Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirius Win 7 Antivirius Rogue.FakeRean-Braviax


  • This topic is locked This topic is locked
32 replies to this topic

#1 rarco

rarco

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 14 November 2014 - 05:27 PM

I originally read your Win 7 Antivirus removal guide and followed the instructions. I noticed your team posted a very similar 'how to' removal guide for the Sirius issue, which I believe is what effected my laptop (used the Win 7 removal guide).  I ran though the whole thing (safe mode, RKill, Malwarebytes/mbam, reinstall of the Windows 7 Wscsvc file and Windows 7 WinDefend File).  I am having issues with constant attacks now being caught by Malwarebytes (valid programs or not I don't know??)

 

Had issues with IE explorer (wasn't allowing me to download any file/program).  Appeared as though the setting in internet options/security/custom level was being switched to 'disable file download'.  Had to start using Chrome and its working better.

 

With Malwarebytes Anti-Malware running, its now showing attacks (malicious website blocked) every 30-60 seconds.  I had to disable the notifications in order to use my laptop.

 

some examples are

 

Processes:

C:\windows\sysWOW64\dllhost.exe

C:\windows\sysWOW64\ctfmon.exe

 

Domains:

ads.find-all-you-want.com

fff5ee.com

'just blank' (nothing in the domain section).

 

Please help get me back on track.  Also my track pad is no longer allows me to scroll down with a '2 finger' swipe..  Any help on any or all of these issues would be greatly appreciated. 

 

Warm Regards,

Adam

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Adam at 16:20:48 on 2014-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.3751 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\napstat.exe
C:\Windows\syswow64\msfeedssync.exe
C:\Windows\syswow64\msfeedssync.exe
C:\Windows\syswow64\dplaysvr.exe
C:\Windows\syswow64\dvdupgrd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{07298E24-80AA-43C0-9979-56DC6D4BCBD8} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{21BE1909-D9E9-49C8-B576-3B3594B2637D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\14454563437343 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\14454563437343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\2375942554435383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\2375942554734383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\35072796E6768696C6C6F57455543545 : DHCPNameServer = 172.20.1.1
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\35072796E6768696C6C6F5C4F4242495 : DHCPNameServer = 172.20.16.1
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\75F4751273838363 : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\D4F62696C6560284F6473707F6470253133363 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{5C9F9FD4-1CB2-422D-BAEE-2B43862304F7} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{82517D6B-B620-4828-B7C7-57F7224D8BFB} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{82517D6B-B620-4828-B7C7-57F7224D8BFB} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8C68EF55-7874-4600-8C3C-4A4DF1CEB978} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{8FCDB50F-5398-4328-B7E8-46F8D4AE3371} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{AB725A80-E74E-45AF-B62A-CF26E9CEF08B} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E1355EFA-792D-4A24-853E-E7DE98723BFC} : NameServer = 8.8.8.8,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
x64-mASetup: {F38AE057-F53E-49F9-95DD-56D9AAD41883} - msiexec /fu {F38AE057-F53E-49F9-95DD-56D9AAD41883} /qn
Hosts: 85.25.107.65 www.google-analytics.com.
Hosts: 85.25.107.65 google-analytics.com.
Hosts: 85.25.107.65 connect.facebook.net.
Hosts: 192.99.206.112 www.google-analytics.com.
Hosts: 192.99.206.112 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-7 89600]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-1-10 148480]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-8-4 87368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-7 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-7 2375168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-9-6 93696]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-11 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-11 968504]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-5 61913952]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-1-3 5632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-7 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-8-30 1050016]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-6-27 585728]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-9-6 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-11 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-7 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-7 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-14 201304]
S2 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-7 133672]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-3-7 620072]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-3-7 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-7 39976]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-28 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-12 328928]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-5 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-5 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-12 19:39:51 -------- d-----w- C:\Program Files\McAfee.com
2014-11-11 18:17:42 -------- d--h--w- C:\9f2936a
2014-11-11 17:12:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 17:10:04 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 17:10:04 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 17:10:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 17:10:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-11 17:10:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 17:09:27 -------- d-----w- C:\Users\Adam\AppData\Local\Programs
2014-11-11 15:47:23 -------- d-----w- C:\ProgramData\AipwErepo
2014-11-11 15:47:21 -------- d-----w- C:\ProgramData\KesnOvam
2014-11-10 19:54:48 -------- d-----w- C:\Users\Adam\AppData\Roaming\FrameworkUpdate7
2014-11-10 19:54:47 -------- d-----w- C:\Users\Adam\AppData\Local\Ukmedia
2014-11-07 13:28:09 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE86ABCC-CA7F-4D56-A6B6-9B77B7E03A6F}\mpengine.dll
2014-11-06 17:58:42 -------- d-----r- C:\Users\Adam\Google Drive
2014-11-06 17:39:17 -------- d-----r- C:\Users\Adam\Dropbox
2014-11-06 17:36:59 -------- d-----w- C:\Users\Adam\AppData\Roaming\Dropbox
2014-10-16 12:40:20 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 12:40:19 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 12:40:07 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 12:40:07 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
==================== Find3M  ====================
.
2014-11-12 16:50:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 16:50:51 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-28 10:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 16:21:59.06 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 20 November 2014 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556167 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rarco

