Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keeps redirecting to trovi.com


  • This topic is locked This topic is locked
18 replies to this topic

#1 bryan.harvey4

bryan.harvey4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 03 November 2014 - 02:31 PM

can't seem to remove it.  I have already tried spybot, malwarebytes, adw, jrt, combofix etc.  Computer running very slowly.

 

here is the DDS file

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 10.51.2
Run by Mom and Dad at 10:58:25 on 2014-11-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.661 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\OEM05Mon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080116
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
uURLSearchHooks: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program 
 
files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common 
 
files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - 
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common 
 
files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - c:\program files\safekey\LPToolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WinUpdater] c:\users\mom and dad\appdata\roaming\Puush.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [WinUpdater] c:\users\mom and dad\appdata\roaming\Puush.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\momand~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture 
 
utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\users\mom and dad\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive 
 
manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: SafeKey - c:\users\mom and dad\appdata\locallow\safekey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - c:\users\mom and dad\appdata\locallow\safekey\context.html?cmd=fillforms
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamerival.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.grab.com//media/3ef815/games/files/663/popcaploader_v6.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{2A334A87-75AE-4E2F-9867-ABDDDE10802B} : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{4752F9C7-819F-49FE-AC18-90AD2B244CC5} : DHCPNameServer = 192.168.42.129
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - c:\program files\turbotax 2013\ic2013pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings 
 
--verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B111US0D20140117&p=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
 
\components\frozen.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\mom and dad\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\mom and dad\appdata\local\torch\plugins\video\vlc\npvlc.dll
FF - plugin: c:\users\mom and dad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\move networks\plugins\071801000006\npqmp071801000006.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\plugins\np-
 
mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}\plugins\np-
 
mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\plugins\np-
 
mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-
 
mswmp.dll
FF - plugin: c:\users\momand~1\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2008-04-19 18:50; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-
 
9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation 
 
foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-4-3 574576]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-4-3 215624]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-9-22 208888]
R1 MpKslf4b5e0d2;MpKslf4b5e0d2;c:\programdata\microsoft\microsoft antimalware\definition updates\{c1a903f7-3ffc-4ee8-a891-4ac0a3ea3d58}\MpKslf4b5e0d2.sys 
 
[2014-11-3 39464]
R1 RapportCerberus_80055;RapportCerberus_80055;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80055.sys [2014-10-15 
 
430264]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-9-22 251288]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-9-22 332696]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-4-2 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-1 47640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-3 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-3 51928]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-4-3 236672]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-4-3 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-3-18 345584]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-1-16 31616]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-4-3 61400]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-4-3 66408]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-3-18 81264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 95920]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-1-16 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-1-16 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-1-16 235616]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2012-4-2 13408]
.
=============== Created Last 30 ================
.
2014-11-03 17:59:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-03 17:59:09 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-03 17:59:09 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-03 17:59:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-03 17:59:09 -------- d-----w- c:\programdata\Malwarebytes
2014-11-03 17:59:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-03 17:34:43 388096 ----a-r- c:\users\mom and dad\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}
 
\HiJackThis.exe
2014-11-03 17:34:42 -------- d-----w- c:\program files\Trend Micro
2014-11-03 09:56:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-03 09:44:10 98816 ----a-w- c:\windows\sed.exe
2014-11-03 09:44:10 256000 ----a-w- c:\windows\PEV.exe
2014-11-03 09:44:10 208896 ----a-w- c:\windows\MBR.exe
2014-11-03 09:43:29 -------- d-s---w- C:\ComboFix
2014-11-03 08:48:11 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c1a903f7-3ffc-4ee8-a891-4ac0a3ea3d58}
 
\MpKslf4b5e0d2.sys
2014-11-03 08:34:23 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-03 03:29:04 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2624ba6-5212-4220-9586-ec0a4a54220d}
 
\gapaengine.dll
2014-11-03 03:27:24 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c1a903f7-3ffc-4ee8-a891-4ac0a3ea3d58}
 
\mpengine.dll
2014-11-03 01:48:04 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-02 23:21:22 -------- d-----w- c:\users\mom and dad\appdata\local\speed browser
2014-11-01 23:49:59 -------- d-----w- c:\programdata\cd5e19dbd4d8c8ca
2014-11-01 16:38:47 -------- d-----w- c:\programdata\BvUdJaLWJ
2014-11-01 16:36:33 -------- d-----w- c:\program files\Super Optimizer
2014-10-16 22:20:34 -------- d-----w- c:\program files\Roblox
2014-10-15 20:15:09 -------- d-----w- c:\users\mom and dad\appdata\local\Trusteer
2014-10-15 20:14:32 -------- d-----w- c:\program files\Trusteer
2014-10-15 20:12:20 -------- d-----w- c:\programdata\Trusteer
2014-10-15 10:21:44 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 10:21:44 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 10:21:44 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 10:18:15 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 10:04:16 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-15 10:01:01 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-14 21:11:43 -------- d-----w- c:\windows\ERUNT
2014-10-14 20:24:47 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-22 20:54:50 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-10-22 20:54:49 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-10-22 20:54:46 85864 ----a-w- c:\windows\system32\LMIinit.dll
2014-10-22 20:54:46 31592 ----a-w- c:\windows\system32\LMIport.dll
2014-10-18 20:55:25 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak
2014-09-24 03:30:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 03:30:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 05:04:42 208888 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-15 18:36:34 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-07-31 05:50:00 26549760 ----a-w- c:\program files\common files\lpuninstall.exe
2010-01-18 17:26:29 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 11:15:10.61 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 08 November 2014 - 02:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554550 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 09 November 2014 - 12:03 AM

When opening my Google Chrome browser, I am redirected to Trovi.com.  The computer is running very slowly.  I have run spybot, adwcleaner, jrt, combofix, malwarebytes and am still being redirected to Trovi.com and still have a very slow running computer.

 

