Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with sysWOW64 & possible others


  • This topic is locked This topic is locked
10 replies to this topic

#1 dmwin

dmwin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 28 October 2014 - 12:51 PM

Hello there i'm Danielle and I've recently had some problems with some nasty malware and trojans that mcafee has not been able to detect. I also suspect I might have a worm. I was able to use some of mcafee's free tools (like rootkitremover, stinger64 and getsusp) to remove some of the infections but they didn't seem to find everything as my computer is still behaving like it's infected. It's not slow or anything, but i keep having to re-install drivers. I also have various system files and folders appearing where they shouldn't, and despite being an administer am not able to access all folders. When i've tried to remove some of these files or folders that the virus has generated, i end up getting told I need permission from TrustedInstaller! 

 

Also i'm not sure if this is related, but i'm having trouble with my java. mcafee keeps finding updates for it, but it seems to keep finding and installing the same update over and over again and when I got to the java website, i'm told i'm all up to date. 

 

please if someone who knows what they are doing and can make sense of these logs and help me figure out how to secure my computer I would be extremely appreciative. thank you so much!

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17116  BrowserJavaVersion: 10.71.2
Run by D Master at 11:36:44 on 2014-10-28
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.6022.3088 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\vuagent.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://sony13.msn.com
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{CB7BE21A-8D85-4896-B26D-BA3A20D2FFD6} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{CB7BE21A-8D85-4896-B26D-BA3A20D2FFD6}\35864716374797 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{CB7BE21A-8D85-4896-B26D-BA3A20D2FFD6}\4624F687 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{CB7BE21A-8D85-4896-B26D-BA3A20D2FFD6}\7596E6449425D2631353 : DHCPNameServer = 16.1.1.1
TCP: Interfaces\{CB7BE21A-8D85-4896-B26D-BA3A20D2FFD6}\7796E6469627D2836303D223E243 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-8-7 644968]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2014-6-20 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2014-6-20 348552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2014-8-4 56336]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-10-11 92536]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-5-31 310912]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-11 2445968]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-11 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-11 166720]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-9-12 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-12 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-9-12 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-9-12 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-9-12 189912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-11 365376]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-5-31 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-5-31 89800]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-5-31 347336]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-5-31 115912]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-5-31 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-5-31 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-5-31 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-5-31 136784]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\Drivers\btath_vdp.sys [2013-5-31 428488]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-5-31 586952]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2014-6-20 72128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-21 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2014-6-20 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2014-6-20 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2014-7-24 444720]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-7-31 683664]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\Drivers\SFEP.sys [2012-7-16 14336]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-27 44344]
R3 SOWS;Sony Wireless State Device;C:\Windows\System32\Drivers\sows.sys [2012-7-5 24280]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-7-2 59240]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-10-11 1642544]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2014-6-20 70600]
S2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-19 377768]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\Drivers\e1y60x64.sys [2012-6-2 283136]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2014-9-12 197704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2014-7-24 96592]
S3 NetworkSupport;NetworkSupport;C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [2012-10-11 639576]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-10-11 339600]
S3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\Drivers\semav6thermal64ro.sys [2014-7-21 13792]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-10-15 123616]
S3 SOHDms;VAIO Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-10-15 461024]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-10-15 78560]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2014-7-28 54784]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-19 377768]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-10-11 476328]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2012-11-7 972000]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-10-28 17:07:33 -------- d-----w- C:\FRST
2014-10-26 22:10:21 -------- d-----w- C:\Users\D Master\AppData\Roaming\Azureus
2014-10-20 15:58:49 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 19:47:18 -------- d-----w- C:\ProgramData\SecTaskMan
2014-10-17 19:47:09 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2014-10-17 19:09:43 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-17 19:09:43 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 17:49:20 79360 ----a-w- C:\Windows\System32\packager.dll
2014-10-17 17:49:20 68096 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-17 17:49:10 4068352 ----a-w- C:\Windows\System32\win32k.sys
2014-10-17 17:45:22 10115072 ----a-w- C:\Windows\System32\twinui.dll
2014-10-17 17:45:19 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-10-17 17:45:15 2306560 ----a-w- C:\Windows\System32\authui.dll
2014-10-17 17:45:14 2885632 ----a-w- C:\Windows\System32\msi.dll
2014-10-17 17:45:14 2416128 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-17 17:45:14 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-10-17 17:38:17 585728 ----a-w- C:\Windows\System32\rastls.dll
2014-10-17 17:38:17 510464 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-17 17:29:02 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2014-10-17 17:29:01 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2014-10-17 17:00:58 5982208 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-17 17:00:56 5095424 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-17 17:00:53 3248128 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-17 17:00:52 724992 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-17 17:00:51 1125376 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-17 17:00:50 1049600 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-17 17:00:49 300544 ----a-w- C:\Windows\System32\winsta.dll
