23:24 - 00000000 ____D () F:\WINDOWS\system32\MRT
2014-08-13 23:10 - 2009-11-27 01:03 - 96303304 _____ (Microsoft Corporation) F:\WINDOWS\system32\MRT.exe
2014-08-11 20:23 - 2014-04-13 13:37 - 00000238 _____ () F:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-05 15:24 - 2009-08-21 00:01 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Yahoo! Companion
 
Files to move or delete:
====================
F:\Documents and Settings\Richard Robinson\TempWmicBatchFile.bat
 
 
Some content of TEMP:
====================
F:\Documents and Settings\Administrator\Local Settings\temp\_isE8.exe
F:\Documents and Settings\Richard Robinson\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
F:\WINDOWS\explorer.exe => File is digitally signed
F:\WINDOWS\system32\winlogon.exe => File is digitally signed
F:\WINDOWS\system32\svchost.exe => File is digitally signed
F:\WINDOWS\system32\services.exe => File is digitally signed
F:\WINDOWS\system32\User32.dll => File is digitally signed
F:\WINDOWS\system32\userinit.exe => File is digitally signed
F:\WINDOWS\system32\rpcss.dll => File is digitally signed
F:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
So far, the computer is running normally, except for the erratic web browser termination.

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 03 September 2014 - 08:04 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {6022AD39-BA6E-41CA-999D-879842BD9024} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295465&CUI=UN10305516432987212&UM=2
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
CHR Plugin: (Widevine Content Decryption Module) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (McAfee SiteAdvisor) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - F:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - F:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - F:\WINDOWS\system32\npdeployJava1.dll No File
CHR Extension: (Ghostery) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-09]
CHR HKLM\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
CHR HKCU\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
U1 WS2IFSL; No ImagePath

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 09 September 2014 - 08:59 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 15 September 2014 - 08:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 15 September 2014 - 12:51 PM

This topic has been re-opened at the request of the person who originally posted.

#8 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 16 September 2014 - 03:21 PM

Ok...

 

***Fixlog.txt***

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Richard Robinson at 2014-09-16 12:56:48 Run:1
Running from F:\Documents and Settings\Richard Robinson\Desktop\FRST
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Plugin: (Widevine Content Decryption Module) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (McAfee SiteAdvisor) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - F:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - F:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - F:\WINDOWS\system32\npdeployJava1.dll No File
CHR Extension: (Ghostery) - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-09]
CHR HKLM\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
CHR HKCU\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx [2013-06-08]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
U1 WS2IFSL; No ImagePath
 
end
*****************
 
Default URLSearchHook was restored successfully .
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6022AD39-BA6E-41CA-999D-879842BD9024}" => Key deleted successfully.
"HKCR\CLSID\{6022AD39-BA6E-41CA-999D-879842BD9024}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll not found.
F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1\McChPlg.dll not found.
F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.
F:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll not found.
F:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll not found.
F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll not found.
F:\WINDOWS\system32\npdeployJava1.dll not found.
F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kldbiondcoemmofebkcgcnbigliglcnl" => Key deleted successfully.
F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\kldbiondcoemmofebkcgcnbigliglcnl" => Key deleted successfully.
"F:\Documents and Settings\Richard Robinson\Local Settings\Application Data\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx" => File/Directory not found.
andnetadb => Service deleted successfully.
AndNetDiag => Service deleted successfully.
AndNetDiag2 => Service deleted successfully.
ANDNetModem => Service deleted successfully.
IntelIde => Service deleted successfully.
mfewfpk => Error deleting Service
WS2IFSL => Service deleted successfully.
 
==== End of Fixlog ====
 
 
 
***checkup.txt***
 

 Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java™ 6 Update 37  
 Java 2 Runtime Environment, SE v1.4.2_07 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0) 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive F:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Although the computer feels slower than normal, (this computer can be finicky, it's fast some days and slow other days) it seems to no longer be terminating the web browser (Chrome, Firefox and IE) executables anymore. 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 17 September 2014 - 07:25 AM


Using the Add/Remove programs remove this old version of Java™ 6 Update 37

===

I suggest you Defrag your Hard Drive.

How to:
http://support.microsoft.com/kb/314848
===

it seems to no longer be terminating the web browser (Chrome, Firefox and IE) executables anymore.


Can you give me more details of what you are trying to do.

#10 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 20 September 2014 - 03:05 PM

I was attempting to:

 

a. Resolve any possible damage done to my system by my unnecessary run of ComboFix and;

b. Stop the immediate termination of any .exe for a web browser. The web browsers seem to be working fine, now. Thanks. :)

 

Is there any other possible damage that we can repair?

 

 

Re: Defrag - I'll get right to it.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 21 September 2014 - 06:18 AM

Let me know what problems you are having.
I will see what I can do.

#12 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 25 September 2014 - 01:23 PM

Currently, I'm not having any other problems with the computer related to this, since the browsers are opening correctly; I'll just open a new topic if I have any other problems related to ComboFix and the affect it had on my computer. 

 

Thanks for all your help!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 26 September 2014 - 07:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users