rarco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 November 2014 - 03:58 PM

I am using an HP Pavilion dm4 laptop with Windows 7 service pack 1 (64 bit system).

 

The only change in computer performance since I originally posted is now websites take substantially longer to load.

 

What's listed below in my original post is everything I have done.  Since that time Malwarebytes Anti-Malware has run multiple scans and quarantined 30-40 'Trojans'. 

 

Not currently running any anti-virus software.  My ISP recommends McAfee (I will try to activate after posting this log). I do not believe I have the original Windows CD/DVD (I have the box from the computer but no CD/DVD).

 

DDS log below..

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Adam at 15:50:36 on 2014-11-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.4804 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{07298E24-80AA-43C0-9979-56DC6D4BCBD8} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{21BE1909-D9E9-49C8-B576-3B3594B2637D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\14454563437343 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\14454563437343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\2375942554435383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\2375942554734383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\35072796E6768696C6C6F57455543545 : DHCPNameServer = 172.20.1.1
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\35072796E6768696C6C6F5C4F4242495 : DHCPNameServer = 172.20.16.1
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\75F4751273838363 : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}\D4F62696C6560284F6473707F6470253133363 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{5C9F9FD4-1CB2-422D-BAEE-2B43862304F7} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{82517D6B-B620-4828-B7C7-57F7224D8BFB} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{82517D6B-B620-4828-B7C7-57F7224D8BFB} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8C68EF55-7874-4600-8C3C-4A4DF1CEB978} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{8FCDB50F-5398-4328-B7E8-46F8D4AE3371} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{AB725A80-E74E-45AF-B62A-CF26E9CEF08B} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E1355EFA-792D-4A24-853E-E7DE98723BFC} : NameServer = 8.8.8.8,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
x64-mASetup: {F38AE057-F53E-49F9-95DD-56D9AAD41883} - msiexec /fu {F38AE057-F53E-49F9-95DD-56D9AAD41883} /qn
Hosts: 85.25.107.65 www.google-analytics.com.
Hosts: 85.25.107.65 google-analytics.com.
Hosts: 85.25.107.65 connect.facebook.net.
Hosts: 192.99.206.112 www.google-analytics.com.
Hosts: 192.99.206.112 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-7 89600]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-1-10 148480]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-8-4 87368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-7 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-7 2375168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-9-6 93696]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-11 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-11 968504]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-5 61913952]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-1-3 5632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-7 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-8-30 1050016]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-6-27 585728]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-9-6 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-11 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-7 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-7 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-14 201304]
S2 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-7 133672]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-3-7 620072]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-3-7 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-7 39976]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-28 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-12 328928]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-5 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-5 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-12 19:39:51 -------- d-----w- C:\Program Files\McAfee.com
2014-11-11 18:17:42 -------- d--h--w- C:\9f2936a
2014-11-11 17:12:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 17:10:04 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 17:10:04 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 17:10:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 17:10:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-11 17:10:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 17:09:27 -------- d-----w- C:\Users\Adam\AppData\Local\Programs
2014-11-11 15:47:23 -------- d-----w- C:\ProgramData\AipwErepo
2014-11-11 15:47:21 -------- d-----w- C:\ProgramData\KesnOvam
2014-11-10 19:54:48 -------- d-----w- C:\Users\Adam\AppData\Roaming\FrameworkUpdate7
2014-11-10 19:54:47 -------- d-----w- C:\Users\Adam\AppData\Local\Ukmedia
2014-11-07 13:28:09 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE86ABCC-CA7F-4D56-A6B6-9B77B7E03A6F}\mpengine.dll
2014-11-06 17:58:42 -------- d-----r- C:\Users\Adam\Google Drive
2014-11-06 17:39:17 -------- d-----r- C:\Users\Adam\Dropbox
2014-11-06 17:36:59 -------- d-----w- C:\Users\Adam\AppData\Roaming\Dropbox
.
==================== Find3M  ====================
.
2014-11-12 16:50:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 16:50:51 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 15:52:23.37 ===============
 