Here is the new DDS log and attach file:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 10.51.2
Run by Mom and Dad at 20:51:29 on 2014-11-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1207 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\OEM05Mon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080116
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
uURLSearchHooks: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - 
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - c:\program files\safekey\LPToolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WinUpdater] c:\users\mom and dad\appdata\roaming\Puush.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [WinUpdater] c:\users\mom and dad\appdata\roaming\Puush.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\momand~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\users\mom and dad\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: SafeKey - c:\users\mom and dad\appdata\locallow\safekey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - c:\users\mom and dad\appdata\locallow\safekey\context.html?cmd=fillforms
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamerival.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.grab.com//media/3ef815/games/files/663/popcaploader_v6.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{1EF45F08-69C0-4A90-B2BD-3BEDE988753D} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{2A334A87-75AE-4E2F-9867-ABDDDE10802B} : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{4752F9C7-819F-49FE-AC18-90AD2B244CC5} : DHCPNameServer = 192.168.42.129
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - c:\program files\turbotax 2013\ic2013pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B111US0D20140117&p=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\mom and dad\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\mom and dad\appdata\local\torch\plugins\video\vlc\npvlc.dll
FF - plugin: c:\users\mom and dad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\move networks\plugins\071801000006\npqmp071801000006.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\plugins\np-mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}\plugins\np-mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\plugins\np-mswmp.dll
FF - plugin: c:\users\mom and dad\appdata\roaming\mozilla\firefox\profiles\ani0tgrc.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dll
FF - plugin: c:\users\momand~1\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2008-04-19 18:50; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-4-3 574576]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-4-3 215624]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-9-22 208888]
R1 RapportCerberus_80055;RapportCerberus_80055;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80055.sys [2014-10-15 430264]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-9-22 251288]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-9-22 332696]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-11-5 81920]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-19 21504]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2014-5-24 9216]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-10-27 1894224]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-10-21 411920]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-4-2 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-1 47640]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-3 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-3 968504]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-7-30 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-7-30 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-7-30 179600]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-9-22 1919256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-7-17 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-7-17 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-7-17 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-7-29 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-7-29 952832]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-7-29 483840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-3 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-3 51928]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-4-3 236672]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-4-3 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-3-18 345584]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-1-16 31616]
S2 0056381415007131mcinstcleanup;McAfee Application Installer Cleanup (0056381415007131);c:\users\momand~1\appdata\local\temp\005638~1.exe -cleanup -nolog --> c:\users\momand~1\appdata\local\temp\005638~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MOBCleanup;MOBCleanup;"c:\users\mom and dad\appdata\local\temp\mobcleanup.exe" --> c:\users\mom and dad\appdata\local\temp\MOBCleanup.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-4-3 61400]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-16 30192]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-4-3 66408]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-3-18 81264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 95920]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-1-16 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-1-16 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-1-16 235616]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2012-4-2 13408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.8.130\mcchsvc.exe" --> c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [?]
.
=============== Created Last 30 ================
.
2014-11-08 05:19:12 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{44f4899b-2a2f-4d75-bf6c-188fb9b85440}\mpengine.dll
2014-11-07 13:01:19 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{59d67fa2-7d2d-4a3b-8b8d-b140dfb77304}\mpengine.dll
2014-11-07 05:18:39 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-04 01:19:39 8901368 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2014-11-03 17:59:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-03 17:59:09 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-03 17:59:09 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-03 17:59:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-03 17:59:09 -------- d-----w- c:\programdata\Malwarebytes
2014-11-03 17:59:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-03 17:34:43 388096 ----a-r- c:\users\mom and dad\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-11-03 17:34:42 -------- d-----w- c:\program files\Trend Micro
2014-11-03 09:56:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-03 09:44:10 98816 ----a-w- c:\windows\sed.exe
2014-11-03 09:44:10 256000 ----a-w- c:\windows\PEV.exe
2014-11-03 09:44:10 208896 ----a-w- c:\windows\MBR.exe
2014-11-03 09:43:29 -------- d-s---w- C:\ComboFix
2014-11-03 08:34:23 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-03 03:29:04 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2624ba6-5212-4220-9586-ec0a4a54220d}\gapaengine.dll
2014-11-02 23:21:22 -------- d-----w- c:\users\mom and dad\appdata\local\speed browser
2014-11-01 23:49:59 -------- d-----w- c:\programdata\cd5e19dbd4d8c8ca
2014-11-01 16:38:47 -------- d-----w- c:\programdata\BvUdJaLWJ
2014-11-01 16:36:33 -------- d-----w- c:\program files\Super Optimizer
2014-10-16 22:20:34 -------- d-----w- c:\program files\Roblox
2014-10-15 20:15:09 -------- d-----w- c:\users\mom and dad\appdata\local\Trusteer
2014-10-15 20:14:32 -------- d-----w- c:\program files\Trusteer
2014-10-15 20:12:20 -------- d-----w- c:\programdata\Trusteer
2014-10-15 10:21:44 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 10:21:44 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 10:21:44 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 10:18:15 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 10:04:16 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-15 10:01:01 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-14 21:11:43 -------- d-----w- c:\windows\ERUNT
2014-10-14 20:24:47 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-11-04 02:59:03 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-11-04 02:59:03 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-11-04 02:59:02 31592 ----a-w- c:\windows\system32\LMIport.dll
2014-11-04 02:59:01 85864 ----a-w- c:\windows\system32\LMIinit.dll
2014-10-28 14:35:00 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-18 20:55:25 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak
2014-09-24 03:30:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 03:30:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 05:04:42 208888 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-15 18:36:34 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-07-31 05:50:00 26549760 ----a-w- c:\program files\common files\lpuninstall.exe
2010-01-18 17:26:29 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 20:55:56.12 ===============
Attached File  attach.txt   12.85KB   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 09 November 2014 - 11:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 10 November 2014 - 01:04 PM

Browser is still redirecting to Trovi.com.  When the computer rebooted a warning came up about running AppData/Roaming/Puush.exe.  pasted and attached are the requested logs:

 

 

AdwCleaner[S2]

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 09:19:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Mom and Dad - THEBIGMACHINE
# Running from : C:\Users\Mom and Dad\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\cd5e19dbd4d8c8ca
Folder Deleted : C:\Program Files\Super Optimizer
Folder Deleted : C:\Users\Mom and Dad\AppData\Local\speed browser
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16584
 
 
-\\ Mozilla Firefox v6.0.1 (en-US)
 
[ani0tgrc.default\prefs.js] - Line Deleted : user_pref("CT2233703.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"21ÃÃ[...]
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SP93619F39-CB57-43E0-B4CF-68F4A17D9A01&isid=MA1B64339-EE4C-4448-96F5-C8E4CD9556C9&UM=6&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3328386&octid=EB_ORIGINAL_CTID
[C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SP93619F39-CB57-43E0-B4CF-68F4A17D9A01&isid=MA1B64339-EE4C-4448-96F5-C8E4CD9556C9&UM=6&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3328386&octid=EB_ORIGINAL_CTID
 
*************************
 
AdwCleaner[R0].txt - [106837 octets] - [14/10/2014 12:24:59]
AdwCleaner[R1].txt - [2758 octets] - [03/11/2014 00:31:13]
AdwCleaner[R2].txt - [2402 octets] - [10/11/2014 09:13:31]
AdwCleaner[S0].txt - [108325 octets] - [14/10/2014 12:35:08]
AdwCleaner[S1].txt - [3716 octets] - [03/11/2014 00:38:46]
AdwCleaner[S2].txt - [2411 octets] - [10/11/2014 09:19:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2471 octets] ##########
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Mom and Dad (administrator) on THEBIGMACHINE on 10-11-2014 09:32:29
Running from C:\Users\Mom and Dad\Desktop
Loaded Profile: Mom and Dad (Available profiles: Mom and Dad & LogMeInRemoteUser & UpdatusUser & HarveyAdmin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Motorola Media Link\NServiceEntry.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\KODAK Wireless Utility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd.) C:\Windows\OEM05Mon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [DELL Webcam Manager] => C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-12] (Google)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2008-12-25] (RealNetworks, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-27] (LogMeIn Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-08-21] (Creative Technology Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [AdobeUpdater] => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2356088 2011-02-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-01-16] (Google Inc.)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
 