2014-10-17 17:00:48 233472 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-17 17:00:47 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-17 16:53:23 -------- d-----r- C:\Program Files (x86)\Skype
2014-10-17 16:49:10 -------- d-----w- C:\ProgramData\Oracle
2014-10-17 08:00:44 1668 ----a-w- C:\Windows\System32\ASOROSet.bin
2014-10-17 03:50:27 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-17 03:50:08 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-17 03:46:33 -------- d-----w- C:\AdwCleaner
2014-10-17 03:24:49 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-11 01:50:30 -------- d-----w- C:\ProgramData\Origin
2014-10-11 01:50:29 -------- d-----w- C:\ProgramData\Electronic Arts
2014-10-11 01:50:22 -------- d-----w- C:\Program Files (x86)\Origin
.
==================== Find3M  ====================
.
2014-10-17 06:46:21 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-10-17 06:46:20 786296 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-10-02 06:23:02 225752 ----a-w- C:\Windows\apppatch\apppatch64\SPVCLdr64.dll
2014-09-26 19:19:55 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-09-26 19:19:55 269592 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-09-26 19:10:25 245248 ----a-w- C:\Windows\System32\usbmon.dll
2014-09-26 19:09:56 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2014-09-26 19:09:53 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll
2014-09-26 19:09:52 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2014-09-26 19:09:50 1101824 ----a-w- C:\Windows\System32\wmpmde.dll
2014-09-26 19:09:49 71168 ----a-w- C:\Windows\System32\WSDPrintProxy.DLL
2014-09-26 19:09:45 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2014-09-26 19:07:44 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2014-09-26 19:07:43 888320 ----a-w- C:\Windows\System32\autochk.exe
2014-09-26 19:07:43 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2014-09-26 19:07:42 542208 ----a-w- C:\Windows\System32\untfs.dll
2014-09-26 19:07:10 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
2014-09-26 19:07:10 151552 ----a-w- C:\Windows\System32\netprofm.dll
2014-09-26 19:07:08 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2014-09-26 19:07:00 169984 ----a-w- C:\Windows\System32\netplwiz.dll
2014-09-26 19:04:48 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2014-09-26 19:03:57 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
2014-09-26 19:03:54 86280 ----a-w- C:\Windows\System32\kdnet.dll
2014-09-26 19:03:54 77960 ----a-w- C:\Windows\System32\kdvm.dll
2014-09-26 19:03:54 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
2014-09-26 19:03:53 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2014-09-26 19:03:53 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2014-09-26 19:01:56 107520 ----a-w- C:\Windows\System32\taskkill.exe
2014-09-26 19:01:55 102400 ----a-w- C:\Windows\System32\tasklist.exe
2014-09-26 19:01:54 87552 ----a-w- C:\Windows\System32\wersvc.dll
2014-09-26 19:01:53 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2014-09-26 19:01:52 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2014-09-26 19:01:50 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2014-09-26 19:01:49 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll
2014-09-26 19:01:47 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2014-09-26 19:01:45 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2014-09-26 19:01:45 260096 ----a-w- C:\Windows\System32\hotspotauth.dll
2014-09-26 19:01:44 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2014-09-26 19:00:46 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2014-09-26 19:00:45 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2014-09-26 18:58:58 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2014-09-26 18:58:56 256000 ----a-w- C:\Windows\System32\WSDMon.dll
2014-09-26 18:58:55 406016 ----a-w- C:\Windows\System32\Windows.Media.dll
2014-09-26 18:58:54 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-09-26 18:58:53 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe
2014-09-26 18:40:24 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2014-09-26 18:40:18 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2014-09-26 18:38:06 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-26 18:37:57 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:17:32 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-09-20 05:17:32 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:50 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 01:06:59 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-09-19 14:13:57 596480 ----a-w- C:\Windows\System32\qedit.dll
2014-09-19 14:13:57 497152 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-09-19 14:13:35 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-09-19 14:13:02 265216 ----a-w- C:\Windows\System32\InkEd.dll
2014-09-19 14:12:37 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-09-19 14:12:32 1440256 ----a-w- C:\Windows\SysWow64\osk.exe
2014-09-19 14:12:02 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-09-19 14:12:02 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-19 14:12:00 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-09-19 14:11:59 439808 ----a-w- C:\Windows\System32\lsm.dll
2014-09-19 14:10:35 2233176 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-09-19 14:10:11 36352 ----a-w- C:\Windows\System32\rfxvmt.dll
2014-09-19 14:10:11 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-09-19 14:10:11 235520 ----a-w- C:\Windows\System32\rdpudd.dll
2014-09-19 14:09:46 1845760 ----a-w- C:\Windows\System32\msxml3.dll
2014-09-19 14:09:46 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-09-19 14:04:41 3842560 ----a-w- C:\Windows\System32\d2d1.dll
2014-09-19 14:04:37 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-09-19 14:04:18 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 14:04:18 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 14:04:03 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-09-19 14:04:02 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2014-09-19 14:03:47 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2014-09-19 14:03:47 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-09-19 14:03:47 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-09-19 14:03:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2014-09-19 14:03:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2014-09-19 14:03:46 146944 ----a-w- C:\Windows\System32\cscript.exe
2014-09-19 14:03:46 143872 ----a-w- C:\Windows\System32\wshom.ocx
2014-09-19 14:03:13 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2014-09-19 14:03:13 723968 ----a-w- C:\Windows\System32\BFE.DLL
2014-09-19 14:03:13 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-09-19 14:02:56 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2014-09-19 14:02:55 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-09-19 14:00:20 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 11:37:38.26 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 02 November 2014 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 dmwin