 

 

 

 

 

Attached Files



#4 rarco

rarco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 November 2014 - 06:51 PM

A few other updates I've noticed since my response earlier this afternoon.

 

- I can't successfully install McAfee

- Getting a notice that Powershell has stopped working

- Now I notice Decrypt _Instructions (looks like a Google chrome icon) has now encrypted my desktop files (CryptoWall???)

 

Please help...

 

Thanks!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:02 PM

Posted 21 November 2014 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #6 rarco

    rarco
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:09:02 PM

    Posted 21 November 2014 - 12:09 PM

    Computer is still running about the same.  Malwarebytes is blocking (outbound) sites every 10-30 seconds.

     

    Below is the info you requested:

     

    # AdwCleaner v4.101 - Report created 21/11/2014 at 11:43:29
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Adam - ADAM-HP
    # Running from : C:\Users\Adam\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\Program Files (x86)\ParetoLogic
    Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
    Folder Deleted : C:\Users\Adam\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Adam\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : paretologic registration3
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17420
     
     
    -\\ Google Chrome v38.0.2125.111
     
     
    *************************
     
    AdwCleaner[R0].txt - [2914 octets] - [21/11/2014 10:05:12]
    AdwCleaner[R1].txt - [2974 octets] - [21/11/2014 10:33:13]
    AdwCleaner[R2].txt - [3034 octets] - [21/11/2014 11:32:46]
    AdwCleaner[R3].txt - [2800 octets] - [21/11/2014 11:40:06]
    AdwCleaner[S0].txt - [2351 octets] - [21/11/2014 11:43:29]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2411 octets] ##########
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
    Ran by Adam (administrator) on ADAM-HP on 21-11-2014 11:50:14
    Running from C:\Users\Adam\Downloads
    Loaded Profile: Adam (Available profiles: Adam)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Two Pilots) C:\Windows\VPDAgent_x64.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Farbar) C:\Users\Adam\Downloads\FRST64 (1).exe
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-15] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-06-27] (Research In Motion Limited)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [ucilluo] => rundll32 "C:\Users\Adam\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [GehuRagqa] => regsvr32.exe "C:\ProgramData\GehuRagqa\GehuRagqa.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [PofuTyux] => regsvr32.exe "C:\ProgramData\PofuTyux\PofuTyux.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: G - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {1efade4b-0f6d-11e3-9ba5-7ce9d3c2eec4} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {1efade7b-0f6d-11e3-9ba5-7ce9d3c2eec4} - H:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {9abf511d-9eea-11e3-8374-101f746ac135} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {a40ec7f2-b49d-11e3-aab9-101f746ac135} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {b161097d-3a2c-11e4-970e-7ce9d3c2eec4} - I:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\MountPoints2: {b16109a3-3a2c-11e4-970e-7ce9d3c2eec4} - I:\TL-Bootstrap.exe
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> {CF501DE6-1BF0-42BB-89DD-27A56386D13B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> {E43D83E4-AF82-4B83-91CC-A67C723884E1} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20120407&p={SearchTerms}
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    Toolbar: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{07298E24-80AA-43C0-9979-56DC6D4BCBD8}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{21BE1909-D9E9-49C8-B576-3B3594B2637D}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{3C0B1B18-19E2-485E-B389-26F8260BE979}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{5C9F9FD4-1CB2-422D-BAEE-2B43862304F7}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{82517D6B-B620-4828-B7C7-57F7224D8BFB}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{8C68EF55-7874-4600-8C3C-4A4DF1CEB978}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{8FCDB50F-5398-4328-B7E8-46F8D4AE3371}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{AB725A80-E74E-45AF-B62A-CF26E9CEF08B}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{E1355EFA-792D-4A24-853E-E7DE98723BFC}: [NameServer] 8.8.8.8,8.8.8.8
     