HKU\S-1-5-18\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-08] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x404D12E6C56FCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080116
URLSearchHook: HKCU - (No Name) - {efb1e45a-148d-40f9-a3f0-09d5577f9970} -  No File
URLSearchHook: HKCU - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} -  No File
URLSearchHook: HKCU - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKCU - DefaultScope {E0B14353-F51E-4B67-8D9E-D0D6D1F30E68} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140117&p={SearchTerms}
SearchScopes: HKCU - {E0B14353-F51E-4B67-8D9E-D0D6D1F30E68} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140117&p={SearchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files\SafeKey\LPToolbar.dll (McAfee)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files\SafeKey\LPToolbar.dll (McAfee)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EFB1E45A-148D-40F9-A3F0-09D5577F9970} -  No File
Toolbar: HKCU - No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: McAfee SafeKey - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-07-17]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-06]
FF Extension: Google Toolbar for Firefox - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-07-13]
FF Extension: Snap.Do  - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [2014-07-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-08-07]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-04-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-03-22]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: No Name - C:\Program Files\Real\RealPlayer\browserrecord [2008-12-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-08]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files\McAfee\SiteAdvisor [2013-07-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3328386&octid=EB_ORIGINAL_CTID&ISID=MA1B64339-EE4C-4448-96F5-C8E4CD9556C9&SearchSource=55&CUI=&UM=6&UP=SP93619F39-CB57-43E0-B4CF-68F4A17D9A01&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2013-07-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (CoolPreviews) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbhbhdjmllabhmeoehogilodnpbmhgj [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Mom and Dad\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [gllbdihjlcikdkimpponkfggdpjnhngg] - C:\Users\Mom and Dad\AppData\Local\CRE\gllbdihjlcikdkimpponkfggdpjnhngg.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Mom and Dad\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Mom and Dad\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2013-07-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-05] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\NServiceEntry.exe [81920 2010-11-05] (Nero AG) [File not signed]
S2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1894224 2014-10-27] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2975352 2007-01-31] (Symantec Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-10-21] (LogMeIn, Inc.)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-09-22] (IBM Corp.)
R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-07-29] (WDC) [File not signed]
S2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [952832 2010-07-29] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [483840 2010-07-29] () [File not signed]
S2 0056381415007131mcinstcleanup; C:\Users\MOMAND~1\AppData\Local\Temp\005638~1.EXE -cleanup -nolog [X]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S2 MOBCleanup; "C:\Users\Mom and Dad\AppData\Local\Temp\MOBCleanup.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [141376 2007-08-21] (Creative Technology Ltd.)
S3 OEM05Vfx; C:\Windows\System32\DRIVERS\OEM05Vfx.sys [7424 2007-08-21] (EyePower Games Pte. Ltd.)
S3 OEM05Vid; C:\Windows\System32\DRIVERS\OEM05Vid.sys [235616 2007-08-21] (Creative Technology Ltd.)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2012-04-02] (LogMeIn, Inc.)
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys [430264 2014-10-15] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251288 2014-09-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208888 2014-09-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-09-22] (IBM Corp.)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [31616 2007-01-15] ()
S4 AhnRptTfFRegFNT; \??\C:\Users\MOMAND~1\AppData\Local\Temp\nsg1B76.tmp\TfFRegNt.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\MOMAND~1\AppData\Local\Temp\catchme.sys [X]
S4 cpuz136; \??\C:\Users\MOMAND~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S4 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 ivusb; system32\DRIVERS\ivusb.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NPF; system32\drivers\NPF.sys [X]
S2 npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [X]
S3 npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 09:32 - 2014-11-10 09:40 - 00039477 _____ () C:\Users\Mom and Dad\Desktop\FRST.txt
2014-11-10 09:32 - 2014-11-10 09:34 - 00000000 ____D () C:\FRST
2014-11-10 09:29 - 2014-11-10 09:29 - 01107968 _____ (Farbar) C:\Users\Mom and Dad\Desktop\FRST.exe
2014-11-10 09:28 - 2014-11-10 09:28 - 01706808 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (4).exe
2014-11-10 09:26 - 2014-11-10 09:26 - 00002488 _____ () C:\Users\Mom and Dad\Desktop\AdwCleaner[S2].txt
2014-11-10 09:12 - 2014-11-10 09:12 - 02140160 _____ () C:\Users\Mom and Dad\Desktop\AdwCleaner.exe
2014-11-08 16:03 - 2014-11-08 16:03 - 01706808 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (3).exe
2014-11-07 06:25 - 2014-11-07 06:25 - 01706939 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (2).exe
2014-11-06 18:40 - 2014-11-06 18:40 - 00000000 ____D () C:\Users\Mom and Dad\Downloads\zip_songs-dc
2014-11-06 17:33 - 2014-11-06 17:33 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (3).zip
2014-11-06 08:28 - 2014-11-06 08:28 - 01706939 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (1).exe
2014-11-03 11:16 - 2014-11-08 21:02 - 00013155 _____ () C:\Users\Mom and Dad\Desktop\attach.txt
2014-11-03 11:16 - 2014-11-08 21:01 - 00034686 _____ () C:\Users\Mom and Dad\Desktop\dds.txt
2014-11-03 10:54 - 2014-11-03 10:54 - 00688992 ____R (Swearware) C:\Users\Mom and Dad\Desktop\dds.com
2014-11-03 09:59 - 2014-11-10 09:38 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 09:59 - 2014-11-03 09:59 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-03 09:59 - 2014-10-01 11:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-03 09:59 - 2014-10-01 11:20 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-03 09:59 - 2014-10-01 11:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 09:55 - 2014-11-03 09:55 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Mom and Dad\Desktop\mbam-setup.exe
2014-11-03 09:38 - 2014-11-03 09:38 - 00020410 _____ () C:\Users\Mom and Dad\Desktop\hijackthis.log
2014-11-03 09:34 - 2014-11-03 09:34 - 00001960 _____ () C:\Users\Mom and Dad\Desktop\HiJackThis.lnk
2014-11-03 09:34 - 2014-11-03 09:34 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-11-03 09:34 - 2014-11-03 09:34 - 00000000 ____D () C:\Program Files\Trend Micro
2014-11-03 09:33 - 2014-11-03 09:33 - 01402880 _____ () C:\Users\Mom and Dad\Downloads\HiJackThis.msi
2014-11-03 02:32 - 2014-11-03 02:32 - 00151464 _____ () C:\Windows\Minidump\Mini110314-01.dmp
2014-11-03 01:44 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 01:44 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 01:44 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 01:43 - 2014-11-03 02:30 - 00000000 ___SD () C:\ComboFix
2014-11-03 01:16 - 2014-11-03 01:43 - 00000000 ____D () C:\Qoobox
2014-11-03 01:15 - 2014-11-03 01:15 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 01:14 - 2014-11-03 01:43 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-03 01:10 - 2014-11-03 01:10 - 00003217 _____ () C:\Users\Mom and Dad\Desktop\JRT.txt
2014-11-03 00:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-02 23:20 - 2014-10-31 18:48 - 01706359 _____ (Thisisu) C:\Users\Mom and Dad\Desktop\JRT_NEW.exe
2014-11-02 23:03 - 2014-11-02 23:03 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-02 23:03 - 2014-11-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-01 08:42 - 2014-11-01 09:28 - 00000000 ___HD () C:\Users\Public\Temp
2014-11-01 08:38 - 2014-11-02 17:47 - 00000000 ____D () C:\ProgramData\BvUdJaLWJ
2014-10-28 18:28 - 2014-10-28 18:42 - 336045961 _____ () C:\Users\Mom and Dad\Downloads\Jaxon & Emerson.zip
2014-10-28 17:57 - 2014-10-28 17:57 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (2).zip
2014-10-28 17:56 - 2014-10-28 17:56 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (1).zip
2014-10-28 17:47 - 2014-10-28 17:47 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics.zip
2014-10-26 04:57 - 2014-11-10 09:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff11c6e9255c0.job
2014-10-23 09:31 - 2012-11-17 09:07 - 00098816 _____ () C:\Users\Mom and Dad\Registration Coupon.pub
2014-10-23 09:31 - 2012-11-17 09:07 - 00000352 _____ () C:\Users\Mom and Dad\Registration Coupon.LNK
2014-10-22 21:17 - 2014-10-22 21:17 - 00017779 _____ () C:\Users\Mom and Dad\Downloads\HalloweenSMEpitaphsD&C.odt
2014-10-21 18:02 - 2014-10-21 18:02 - 01848602 _____ () C:\Users\Mom and Dad\Downloads\Lesson-30-D-and-C-22-23-True-Authority.pptx