dmwin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 02 November 2014 - 01:12 PM

Hello nasdaq thank you so much for your help! 

 

my computer is still running suspiciously, although it does seem better.

there doesn't seem to be as many unnecessary folders however.

 

also I was surprised that MBAM didn't find any malware just those 7 other threats. 

i had them all quarantined. and cleaned all the ones the adwcleaner found.

 

thank you so much for your time! I appreciate this!

 

===

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2014-11-02
Scan Time: 9:58:26 AM
Logfile: detailedlog.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.02.05
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: D Master
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340906
Time Elapsed: 29 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [504bd75fb6c65bdb2f4a6c301aea30d0], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [45563afc87f5bf773543a7f5e91ba759], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 5
PUP.Optional.Yontoo, C:\$RECYCLE.BIN\S-1-5-21-3185731648-3636072915-927459803-1001\$R2C9TAP.exe, Quarantined, [a0fb5bdb710bf442b0219d3d61a0cd33], 
PUP.Optional.Yontoo, C:\$RECYCLE.BIN\S-1-5-21-3185731648-3636072915-927459803-1001\$RLOMFK0.exe, Quarantined, [52495bdb027a979f0cc5f2e8df227a86], 
PUP.Optional.Yontoo, C:\$RECYCLE.BIN\S-1-5-21-3185731648-3636072915-927459803-1001\$RWIRUER.exe, Quarantined, [9407bd798bf1d95d10c1a43620e1e719], 
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [f1aa88aed3a95adcaf412a7942bfd22e], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [7427fb3bd7a5072fc6b667351de76799], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
===
 