    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-855291171-2823707313-3731299435-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Adam\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR DefaultSuggestURL: Default -> 
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\Adam\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-01]
    CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]
    CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]
    CHR Extension: (Website Logon) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2013-04-01]
    CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
    CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-12-04] (Two Pilots) [File not signed]
    R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited) [File not signed]
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
    R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-06] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S4 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [61913952 2010-05-05] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
    R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2014-01-03] (The Neat Company) [File not signed]
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
    S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [428384 2010-05-05] (Microsoft Corporation)
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
    S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-08-24] (Broadcom Corporation.)
    S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-24] (Broadcom Corporation.)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-06] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-21 11:50 - 2014-11-21 11:50 - 00030155 _____ () C:\Users\Adam\Downloads\FRST.txt
    2014-11-21 11:49 - 2014-11-21 11:50 - 00000000 ____D () C:\FRST
    2014-11-21 11:48 - 2014-11-21 11:48 - 02117632 _____ (Farbar) C:\Users\Adam\Downloads\FRST64 (1).exe
    2014-11-21 11:48 - 2014-11-21 11:48 - 00002519 _____ () C:\Users\Adam\Desktop\AdwCleaner1[S0].txt
    2014-11-21 11:46 - 2014-11-21 11:46 - 00002519 _____ () C:\Users\Adam\Desktop\AdwCleaner[S0].txt
    2014-11-21 11:39 - 2014-11-21 11:39 - 02140160 _____ () C:\Users\Adam\Downloads\AdwCleaner.exe
    2014-11-21 11:38 - 2014-11-21 11:38 - 02117632 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe
    2014-11-21 10:05 - 2014-11-21 11:43 - 00000000 ____D () C:\AdwCleaner
    2014-11-21 10:01 - 2014-11-21 10:03 - 02140160 _____ () C:\Users\Adam\Downloads\adwcleaner_4.101.exe
    2014-11-20 20:25 - 2014-11-21 09:56 - 00000867 _____ () C:\Users\Adam\Downloads\Stinger_20112014_202540.html
    2014-11-20 20:22 - 2014-11-20 20:25 - 00000864 _____ () C:\Users\Adam\Downloads\Stinger_20112014_202213.html
    2014-11-20 20:14 - 2014-11-20 20:18 - 00000864 _____ () C:\Users\Adam\Downloads\Stinger_20112014_201401.html
    2014-11-20 20:11 - 2014-11-20 20:11 - 00000000 ____D () C:\Quarantine
    2014-11-20 20:08 - 2014-11-20 20:10 - 00000864 _____ () C:\Users\Adam\Downloads\Stinger_20112014_200831.html
    2014-11-20 20:04 - 2014-11-21 09:56 - 00000112 ___RH () C:\Users\Adam\Downloads\Stinger.opt
    2014-11-20 20:01 - 2014-11-20 20:04 - 00000815 _____ () C:\Users\Adam\Downloads\Stinger_20112014_200104.html
    2014-11-20 20:00 - 2014-11-21 09:56 - 00000000 ____D () C:\Program Files (x86)\stinger
    2014-11-20 19:59 - 2014-11-20 20:00 - 11089264 _____ (McAfee Inc) C:\Users\Adam\Downloads\stinger32.exe
    2014-11-20 19:50 - 2014-11-20 19:50 - 00541592 _____ (McAfee, Inc.) C:\Users\Adam\Downloads\MVTInstaller (2).exe
    2014-11-20 19:27 - 2014-11-20 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-11-20 19:27 - 2014-11-20 19:27 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\McAfee
    2014-11-20 19:26 - 2014-11-20 19:26 - 00541592 _____ (McAfee, Inc.) C:\Users\Adam\Downloads\MVTInstaller (1).exe
    2014-11-20 19:09 - 2014-11-20 20:10 - 00000072 _____ () C:\Users\Adam\Desktop\McAfee SN.txt
    2014-11-20 19:09 - 2014-11-20 19:10 - 05160608 _____ (McAfee, Inc.) C:\Users\Adam\Desktop\McAfeeSetup-Serial.exe
    2014-11-20 19:01 - 2014-11-20 19:01 - 00000000 __SHD () C:\Users\Adam\AppData\Local\EmieBrowserModeList