2014-10-21 17:06 - 2014-10-21 17:06 - 03095247 _____ () C:\Users\Mom and Dad\Downloads\Intro-Basic-Doctrine.pptx
2014-10-21 17:06 - 2014-10-21 17:06 - 03095247 _____ () C:\Users\Mom and Dad\Downloads\Intro-Basic-Doctrine (1).pptx
2014-10-16 14:20 - 2014-10-16 14:20 - 00000000 ____D () C:\Program Files\Roblox
2014-10-15 12:15 - 2014-10-15 12:15 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Trusteer
2014-10-15 12:15 - 2014-10-15 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-15 12:14 - 2014-10-15 12:14 - 00000000 ____D () C:\Program Files\Trusteer
2014-10-15 12:12 - 2014-10-15 12:12 - 00000000 ____D () C:\ProgramData\Trusteer
2014-10-15 12:06 - 2014-10-15 12:06 - 00436504 _____ (IBM Corp.) C:\Users\Mom and Dad\Downloads\RapportSetup.exe
2014-10-15 02:21 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:21 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:21 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 02:18 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 02:04 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 02:01 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 18:59 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 18:59 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 18:59 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 18:59 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 18:59 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 18:59 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 18:59 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-14 18:59 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 18:59 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 18:59 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 18:59 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-14 18:59 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 18:59 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 18:59 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-14 18:59 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 18:59 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 18:59 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 18:59 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 18:59 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-14 18:59 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-14 18:59 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 14:51 - 2014-10-14 14:51 - 00000000 ____D () C:\Users\Mom and Dad\Downloads\Autoruns
2014-10-14 14:49 - 2014-10-14 14:49 - 00511633 _____ () C:\Users\Mom and Dad\Downloads\Autoruns.zip
2014-10-14 14:43 - 2014-10-14 14:43 - 01705698 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT.exe
2014-10-14 13:11 - 2014-10-14 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-10-14 13:05 - 2014-10-14 13:06 - 01705698 _____ (Thisisu) C:\Users\Mom and Dad\Desktop\JRT.exe
2014-10-14 12:24 - 2014-11-10 09:19 - 00000000 ____D () C:\AdwCleaner
2014-10-13 15:44 - 2014-10-13 15:47 - 177628907 _____ () C:\Users\Mom and Dad\Downloads\D&C 19 Silent Lesson.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 09:39 - 2008-01-16 05:28 - 01838538 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 09:30 - 2013-02-28 16:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 09:28 - 2011-10-07 22:14 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\LogMeIn Hamachi
2014-11-10 09:26 - 2014-01-21 16:56 - 00000883 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-10 09:26 - 2014-01-21 16:56 - 00000867 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-10 09:24 - 2014-07-17 15:19 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-10 09:23 - 2014-09-12 11:57 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Mom and Dad.job
2014-11-10 09:23 - 2009-12-21 18:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 09:22 - 2010-03-27 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-10 09:22 - 2008-01-16 06:01 - 02209136 _____ () C:\Windows\PFRO.log
2014-11-10 09:22 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 09:22 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 09:22 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 09:20 - 2012-07-01 20:48 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-10 09:20 - 2008-01-16 05:40 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-10 09:20 - 2006-11-02 05:01 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-10 09:02 - 2013-12-11 00:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef64a608f35b0.job
2014-11-10 02:00 - 2008-01-30 19:05 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Adobe
2014-11-09 20:54 - 2010-11-16 10:15 - 00002609 _____ () C:\Users\Mom and Dad\Desktop\Microsoft Office Word 2003.lnk
2014-11-09 17:02 - 2010-09-20 14:39 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\CrashDumps
2014-11-09 15:19 - 2014-09-12 11:57 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Mom and Dad.job
2014-11-09 13:37 - 2014-09-12 11:57 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Mom and Dad.job
2014-11-09 11:34 - 2009-03-26 23:08 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-11-08 17:45 - 2006-11-02 02:33 - 00776158 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 07:31 - 2014-07-17 15:20 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-03 19:00 - 2012-07-01 20:48 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-03 18:59 - 2012-07-01 20:49 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-03 18:59 - 2012-07-01 20:49 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-03 18:59 - 2012-07-01 20:49 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-03 02:32 - 2008-09-23 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-11-03 02:31 - 2013-11-30 15:39 - 414477246 _____ () C:\Windows\MEMORY.DMP
2014-11-03 01:46 - 2006-11-02 03:18 - 00000000 ___RD () C:\Users\Public
2014-11-03 01:45 - 2008-10-03 06:00 - 00000000 ____D () C:\Users\Jaxon's Account.TheBigMachine
2014-11-03 01:45 - 2008-06-21 07:16 - 00000000 ____D () C:\Users\Jaxon's Account
2014-11-03 01:40 - 2013-07-30 21:43 - 00000000 ____D () C:\Program Files\McAfee
2014-11-03 01:34 - 2014-04-10 06:23 - 00000000 ____D () C:\Users\Mom and Dad\Downloads\Documents\McAfee Vaults
2014-11-03 01:23 - 2014-03-10 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-02 22:24 - 2013-09-19 14:11 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Roaming\JAM Software
2014-11-02 22:22 - 2008-01-27 16:03 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Google
2014-11-02 22:22 - 2008-01-16 05:55 - 00000000 ____D () C:\Program Files\Google
2014-11-02 19:08 - 2014-01-27 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-02 19:05 - 2014-01-27 22:47 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-11-02 17:54 - 2006-11-02 02:22 - 64487424 _____ () C:\Windows\system32\config\software_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 47448064 _____ () C:\Windows\system32\config\system_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 47185920 _____ () C:\Windows\system32\config\components_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 05505024 _____ () C:\Windows\system32\config\default_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-11-02 17:53 - 2013-01-29 23:09 - 00000000 ____D () C:\Users\HarveyAdmin
2014-11-02 17:53 - 2011-03-03 08:43 - 00000000 ____D () C:\Users\Aydan
2014-11-02 17:52 - 2014-02-28 23:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-02 17:52 - 2008-04-19 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-02 17:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-02 17:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-11-02 17:48 - 2008-01-27 16:02 - 00000000 ____D () C:\Users\Mom and Dad
2014-11-02 17:47 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-02 16:29 - 2012-06-24 15:00 - 00001356 _____ () C:\Users\Mom and Dad\AppData\Local\d3d9caps.dat
2014-10-28 06:35 - 2009-10-02 21:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 17:47 - 2008-04-19 17:47 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Deployment
2014-10-23 12:46 - 2012-12-04 21:47 - 00033175 _____ () C:\Windows\setupact.log
2014-10-20 08:32 - 2008-01-27 16:06 - 00200704 _____ () C:\Users\Mom and Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-18 12:55 - 2012-07-01 20:49 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.001.bak
2014-10-16 14:19 - 2009-11-27 20:55 - 00000000 ____D () C:\Program Files\Project64 1.6
2014-10-16 14:16 - 2008-10-11 21:09 - 00000000 ____D () C:\Program Files\NCSoft
2014-10-16 14:16 - 2008-01-16 05:43 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-15 03:10 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 02:44 - 2012-10-21 08:31 - 00000482 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-10-15 02:42 - 2006-11-02 04:47 - 00903008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:17 - 2013-08-14 02:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:04 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-14 13:24 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-10-14 12:11 - 2014-07-17 15:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-13 20:51 - 2013-12-13 23:26 - 00000000 ____D () C:\Users\Mom and Dad\Aydan FVDES
2014-10-13 11:33 - 2014-02-13 13:33 - 535009376 _____ () C:\Users\Mom and Dad\Desktop\07 Great Lakes.m4v
 