 
# AdwCleaner v3.311 - Report created 02/11/2014 at 10:39:48
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : D Master - MASTERBOX
# Running from : C:\Users\D Master\Downloads\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17116
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3277 octets] - [16/10/2014 20:46:40]
AdwCleaner[R1].txt - [3337 octets] - [16/10/2014 20:52:36]
AdwCleaner[R2].txt - [1112 octets] - [16/10/2014 20:58:59]
AdwCleaner[R3].txt - [1108 octets] - [16/10/2014 21:02:55]
AdwCleaner[R4].txt - [3120 octets] - [17/10/2014 01:09:38]
AdwCleaner[R5].txt - [1414 octets] - [17/10/2014 11:54:23]
AdwCleaner[R6].txt - [1443 octets] - [02/11/2014 10:39:48]
AdwCleaner[S0].txt - [3485 octets] - [16/10/2014 20:54:51]
AdwCleaner[S1].txt - [1087 octets] - [16/10/2014 21:00:29]
AdwCleaner[S2].txt - [1081 octets] - [16/10/2014 21:05:59]
AdwCleaner[S3].txt - [2777 octets] - [17/10/2014 01:11:07]
AdwCleaner[S4].txt - [1553 octets] - [17/10/2014 12:02:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1803 octets] ##########
 