    2014-11-20 17:10 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-20 17:10 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-20 17:10 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-20 17:09 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-20 17:09 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-20 17:09 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-20 17:09 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-20 17:09 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-20 17:09 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-20 17:09 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-20 17:09 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-20 17:09 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-20 17:09 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-20 17:09 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-20 17:09 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-20 17:09 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-20 17:09 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-20 17:09 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-20 17:09 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-20 17:09 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-20 17:09 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-20 17:09 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-20 17:09 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-20 17:09 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-20 17:09 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-20 17:09 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-20 17:09 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-20 17:09 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-20 17:09 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-20 17:09 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-20 17:09 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-20 17:09 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-20 17:09 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-20 17:09 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-20 17:09 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-20 17:09 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-20 17:09 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-20 17:09 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-20 17:09 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-20 17:09 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-20 17:09 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-20 17:09 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-20 17:09 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-20 17:09 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-20 17:09 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-20 17:09 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-20 17:09 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-20 17:09 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-20 17:09 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-20 17:09 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-20 17:09 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-20 17:09 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-20 17:09 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-20 17:09 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-20 17:09 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-20 17:09 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-20 16:38 - 2014-11-20 16:38 - 00541592 _____ (McAfee, Inc.) C:\Users\Adam\Downloads\MVTInstaller.exe
    2014-11-20 16:31 - 2014-11-20 16:37 - 00000000 ____D () C:\Users\Adam\Desktop\corrupt desktop files
    2014-11-20 16:24 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-20 16:24 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-20 16:24 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-20 16:24 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-20 16:24 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-20 16:24 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-20 16:24 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-20 16:24 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-20 16:22 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-20 16:22 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-20 16:16 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-20 16:16 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-20 16:16 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-20 16:16 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-20 16:16 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-20 16:16 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-20 16:16 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-20 16:16 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-20 16:16 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-20 16:16 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-20 16:16 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-20 16:16 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-20 16:16 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-20 16:16 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-20 16:16 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-20 16:16 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-20 16:16 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-20 16:16 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-20 16:16 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-20 16:16 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-20 16:16 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-20 16:16 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-20 16:16 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-20 16:16 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-20 16:16 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-20 16:16 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-20 16:16 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-20 16:16 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-20 16:16 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-20 16:02 - 2014-11-20 19:41 - 00000000 ____D () C:\Program Files\stinger