Files to move or delete:
====================
C:\Users\Mom and Dad\jagex_cl_runescape_LIVE.dat
C:\Users\Mom and Dad\jagex_cl_runescape_LIVE1.dat
C:\Users\Mom and Dad\jagex_runescape_preferences.dat
C:\Users\Mom and Dad\jagex_runescape_preferences2.dat
C:\Users\Mom and Dad\jagex__preferences3.dat
C:\Users\Mom and Dad\jobq.dat
C:\Users\Mom and Dad\PhotoshopElements_9_LS15.exe
C:\Users\Mom and Dad\PremiereElements_9_LS15.exe
 
 
Some content of TEMP:
====================
C:\Users\HarveyAdmin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\HarveyAdmin\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mom and Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Mom and Dad\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2014-11-10 09:33
 
==================== End Of Log ============================
 
 
Addition.txt is attachedAttached File  Addition.txt   52.97KB   1 downloads

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 11 November 2014 - 09:22 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
Startup: C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {efb1e45a-148d-40f9-a3f0-09d5577f9970} -  No File
URLSearchHook: HKCU - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} -  No File
URLSearchHook: HKCU - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKCU - Live Search URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {EFB1E45A-148D-40F9-A3F0-09D5577F9970} -  No File
Toolbar: HKCU - No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.grab.com//media/3ef815/games/files/663/popcaploader_v6.cab
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Extension: Snap.Do  - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [2014-07-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-03-22]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3328386&octid=EB_ORIGINAL_CTID&ISID=MA1B64339-EE4C-4448-96F5-C8E4CD9556C9&SearchSource=55&CUI=&UM=6&UP=SP93619F39-CB57-43E0-B4CF-68F4A17D9A01&SSPV="
CHR HKLM\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Mom and Dad\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [gllbdihjlcikdkimpponkfggdpjnhngg] - C:\Users\Mom and Dad\AppData\Local\CRE\gllbdihjlcikdkimpponkfggdpjnhngg.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Mom and Dad\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Mom and Dad\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2013-07-30]
S2 0056381415007131mcinstcleanup; C:\Users\MOMAND~1\AppData\Local\Temp\005638~1.EXE -cleanup -nolog [X]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S2 MOBCleanup; "C:\Users\Mom and Dad\AppData\Local\Temp\MOBCleanup.exe" [X]
S4 AhnRptTfFRegFNT; \??\C:\Users\MOMAND~1\AppData\Local\Temp\nsg1B76.tmp\TfFRegNt.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\MOMAND~1\AppData\Local\Temp\catchme.sys [X]
S4 cpuz136; \??\C:\Users\MOMAND~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S4 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 ivusb; system32\DRIVERS\ivusb.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NPF; system32\drivers\NPF.sys [X]
S2 npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [X]
S3 npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\HarveyAdmin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\HarveyAdmin\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mom and Dad\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\sqlite3.dll
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:060A8BA5
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

P.S.
If the redirects are still around reset the Browser(s)

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#7 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 November 2014 - 01:45 PM

When the computer rebooted a warning still came up about running AppData/Roaming/Puush.exe.  Computer startup very slow.  responsiveness still slow.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01

Ran by Mom and Dad at 2014-11-12 10:23:56 Run:1
Running from C:\Users\Mom and Dad\Desktop\Malware Removal Tools
Loaded Profile: Mom and Dad (Available profiles: Mom and Dad & LogMeInRemoteUser & UpdatusUser & HarveyAdmin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
tart
 
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
Startup: C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {efb1e45a-148d-40f9-a3f0-09d5577f9970} -  No File
URLSearchHook: HKCU - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} -  No File
URLSearchHook: HKCU - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {EFB1E45A-148D-40F9-A3F0-09D5577F9970} -  No File
Toolbar: HKCU - No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} -  No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Extension: Snap.Do  - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [2014-07-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-03-22]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3328386&octid=EB_ORIGINAL_CTID&ISID=MA1B64339-EE4C-4448-96F5-C8E4CD9556C9&SearchSource=55&CUI=&UM=6&UP=SP93619F39-CB57-43E0-B4CF-68F4A17D9A01&SSPV="
CHR HKLM\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Mom and Dad\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [gllbdihjlcikdkimpponkfggdpjnhngg] - C:\Users\Mom and Dad\AppData\Local\CRE\gllbdihjlcikdkimpponkfggdpjnhngg.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Mom and Dad\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Mom and Dad\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2013-07-30]
S2 0056381415007131mcinstcleanup; C:\Users\MOMAND~1\AppData\Local\Temp\005638~1.EXE -cleanup -nolog [X]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S2 MOBCleanup; "C:\Users\Mom and Dad\AppData\Local\Temp\MOBCleanup.exe" [X]
S4 AhnRptTfFRegFNT; \??\C:\Users\MOMAND~1\AppData\Local\Temp\nsg1B76.tmp\TfFRegNt.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\MOMAND~1\AppData\Local\Temp\catchme.sys [X]
S4 cpuz136; \??\C:\Users\MOMAND~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S4 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 ivusb; system32\DRIVERS\ivusb.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NPF; system32\drivers\NPF.sys [X]
S2 npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [X]
S3 npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\HarveyAdmin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\HarveyAdmin\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mom and Dad\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mom and Dad\AppData\Local\Temp\sqlite3.dll
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:060A8BA5
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
End
*****************
 
tart => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinUpdater => value deleted successfully.
"HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{efb1e45a-148d-40f9-a3f0-09d5577f9970} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f9bbf004-6e40-4019-8214-c43a37e1d058} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Live Search" => Key deleted successfully.
"HKCR\CLSID\Live Search" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully.
"HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFB1E45A-148D-40F9-A3F0-09D5577F9970} => value deleted successfully.
"HKCR\CLSID\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F9BBF004-6E40-4019-8214-C43A37E1D058} => value deleted successfully.
"HKCR\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => value deleted successfully.
"HKCR\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => Key deleted successfully.
"HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => Key not found.
"HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com => value deleted successfully.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi => not found.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi => not found.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com => not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn" => Key deleted successfully.
"C:\Users\Mom and Dad\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gllbdihjlcikdkimpponkfggdpjnhngg" => Key deleted successfully.
"C:\Users\Mom and Dad\AppData\Local\CRE\gllbdihjlcikdkimpponkfggdpjnhngg.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi" => Key deleted successfully.
"C:\Users\Mom and Dad\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh" => Key deleted successfully.
"C:\Users\Mom and Dad\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx" => File/Directory not found.
0056381415007131mcinstcleanup => Service deleted successfully.
McComponentHostService => Service deleted successfully.
MOBCleanup => Service deleted successfully.
AhnRptTfFRegFNT => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
cpuz136 => Service deleted successfully.
EagleNT => Service deleted successfully.
IpInIp => Service deleted successfully.
ivusb => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
NPF => Service deleted successfully.
npkcrypt => Service deleted successfully.
npkcusb => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\HarveyAdmin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\HarveyAdmin\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
C:\Users\Mom and Dad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mom and Dad\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
C:\Users\Mom and Dad\AppData\Local\Temp\sqlite3.dll => Moved successfully.
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":060A8BA5" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
 