===
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by D Master (administrator) on MASTERBOX on 02-11-2014 10:48:49
Running from C:\Users\D Master\Downloads
Loaded Profile: D Master (Available profiles: D Master)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\D Master\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
BootExecute: autocheck autochk * ROBoot64 \??\C:\Windows\system32\ASOROSet.bin
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {4BB95351-B95E-4A0A-B05F-A05D128865F0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
SearchScopes: HKCU - {94B396C3-3FC6-4710-824C-B99DD1F1285E} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA876D20140912&p={SearchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-12]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M82D1DA72-AFAF-45FD-9208-3BB6A104F296&SearchSource=55&CUI=&UM=6&UP=SP3C937744-F4D5-466A-A9ED-3D72303FB530&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (YouTube) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Adblock Plus) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-21]
CHR Extension: (Google Search) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Tampermonkey) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-07-21]
CHR Extension: (ZenMate) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-09-03]
CHR Extension: (SiteAdvisor) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-12]
CHR Extension: (XKit) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-07-21]
CHR Extension: (Hola Better Internet) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-19]
CHR Extension: (Eye Dropper) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-07-21]
CHR Extension: (Clearly) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-10-20]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows ® Win 7 DDK provider)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-10-16] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639576 2013-05-10] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-05-23] (Sony Corporation) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-11-07] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-09-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-30] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-30] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428488 2013-05-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-10-16] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-08-11] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-26] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-10-17] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 10:47 - 2014-11-02 10:48 - 02114560 _____ (Farbar) C:\Users\D Master\Downloads\FRST64 (1).exe
2014-11-02 10:43 - 2014-11-02 10:43 - 00001883 _____ () C:\Users\D Master\Desktop\AdwCleaner[R0].txt
2014-11-02 10:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-02 10:39 - 2014-11-02 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-02 10:38 - 2014-11-02 10:38 - 01375089 _____ () C:\Users\D Master\Downloads\adwcleaner_3.311.exe
2014-11-02 09:57 - 2014-11-02 10:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 09:56 - 2014-11-02 09:56 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 09:56 - 2014-11-02 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 09:56 - 2014-11-02 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 09:56 - 2014-11-02 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 09:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 09:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 09:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 09:55 - 2014-11-02 09:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\D Master\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-30 12:57 - 2014-10-30 12:57 - 00001388 _____ () C:\Users\D Master\Downloads\DavidsTeaCoverLetter.txt
2014-10-28 10:39 - 2014-10-28 10:39 - 00026499 _____ () C:\Users\D Master\Documents\DDS.txt
2014-10-28 10:39 - 2014-10-28 10:39 - 00003708 _____ () C:\Users\D Master\Documents\Attach.txt
2014-10-28 10:36 - 2014-10-28 10:36 - 00688992 ____R (Swearware) C:\Users\D Master\Downloads\dds.com
2014-10-28 10:08 - 2014-10-28 10:09 - 00029254 _____ () C:\Users\D Master\Downloads\Addition.txt
2014-10-28 10:07 - 2014-11-02 10:48 - 00021674 _____ () C:\Users\D Master\Downloads\FRST.txt
2014-10-28 10:07 - 2014-11-02 10:48 - 00000000 ____D () C:\FRST
2014-10-28 10:07 - 2014-10-28 10:07 - 02113024 _____ (Farbar) C:\Users\D Master\Downloads\FRST64.exe
2014-10-28 10:05 - 2014-10-28 10:05 - 00854448 _____ () C:\Users\D Master\Downloads\SecurityCheck.exe
2014-10-26 15:10 - 2014-10-28 09:47 - 00000000 ____D () C:\Users\D Master\AppData\Roaming\Azureus
2014-10-26 15:10 - 2014-10-26 15:10 - 00001754 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-10-26 15:06 - 2014-10-26 15:06 - 00016139 _____ () C:\Users\D Master\Downloads\[kickass.to]steel.panther.discography.torrent
2014-10-20 09:00 - 2014-10-20 09:00 - 00000000 ____D () C:\Users\D Master\AppData\Roaming\Oracle
2014-10-20 08:59 - 2014-10-20 08:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 08:58 - 2014-10-20 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 08:58 - 2014-10-20 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 08:58 - 2014-10-20 08:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 16:18 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\D Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-17 14:48 - 2014-10-17 14:48 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 12:47 - 2014-10-17 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-10-17 12:47 - 2014-10-17 12:47 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-17 12:41 - 2014-10-17 12:42 - 04904864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 12:09 - 2014-09-29 15:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 12:09 - 2014-09-29 15:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 10:49 - 2014-09-27 21:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 10:49 - 2014-09-12 22:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 10:49 - 2014-09-12 21:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 10:48 - 2014-09-19 22:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 10:48 - 2014-09-19 22:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 10:48 - 2014-09-19 22:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 10:48 - 2014-09-19 22:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-10-17 10:48 - 2014-09-19 22:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 10:48 - 2014-09-19 22:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 10:48 - 2014-09-19 22:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 10:48 - 2014-09-19 22:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 10:48 - 2014-09-19 22:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 10:48 - 2014-09-19 20:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 10:48 - 2014-09-19 20:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 10:48 - 2014-09-19 20:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 10:48 - 2014-09-19 20:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 10:48 - 2014-09-19 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 10:48 - 2014-09-19 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 10:48 - 2014-09-19 18:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-10-17 10:45 - 2014-08-29 22:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-17 10:45 - 2014-08-29 22:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 10:45 - 2014-08-29 22:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-17 10:45 - 2014-08-29 21:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-17 10:45 - 2014-08-29 21:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 10:45 - 2014-08-29 21:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-17 10:44 - 2014-08-01 15:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-17 10:44 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-17 10:44 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-17 10:44 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-17 10:44 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-17 10:44 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-17 10:44 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-17 10:44 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-17 10:44 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-17 10:44 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-17 10:44 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-17 10:44 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-17 10:38 - 2014-09-02 19:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 10:38 - 2014-09-02 19:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 10:29 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-17 10:29 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-17 