    2014-11-20 15:47 - 2014-11-20 15:47 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds (2).com
    2014-11-18 08:54 - 2014-11-18 08:54 - 00749536 _____ () C:\Windows\Minidump\111814-22510-01.dmp
    2014-11-14 16:17 - 2014-11-14 16:18 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds (1).com
    2014-11-14 16:16 - 2014-11-14 16:17 - 00688992 _____ (Swearware) C:\Users\Adam\Downloads\dds.com
    2014-11-14 12:22 - 2014-11-14 12:22 - 00001127 _____ () C:\Users\Adam\Desktop\Personal - Shortcut.lnk
    2014-11-14 12:21 - 2014-11-14 12:21 - 00001172 _____ () C:\Users\Adam\Desktop\Customer info - Shortcut.lnk
    2014-11-13 10:22 - 2014-11-20 16:16 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EC068978-F444-4F6F-96DD-D2169E1C3262}
    2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\McAfee.com
    2014-11-12 13:56 - 2014-11-12 13:56 - 29720784 _____ (Microsoft Corporation) C:\Users\Adam\Downloads\IE11-Windows6.1-x86-en-us (1).exe
    2014-11-12 12:02 - 2014-11-12 12:08 - 29720784 _____ (Microsoft Corporation) C:\Users\Adam\Downloads\IE11-Windows6.1-x86-en-us.exe
    2014-11-12 12:01 - 2014-11-12 12:01 - 02077392 _____ (Microsoft Corporation) C:\Users\Adam\Downloads\IE11-Windows6.1.exe
    2014-11-11 13:27 - 2014-11-11 13:27 - 00008538 _____ () C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    2014-11-11 13:27 - 2014-11-11 13:27 - 00008538 _____ () C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.HTML
    2014-11-11 13:27 - 2014-11-11 13:27 - 00004212 _____ () C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    2014-11-11 13:27 - 2014-11-11 13:27 - 00004212 _____ () C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.TXT
    2014-11-11 13:27 - 2014-11-11 13:27 - 00000268 _____ () C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.URL
    2014-11-11 13:27 - 2014-11-11 13:27 - 00000268 _____ () C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.URL
    2014-11-11 13:26 - 2014-11-11 13:26 - 00008538 _____ () C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.HTML
    2014-11-11 13:26 - 2014-11-11 13:26 - 00004212 _____ () C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.TXT
    2014-11-11 13:26 - 2014-11-11 13:26 - 00000268 _____ () C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.URL
    2014-11-11 13:17 - 2014-11-20 12:00 - 00000000 ___HD () C:\9f2936a
    2014-11-11 12:12 - 2014-11-21 11:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-11 12:10 - 2014-11-11 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-11 12:10 - 2014-11-11 12:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-11 12:10 - 2014-11-11 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-11 12:10 - 2014-10-01 11:20 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-11 12:10 - 2014-10-01 11:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-11 12:10 - 2014-10-01 11:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-11 10:47 - 2014-11-11 13:35 - 00000000 ____D () C:\ProgramData\KesnOvam
    2014-11-11 10:47 - 2014-11-11 13:33 - 00000000 ____D () C:\ProgramData\AipwErepo
    2014-11-11 10:47 - 2014-11-11 10:47 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2014-11-11 07:09 - 2014-11-11 07:13 - 00031793 _____ () C:\Users\Adam\AppData\Roaming\893686b8
    2014-11-11 07:09 - 2014-11-11 07:13 - 00029177 _____ () C:\Users\Adam\AppData\Local\893686b8
    2014-11-11 07:09 - 2014-11-11 07:13 - 00028291 _____ () C:\ProgramData\893686b8
    2014-11-10 14:56 - 2014-11-11 10:48 - 00000408 _____ () C:\ProgramData\@system.temp
    2014-11-10 14:56 - 2014-11-11 10:48 - 00000144 ____H () C:\ProgramData\@system3.att
    2014-11-10 14:55 - 2014-11-10 14:55 - 00000448 ____H () C:\Users\Adam\AppData\Roaming\麽鎒駓覜
    2014-11-10 14:54 - 2014-11-11 13:33 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\FrameworkUpdate7
    2014-11-10 14:54 - 2014-11-11 13:26 - 00000000 ____D () C:\Users\Adam\AppData\Local\Ukmedia
    2014-11-10 14:53 - 2014-11-11 07:09 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-11-06 12:58 - 2014-11-13 11:15 - 00000000 ___RD () C:\Users\Adam\Google Drive
    2014-11-06 12:57 - 2014-11-06 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-11-06 12:39 - 2014-11-14 12:22 - 00000000 ___RD () C:\Users\Adam\Dropbox