==== End of Fixlog ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 12 November 2014 - 02:42 PM

This key was removed by the fix.
HKLM\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()

Please run the Farbar tool one more time and post a fresh FRST log.
===

Just to make sure it's still around run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 13 November 2014 - 10:44 AM

Can you tell me what Puush.exe is?  I am no longer being redirected, but pageloads just seem very slow.  Here are the two logs requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Mom and Dad (administrator) on THEBIGMACHINE on 13-11-2014 07:19:50
Running from C:\Users\Mom and Dad\Desktop\Malware Removal Tools
Loaded Profile: Mom and Dad (Available profiles: Mom and Dad & LogMeInRemoteUser & UpdatusUser & HarveyAdmin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Motorola Media Link\NServiceEntry.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Creative Technology Ltd.) C:\Windows\OEM05Mon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [DELL Webcam Manager] => C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-12] (Google)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2008-12-25] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM\...\Run: [WinUpdater] => C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [1827280 2014-02-10] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-08-21] (Creative Technology Ltd.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-27] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [AdobeUpdater] => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2356088 2011-02-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-01-16] (Google Inc.)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2131053745-3692244335-1036882588-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-08] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x404D12E6C56FCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080116
SearchScopes: HKCU - DefaultScope {E0B14353-F51E-4B67-8D9E-D0D6D1F30E68} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140117&p={SearchTerms}
SearchScopes: HKCU - {E0B14353-F51E-4B67-8D9E-D0D6D1F30E68} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140117&p={SearchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files\SafeKey\LPToolbar.dll (McAfee)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files\SafeKey\LPToolbar.dll (McAfee)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: McAfee SafeKey - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-07-17]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-06]
FF Extension: Google Toolbar for Firefox - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-08-07]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-04-19]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: No Name - C:\Program Files\Real\RealPlayer\browserrecord [2008-12-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-08]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [Not Found]
FF Extension: No Name - C:\Program Files\McAfee\SiteAdvisor [2013-07-30]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.lds.org/?lang=eng
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2013-07-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (CoolPreviews) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbhbhdjmllabhmeoehogilodnpbmhgj [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Mom and Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-07-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-05] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\NServiceEntry.exe [81920 2010-11-05] (Nero AG) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1894224 2014-10-27] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2975352 2007-01-31] (Symantec Corporation)
S2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-29] (IBM Corp.)
R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-07-29] (WDC) [File not signed]
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [952832 2010-07-29] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [483840 2010-07-29] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [141376 2007-08-21] (Creative Technology Ltd.)
S3 OEM05Vfx; C:\Windows\System32\DRIVERS\OEM05Vfx.sys [7424 2007-08-21] (EyePower Games Pte. Ltd.)
S3 OEM05Vid; C:\Windows\System32\DRIVERS\OEM05Vid.sys [235616 2007-08-21] (Creative Technology Ltd.)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2012-04-02] (LogMeIn, Inc.)
R4 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys [430264 2014-10-15] ()
R1 RapportCerberus_80071; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80071.sys [430264 2014-11-13] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251288 2014-10-29] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208888 2014-10-29] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-10-29] (IBM Corp.)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [31616 2007-01-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 NPF; system32\drivers\NPF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 03:37 - 2014-11-13 03:37 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-11-13 03:37 - 2014-11-13 03:37 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-11-12 21:06 - 2014-11-12 21:06 - 00000000 ____D () C:\Users\Mom and Dad\Random Stuff\Documents\Documents\Documents\Documents\Documents\Documents\Documents\Documents\Documents\Documents\Documents\FirstClass
2014-11-12 03:17 - 2014-10-09 17:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 03:17 - 2014-10-09 17:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 03:17 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 03:17 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 03:17 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:17 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 03:16 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:16 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 03:15 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 03:13 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 03:13 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:13 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:13 - 2014-10-02 17:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:13 - 2014-10-02 17:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:00 - 2014-10-12 15:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 02:57 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 02:57 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 02:57 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 02:57 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 02:57 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 02:57 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 02:57 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 02:57 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 02:57 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 02:57 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 02:57 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 02:57 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 02:57 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 02:57 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 02:57 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 02:57 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 02:57 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 02:57 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 02:57 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 02:57 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 02:57 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:09 - 2014-11-11 19:09 - 00000000 ____D () C:\Users\Mom and Dad\Random Stuff
2014-11-11 18:38 - 2014-11-11 18:39 - 00000000 ____D () C:\Users\Mom and Dad\Games
2014-11-10 10:05 - 2014-11-13 07:19 - 00000000 ____D () C:\Users\Mom and Dad\Desktop\Malware Removal Tools
2014-11-10 09:32 - 2014-11-13 07:20 - 00000000 ____D () C:\FRST
2014-11-10 09:28 - 2014-11-10 09:28 - 01706808 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (4).exe
2014-11-08 16:03 - 2014-11-08 16:03 - 01706808 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (3).exe
2014-11-07 06:25 - 2014-11-07 06:25 - 01706939 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (2).exe
2014-11-06 18:40 - 2014-11-06 18:40 - 00000000 ____D () C:\Users\Mom and Dad\Downloads\zip_songs-dc
2014-11-06 17:33 - 2014-11-06 17:33 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (3).zip
2014-11-06 08:28 - 2014-11-06 08:28 - 01706939 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT (1).exe
2014-11-03 09:59 - 2014-11-13 06:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-03 09:59 - 2014-11-03 09:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-03 09:59 - 2014-10-01 11:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-03 09:59 - 2014-10-01 11:20 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-03 09:59 - 2014-10-01 11:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 09:34 - 2014-11-03 09:34 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-11-03 09:34 - 2014-11-03 09:34 - 00000000 ____D () C:\Program Files\Trend Micro