10:28 - 2014-07-11 21:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-10-17 10:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 10:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 10:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 10:28 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 10:28 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 10:28 - 2014-07-11 21:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-10-17 10:28 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 10:28 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 10:28 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 10:28 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 10:28 - 2014-07-11 21:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 10:28 - 2014-07-11 17:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 10:28 - 2014-07-11 17:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-10-17 10:28 - 2014-07-08 15:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-10-17 10:28 - 2014-07-08 15:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-10-17 10:28 - 2014-07-08 15:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-10-17 10:28 - 2014-07-08 15:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-10-17 10:28 - 2014-07-06 22:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-10-17 10:28 - 2014-07-06 22:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-10-17 10:28 - 2014-07-04 03:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-17 10:28 - 2014-07-02 18:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-17 10:28 - 2014-07-02 17:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-17 10:28 - 2014-06-28 00:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-10-17 10:28 - 2014-06-27 23:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-17 10:28 - 2014-06-27 23:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-10-17 10:28 - 2014-06-25 00:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-17 10:28 - 2014-06-25 00:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-17 10:28 - 2014-06-17 16:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-17 10:28 - 2014-06-17 16:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-17 10:28 - 2014-06-11 07:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-17 10:28 - 2014-06-10 21:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-17 10:28 - 2014-06-10 15:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-17 10:28 - 2014-05-29 16:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-17 10:28 - 2014-05-29 16:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-17 10:28 - 2014-02-04 03:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-17 10:00 - 2014-07-06 22:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 10:00 - 2014-07-06 22:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 10:00 - 2014-07-06 22:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 10:00 - 2014-07-06 22:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 10:00 - 2014-07-06 22:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 10:00 - 2014-07-06 21:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 10:00 - 2014-07-06 21:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 10:00 - 2014-07-06 21:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 10:00 - 2014-07-06 20:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 09:53 - 2014-10-17 09:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-17 09:53 - 2014-10-17 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-17 09:49 - 2014-10-26 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 09:44 - 2014-10-17 09:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-17 01:14 - 2014-10-17 01:14 - 00000000 ____D () C:\Users\D Master\Documents\Bluetooth Folder
2014-10-17 01:00 - 2014-10-17 01:00 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-10-17 01:00 - 2014-10-17 01:00 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-10-17 00:34 - 2014-10-17 00:42 - 00000000 ____D () C:\Users\D Master\Documents\010 Games
2014-10-17 00:33 - 2014-10-17 00:33 - 00000000 ____D () C:\Users\D Master\Documents\200 Useless Filler
2014-10-17 00:30 - 2014-10-17 00:30 - 00000000 ____D () C:\Users\D Master\Downloads\004 Wallpapers
2014-10-17 00:29 - 2014-10-17 00:29 - 00000000 ____D () C:\Users\D Master\Downloads\003 Gifs
2014-10-17 00:29 - 2014-10-17 00:29 - 00000000 ____D () C:\Users\D Master\Downloads\002 Tor
2014-10-17 00:29 - 2014-10-17 00:29 - 00000000 ____D () C:\Users\D Master\Downloads\001 Games
2014-10-17 00:27 - 2014-10-17 20:24 - 00000000 ____D () C:\Users\D Master\Downloads\000 Virus  Protection
2014-10-16 20:50 - 2014-10-17 12:20 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-16 20:50 - 2014-10-16 20:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-16 20:46 - 2014-11-02 10:44 - 00000000 ____D () C:\AdwCleaner
2014-10-10 18:50 - 2014-10-17 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-10 18:50 - 2014-10-10 18:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-10 18:50 - 2014-10-10 18:50 - 00000000 ____D () C:\ProgramData\Origin
2014-10-10 18:50 - 2014-10-10 18:50 - 00000000 ____D () C:\ProgramData\Electronic Arts
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 10:46 - 2014-07-20 20:32 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 10:45 - 2012-08-02 19:22 - 00025696 _____ () C:\Windows\PFRO.log
2014-11-02 10:45 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 10:44 - 2012-10-11 12:27 - 01143059 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 10:41 - 2012-07-26 00:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 10:40 - 2014-07-20 20:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3185731648-3636072915-927459803-1001
2014-11-02 10:39 - 2014-09-12 15:17 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-11-02 10:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-02 10:30 - 2014-09-17 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-11-02 10:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-02 09:53 - 2014-07-20 20:32 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 04:51 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-02 04:06 - 2014-08-23 14:06 - 00000000 ____D () C:\Users\D Master\AppData\Roaming\Skype
2014-10-28 09:51 - 2014-07-20 20:25 - 00000000 ____D () C:\Users\D Master
2014-10-26 15:10 - 2014-07-23 14:00 - 00001754 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-10-26 15:10 - 2014-07-23 14:00 - 00000000 ____D () C:\Program Files\Vuze
2014-10-23 08:50 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-19 18:21 - 2014-07-20 20:45 - 00000000 ____D () C:\Update
2014-10-17 20:24 - 2014-09-12 15:00 - 00000000 ____D () C:\Program Files\stinger
2014-10-17 15:18 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:49 - 2014-07-20 20:32 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 12:16 - 2014-07-24 21:33 - 00000000 ____D () C:\Users\D Master\AppData\Local\CrashDumps
2014-10-17 12:04 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 12:03 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 12:01 - 2014-09-19 06:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 11:43 - 2014-09-20 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manic Digger
2014-10-17 11:43 - 2014-08-04 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2014-10-17 11:29 - 2014-07-21 02:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 11:06 - 2014-07-21 02:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 11:06 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 09:53 - 2014-08-23 14:05 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-17 09:53 - 2014-08-23 14:05 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 09:46 - 2014-09-19 06:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-17 02:18 - 2014-07-20 21:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-10-17 00:43 - 2014-07-23 14:27 - 00000000 ____D () C:\Users\D Master\Documents\001 Books
2014-10-17 00:40 - 2014-07-24 05:38 - 00000000 ____D () C:\Users\D Master\Documents\005 Photos
2014-10-17 00:39 - 2014-09-21 00:51 - 00000000 ____D () C:\Users\D Master\Documents\009 Gifs
2014-10-17 00:38 - 2014-09-21 00:51 - 00000000 ____D () C:\Users\D Master\Documents\008 Wallpapers
2014-10-17 00:38 - 2014-07-28 14:34 - 00000000 ____D () C:\Users\D Master\Documents\011 Tattoos
2014-10-17 00:31 - 2014-09-18 11:49 - 00000000 ____D () C:\Users\D Master\Documents\007 Mine
2014-10-16 23:46 - 2014-09-12 14:59 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-10-16 23:46 - 2014-06-20 09:26 - 00786296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-10-16 23:42 - 2014-09-12 15:13 - 00000000 ____D () C:\Program Files\McAfee
2014-10-16 20:11 - 2014-07-20 23:23 - 00000000 ____D () C:\Users\Guest
2014-10-16 20:11 - 2014-07-20 23:23 - 00000000 ____D () C:\Users\Administrator
2014-10-16 19:27 - 2014-09-12 15:13 - 00000000 ____D () C:\Program Files (x86)\McAfee
 
Some content of TEMP:
====================
C:\Users\D Master\AppData\Local\Temp\0325701410560122mcinst.exe
C:\Users\D Master\AppData\Local\Temp\dllnt_dump.dll
C:\Users\D Master\AppData\Local\Temp\i4jdel0.exe
C:\Users\D Master\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\D Master\AppData\Local\Temp\Quarantine.exe
C:\Users\D Master\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-02 03:00
 
==================== End Of Log ============================
 

Attached Files


Edited by dmwin, 02 November 2014 - 01:14 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 03 November 2014 - 09:18 AM

If not already done please run the AdwCleaner tool and clean everything that is found.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

SearchScopes: HKCU - {4BB95351-B95E-4A0A-B05F-A05D128865F0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M82D1DA72-AFAF-45FD-9208-3BB6A104F296&SearchSource=55&CUI=&UM=6&UP=SP3C937744-F4D5-466A-A9ED-3D72303FB530&SSPV="
CHR Extension: (Hola Better Internet) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-19]
C:\Users\D Master\AppData\Local\Temp\0325701410560122mcinst.exe
C:\Users\D Master\AppData\Local\Temp\dllnt_dump.dll
C:\Users\D Master\AppData\Local\Temp\i4jdel0.exe
C:\Users\D Master\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

#5 dmwin

dmwin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 November 2014 - 06:08 PM

I cleaned everything that AdwCleaner found yesterday.