2014-11-03 09:33 - 2014-11-03 09:33 - 01402880 _____ () C:\Users\Mom and Dad\Downloads\HiJackThis.msi
2014-11-03 02:32 - 2014-11-03 02:32 - 00151464 _____ () C:\Windows\Minidump\Mini110314-01.dmp
2014-11-03 01:44 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 01:44 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 01:44 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 01:44 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 01:43 - 2014-11-03 02:30 - 00000000 ___SD () C:\ComboFix
2014-11-03 01:16 - 2014-11-03 01:43 - 00000000 ____D () C:\Qoobox
2014-11-03 01:15 - 2014-11-03 01:15 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 01:14 - 2014-11-03 01:43 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-03 00:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-02 23:03 - 2014-11-02 23:03 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-02 23:03 - 2014-11-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-01 08:42 - 2014-11-01 09:28 - 00000000 ___HD () C:\Users\Public\Temp
2014-11-01 08:38 - 2014-11-02 17:47 - 00000000 ____D () C:\ProgramData\BvUdJaLWJ
2014-10-29 19:25 - 2014-10-29 19:25 - 00208888 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2014-10-28 18:28 - 2014-10-28 18:42 - 336045961 _____ () C:\Users\Mom and Dad\Downloads\Jaxon & Emerson.zip
2014-10-28 17:57 - 2014-10-28 17:57 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (2).zip
2014-10-28 17:56 - 2014-10-28 17:56 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics (1).zip
2014-10-28 17:47 - 2014-10-28 17:47 - 04186295 _____ () C:\Users\Mom and Dad\Downloads\Glorious MP3 and Lyrics.zip
2014-10-26 04:57 - 2014-11-13 07:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff11c6e9255c0.job
2014-10-23 09:31 - 2012-11-17 09:07 - 00098816 _____ () C:\Users\Mom and Dad\Registration Coupon.pub
2014-10-23 09:31 - 2012-11-17 09:07 - 00000352 _____ () C:\Users\Mom and Dad\Registration Coupon.LNK
2014-10-22 21:17 - 2014-10-22 21:17 - 00017779 _____ () C:\Users\Mom and Dad\Downloads\HalloweenSMEpitaphsD&C.odt
2014-10-21 18:02 - 2014-10-21 18:02 - 01848602 _____ () C:\Users\Mom and Dad\Downloads\Lesson-30-D-and-C-22-23-True-Authority.pptx
2014-10-21 17:06 - 2014-10-21 17:06 - 03095247 _____ () C:\Users\Mom and Dad\Downloads\Intro-Basic-Doctrine.pptx
2014-10-21 17:06 - 2014-10-21 17:06 - 03095247 _____ () C:\Users\Mom and Dad\Downloads\Intro-Basic-Doctrine (1).pptx
2014-10-16 14:20 - 2014-10-16 14:20 - 00000000 ____D () C:\Program Files\Roblox
2014-10-15 12:15 - 2014-11-13 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-15 12:15 - 2014-10-15 12:15 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Trusteer
2014-10-15 12:14 - 2014-10-15 12:14 - 00000000 ____D () C:\Program Files\Trusteer
2014-10-15 12:12 - 2014-10-15 12:12 - 00000000 ____D () C:\ProgramData\Trusteer
2014-10-15 12:06 - 2014-10-15 12:06 - 00436504 _____ (IBM Corp.) C:\Users\Mom and Dad\Downloads\RapportSetup.exe
2014-10-15 02:21 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:21 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:21 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 02:04 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-14 14:51 - 2014-10-14 14:51 - 00000000 ____D () C:\Users\Mom and Dad\Downloads\Autoruns
2014-10-14 14:49 - 2014-10-14 14:49 - 00511633 _____ () C:\Users\Mom and Dad\Downloads\Autoruns.zip
2014-10-14 14:43 - 2014-10-14 14:43 - 01705698 _____ (Thisisu) C:\Users\Mom and Dad\Downloads\JRT.exe
2014-10-14 13:11 - 2014-10-14 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-10-14 12:24 - 2014-11-10 09:19 - 00000000 ____D () C:\AdwCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 07:02 - 2013-12-11 00:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef64a608f35b0.job
2014-11-13 06:40 - 2011-10-07 22:14 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\LogMeIn Hamachi
2014-11-13 06:37 - 2006-11-02 02:33 - 00776158 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 06:36 - 2014-07-17 15:19 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-13 06:36 - 2009-12-21 18:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 06:36 - 2008-01-16 05:28 - 01444876 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 06:33 - 2012-12-04 21:47 - 00034765 _____ () C:\Windows\setupact.log
2014-11-13 06:30 - 2013-02-28 16:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 05:27 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 05:27 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 03:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 03:51 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:31 - 2014-01-21 16:56 - 00000883 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-13 03:31 - 2014-01-21 16:56 - 00000867 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-13 03:27 - 2010-03-27 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-13 03:27 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 03:25 - 2006-11-02 04:47 - 00903008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:23 - 2012-07-01 20:48 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-13 03:23 - 2008-01-16 05:40 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-13 03:23 - 2006-11-02 05:01 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 02:00 - 2008-01-30 19:05 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Adobe
2014-11-12 11:34 - 2009-03-26 23:08 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-11-12 04:30 - 2013-02-28 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 04:30 - 2011-10-02 16:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 03:51 - 2014-01-27 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-12 03:51 - 2014-01-27 22:47 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-11-12 03:34 - 2014-07-17 15:20 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-12 03:12 - 2013-08-14 02:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2006-11-02 02:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 19:09 - 2008-01-27 16:02 - 00000000 ____D () C:\Users\Mom and Dad
2014-11-11 13:26 - 2010-09-20 14:39 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\CrashDumps
2014-11-10 09:22 - 2008-01-16 06:01 - 02209136 _____ () C:\Windows\PFRO.log
2014-11-03 19:00 - 2012-07-01 20:48 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-03 18:59 - 2012-07-01 20:49 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-03 18:59 - 2012-07-01 20:49 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-03 18:59 - 2012-07-01 20:49 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-03 02:32 - 2008-09-23 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-11-03 02:31 - 2013-11-30 15:39 - 414477246 _____ () C:\Windows\MEMORY.DMP
2014-11-03 01:46 - 2006-11-02 03:18 - 00000000 ___RD () C:\Users\Public
2014-11-03 01:45 - 2008-10-03 06:00 - 00000000 ____D () C:\Users\Jaxon's Account.TheBigMachine
2014-11-03 01:45 - 2008-06-21 07:16 - 00000000 ____D () C:\Users\Jaxon's Account
2014-11-03 01:40 - 2013-07-30 21:43 - 00000000 ____D () C:\Program Files\McAfee
2014-11-03 01:23 - 2014-03-10 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-02 22:24 - 2013-09-19 14:11 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Roaming\JAM Software
2014-11-02 22:22 - 2008-01-27 16:03 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Google
2014-11-02 22:22 - 2008-01-16 05:55 - 00000000 ____D () C:\Program Files\Google
2014-11-02 17:54 - 2006-11-02 02:22 - 64487424 _____ () C:\Windows\system32\config\software_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 47448064 _____ () C:\Windows\system32\config\system_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 47185920 _____ () C:\Windows\system32\config\components_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 05505024 _____ () C:\Windows\system32\config\default_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-02 17:54 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-11-02 17:53 - 2013-01-29 23:09 - 00000000 ____D () C:\Users\HarveyAdmin
2014-11-02 17:53 - 2011-03-03 08:43 - 00000000 ____D () C:\Users\Aydan
2014-11-02 17:52 - 2014-02-28 23:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-02 17:52 - 2008-04-19 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-02 17:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-02 17:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-11-02 17:47 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-02 16:29 - 2012-06-24 15:00 - 00001356 _____ () C:\Users\Mom and Dad\AppData\Local\d3d9caps.dat
2014-10-28 06:35 - 2009-10-02 21:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 17:47 - 2008-04-19 17:47 - 00000000 ____D () C:\Users\Mom and Dad\AppData\Local\Deployment
2014-10-20 08:32 - 2008-01-27 16:06 - 00200704 _____ () C:\Users\Mom and Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-18 12:55 - 2012-07-01 20:49 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.001.bak
2014-10-16 14:19 - 2009-11-27 20:55 - 00000000 ____D () C:\Program Files\Project64 1.6
2014-10-16 14:16 - 2008-10-11 21:09 - 00000000 ____D () C:\Program Files\NCSoft
2014-10-16 14:16 - 2008-01-16 05:43 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-15 02:44 - 2012-10-21 08:31 - 00000482 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-10-14 12:11 - 2014-07-17 15:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
 