 

and I created the Fixlog.txt in notepad.

 

however how would I go about running FRST? 

i'm assuming this is Farbar Recovery Scanner Tool? 

do I need to re-download this? it should be on my computer from yesterday

but i can't seem to locate it?

 

All I see is a folder called FRST located on my C:drive. 

inside it has three folders: Hives, Logs and Quarantine. 

The only application is in the Hives folder, called ERDNT.exe <--- is that what I want to run? 

 

I just wanted to confirm before I went ahead and continued,

as this seemed slightly off course from the instructions?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 04 November 2014 - 07:57 AM


You saved the Farbar tool in your Downloads folder.
Running from C:\Users\D Master\Downloads

Pleace the fixlist.txt not the fixlog.txt in the Download folder and run the Farber tool and click the fix button.

It will generate a file fixlog.txt, paste the results of that file.

#7 dmwin

dmwin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 05 November 2014 - 04:54 AM

Okay thank you. It wasn't there but I downloaded it again. 

 

-- 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by D Master at 2014-11-05 02:40:37 Run:1
Running from C:\Users\D Master\Downloads
Loaded Profiles: D Master &  (Available profiles: D Master)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
SearchScopes: HKCU - {4BB95351-B95E-4A0A-B05F-A05D128865F0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M82D1DA72-AFAF-45FD-9208-3BB6A104F296&SearchSource=55&CUI=&UM=6&UP=SP3C937744-F4D5-466A-A9ED-3D72303FB530&SSPV="
CHR Extension: (Hola Better Internet) - C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-19]
C:\Users\D Master\AppData\Local\Temp\0325701410560122mcinst.exe
C:\Users\D Master\AppData\Local\Temp\dllnt_dump.dll
C:\Users\D Master\AppData\Local\Temp\i4jdel0.exe
C:\Users\D Master\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
End
*****************
 
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BB95351-B95E-4A0A-B05F-A05D128865F0}" => Key deleted successfully.
"HKCR\CLSID\{4BB95351-B95E-4A0A-B05F-A05D128865F0}" => Key not found.
Chrome StartupUrls deleted successfully.
C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.
C:\Users\D Master\AppData\Local\Temp\0325701410560122mcinst.exe => Moved successfully.
C:\Users\D Master\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\D Master\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\D Master\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
"C:\Users\D Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => File/Directory not found.
 
==== End of Fixlog ====
 
--
 
I ran the command prompt and that seemed successful. Thank you so much for your help. 
 
Is there anything else I need to do?


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 05 November 2014 - 08:13 AM

Nothing else if all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 dmwin

dmwin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 05 November 2014 - 02:39 PM

Thank you so much for your help! I really appreciate it!

 

I just have one last quick question, I noticed some of my folders seem to have doubled up?

Is there anyway to restore this to just the one set? rather than having them rooted like this:  libraries -> documents -> documents?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 06 November 2014 - 08:30 AM

Is there anyway to restore this to just the one set? rather than having them rooted like this: libraries -> documents -> documents?


What you can do is create some folders in the Libraries > Documents and give them a Name Theme.

For example one might be Personal Photos an other Vacations trips etc.

Copy and paste the files from libraries -> documents -> documents to their respective folder.

When all transferred you can delete the documents in the last folder.

When you copy the files make sure you are in the proper folder.

p.s.
Do not delete until you have the set up you want.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 12 November 2014 - 09:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users