Files to move or delete:
====================
C:\Users\Mom and Dad\jagex_cl_runescape_LIVE.dat
C:\Users\Mom and Dad\jagex_cl_runescape_LIVE1.dat
C:\Users\Mom and Dad\jagex_runescape_preferences.dat
C:\Users\Mom and Dad\jagex_runescape_preferences2.dat
C:\Users\Mom and Dad\jagex__preferences3.dat
C:\Users\Mom and Dad\jobq.dat
C:\Users\Mom and Dad\PhotoshopElements_9_LS15.exe
C:\Users\Mom and Dad\PremiereElements_9_LS15.exe
 
 
Some content of TEMP:
====================
C:\Users\Mom and Dad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mom and Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Mom and Dad\AppData\Local\Temp\rtdrvmon.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-13 04:03
 
==================== End Of Log ============================
 
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mom and Dad [Administrator]
Mode : Delete -- Date : 11/13/2014  07:39:00
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 17 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WinUpdater : 
 
C:\Users\Mom and Dad\AppData\Roaming\Puush.exe [-] -> Deleted
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_FEED\Microsoft\Windows NT\CurrentVersion\Winlogon | 
 
Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32
 
\drivers\afd.sys) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 
 
192.168.1.254 75.153.176.1 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1EF45F08
 
-69C0-4A90-B2BD-3BEDE988753D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not 
 
selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A334A87
 
-75AE-4E2F-9867-ABDDDE10802B} | DhcpNameServer : 192.168.1.254 75.153.176.1 [UNITED STATES (US)]  -> 
 
Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1EF45F08-
 
69C0-4A90-B2BD-3BEDE988753D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2A334A87-
 
75AE-4E2F-9867-ABDDDE10802B} | DhcpNameServer : 192.168.1.254 75.153.176.1 [UNITED STATES (US)]  -> 
 
Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1EF45F08-
 
69C0-4A90-B2BD-3BEDE988753D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2A334A87-
 
75AE-4E2F-9867-ABDDDE10802B} | DhcpNameServer : 192.168.1.254 75.153.176.1 [UNITED STATES (US)]  -> 
 
Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1EF45F08-
 
69C0-4A90-B2BD-3BEDE988753D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2A334A87-
 
75AE-4E2F-9867-ABDDDE10802B} | DhcpNameServer : 192.168.1.254 75.153.176.1 [UNITED STATES (US)]  -> 
 
Not selected
[PUM.DesktopIcons] 
 
HKEY_LOCAL_MACHINE\RK_Software_ON_D_FEED\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\N
 
ewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] 
 
HKEY_LOCAL_MACHINE\RK_Software_ON_D_FEED\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\N
 
ewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel 
 
| {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel 
 
| {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 
 
(\SystemRoot\system32\DRIVERS\fdc.sys)
[IAT:Addr] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 
 
0x5bfdf3fb
 
¤¤¤ Web browsers : 3 ¤¤¤
[IE:Addon] System : &Windows Live Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] -> Deleted
[IE:Addon] System : McAfee SafeKey [{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}] -> Deleted
[IE:Addon] System : Adobe Acrobat Create PDF Toolbar [{47833539-D0C5-4125-9FA8-0819E2EAAC93}] -> 
 
Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 7cf6c7dcd263e22dd97c20e5d290c88e
[BSP] e3b7d0e3c38c47332f7c231c3f0411d7 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD501LJ ATA Device +++++
--- User ---
[MBR] b4520aa8326af51ebca89cec1a8669c2
[BSP] 6509d1c70c3d4c1ad72b89fdb37ec824 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 466644 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_11132014_073607.log


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 13 November 2014 - 01:20 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [Not Found]
S3 NPF; system32\drivers\NPF.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

How is the computer running now?

#11 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 14 November 2014 - 09:35 AM

Here are the logs:

 

Eset:

 

C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe_old.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe_old.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe_old.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mom and Dad\AppData\Local\torch\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mom and Dad\AppData\Local\torch\Uninstall.exe.vir a variant of Win32/TorchMedia potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mom and Dad\AppData\Roaming\OpenCandy\28617C8AEF6347CA95524D6EEE6D61E1\speedupmypcCA.exe.vir Win32/SpeedUpMyPC.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mom and Dad\AppData\Roaming\OpenCandy\DB47D95C426B49BA8AC4302A12E0D4A4\search_protect_global.exe.vir Win32/Installium.A potentially unwanted application
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Users\Mom and Dad\AppData\Local\nsuCFD2.tmp Win32/AnyProtect.F potentially unwanted application
C:\Users\Mom and Dad\AppData\Roaming\Puush.exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Desktop\conduitinstaller.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Mom and Dad\Desktop\conduitinstaller[1].exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Mom and Dad\Downloads\carly_rae_jepsen_feat._josh_ramsay_-_sour_candy_(radio_edit)_downloader.exe a variant of Win32/InstallCore.AF potentially unwanted application
C:\Users\Mom and Dad\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe application
C:\Users\Mom and Dad\Downloads\GamesSetup.exe Win32/Toolbar.Crawler.A potentially unwanted application
C:\Users\Mom and Dad\Downloads\GraboidVideoSetup-3.11.exe Win32/Graboid potentially unsafe application
C:\Users\Mom and Dad\Downloads\sour candy.exe a variant of Win32/InstallCore.AF potentially unwanted application
C:\Users\Mom and Dad\Downloads\WiseConvert (1).exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Mom and Dad\Downloads\WiseConvert.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Mom and Dad\Downloads\WoodyCraft Admin Tool (1).exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Downloads\WoodyCraft Admin Tool (2).exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Downloads\WoodyCraft Admin Tool (3).exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Downloads\WoodyCraft Admin Tool (4).exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Downloads\WoodyCraft Admin Tool.exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Users\Mom and Dad\Pictures\10_A_Whole_New_World_downloader.exe Win32/Adware.MediaFinder application
C:\Windows\Installer\MSI8ED7.tmp a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEUS32BM\mytrafficexport01_info[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEUS32BM\mytrafficexport01_info[2].htm HTML/ScrInject.B.Gen virus
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-11-2014
Ran by Mom and Dad at 2014-11-13 10:35:04 Run:2
Running from C:\Users\Mom and Dad\Desktop\Malware Removal Tools
Loaded Profile: Mom and Dad (Available profiles: Mom and Dad & LogMeInRemoteUser & UpdatusUser & HarveyAdmin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} [Not Found]
S3 NPF; system32\drivers\NPF.sys [X]
 
End
*****************
 
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi => not found.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\firefox@togglemark.net.xpi => not found.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\faststartff@gmail.com => not found.
C:\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ani0tgrc.default\extensions\{9fdeb714-ffc9-0343-f2ee-9cc170836ee4} => not found.
NPF => Service deleted successfully.
 
==== End of Fixlog ====


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 14 November 2014 - 10:31 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#13 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 14 November 2014 - 05:24 PM

I have tried multiple times on both sites but can not download.  I will try again later tonight when traffic is lighter.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 15 November 2014 - 09:26 AM

Any error message?

Keep me posted.

#15 bryan.harvey4

bryan.harvey4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 15 November 2014 - 11:08 AM

both sites give me "failed - error downloading".  Tried multiple times throughout the day/evening/morning






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users