    2014-11-06 12:38 - 2014-11-06 12:38 - 00000241 _____ () C:\Windows\wininit.ini
    2014-11-06 12:38 - 2014-11-06 12:38 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-11-06 12:36 - 2014-11-11 13:47 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Dropbox
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-21 11:49 - 2012-03-07 16:45 - 01469500 _____ () C:\Windows\WindowsUpdate.log
    2014-11-21 11:47 - 2012-11-14 08:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-21 11:47 - 2012-04-10 10:27 - 00000000 ____D () C:\Users\Adam\Documents\Outlook Files
    2014-11-21 11:45 - 2013-04-01 13:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 11:45 - 2010-11-20 22:47 - 00736372 _____ () C:\Windows\PFRO.log
    2014-11-21 11:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-21 11:45 - 2009-07-13 23:51 - 00153935 _____ () C:\Windows\setupact.log
    2014-11-21 11:43 - 2009-07-14 00:13 - 00877910 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-21 11:43 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 11:43 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 11:29 - 2014-02-18 12:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2cd0626bef27.job
    2014-11-20 20:06 - 2012-04-07 21:02 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-11-20 19:51 - 2012-05-30 07:58 - 00000000 ____D () C:\Users\Adam\AppData\Local\CrashDumps
    2014-11-20 18:23 - 2012-04-07 20:10 - 00086936 _____ () C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-20 18:18 - 2009-07-13 23:45 - 00343632 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-20 18:16 - 2014-05-06 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-20 17:27 - 2012-04-10 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-20 17:23 - 2013-07-14 22:52 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-20 17:20 - 2012-07-22 12:43 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-20 12:12 - 2012-04-26 08:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-11-20 12:12 - 2012-04-11 19:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-11-18 11:10 - 2014-07-09 21:35 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAdam
    2014-11-18 11:10 - 2014-07-09 21:35 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForAdam.job
    2014-11-18 08:54 - 2012-11-15 16:21 - 00000000 ____D () C:\Windows\Minidump
    2014-11-18 08:54 - 2012-11-15 16:20 - 782703119 _____ () C:\Windows\MEMORY.DMP
    2014-11-17 13:51 - 2012-04-11 14:17 - 00000000 ____D () C:\Users\Adam\AppData\Local\Apple Computer
    2014-11-12 16:24 - 2014-02-18 12:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2cd0626bef27
    2014-11-12 16:24 - 2013-04-01 13:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-12 16:23 - 2012-07-11 09:08 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForADAM-HP$
    2014-11-12 16:23 - 2012-07-11 09:08 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForADAM-HP$.job
    2014-11-12 14:41 - 2012-04-07 21:02 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-11-12 14:41 - 2012-04-07 20:54 - 00000000 ____D () C:\ProgramData\McAfee
    2014-11-12 14:39 - 2012-04-07 21:02 - 00000000 ____D () C:\Program Files\McAfee
    2014-11-12 13:55 - 2013-11-27 03:00 - 00009770 _____ () C:\Windows\IE11_main.log
    2014-11-12 11:51 - 2012-11-14 08:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-12 11:50 - 2012-11-14 08:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-12 11:50 - 2012-02-17 22:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-11 14:07 - 2013-12-10 12:46 - 00000000 ____D () C:\Users\Adam\2013
    2014-11-11 14:06 - 2014-08-07 22:29 - 00000000 ____D () C:\Users\Adam\Documents\Garmin
    2014-11-11 14:06 - 2012-04-23 15:38 - 00000000 ____D () C:\Users\Adam\Documents\ACT
    2014-11-11 14:06 - 2012-04-10 15:42 - 00000000 ____D () C:\Users\Adam\Documents\Neat Data
    2014-11-11 13:27 - 2012-09-07 07:42 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Skype
    2014-11-11 13:27 - 2012-04-12 12:43 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Research In Motion
    2014-11-11 13:26 - 2013-08-28 12:59 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\HTC
    2014-11-11 13:26 - 2012-04-12 12:43 - 00000000 ____D () C:\Users\Adam\AppData\Local\Research In Motion
    2014-11-11 13:26 - 2012-04-11 14:17 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Apple Computer
    2014-11-11 13:26 - 2012-04-07 20:16 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Adobe
    2014-11-11 13:25 - 2013-08-28 12:59 - 00000000 ____D () C:\Users\Adam\AppData\Local\HTC MediaHub
    2014-11-11 13:24 - 2012-06-13 09:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\Google
    2014-11-11 13:22 - 2012-04-23 14:47 - 00000000 ____D () C:\ACT_Pro_2012
    2014-11-06 12:58 - 2012-04-07 20:03 - 00000000 ____D () C:\Users\Adam
    2014-11-06 12:57 - 2012-06-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-30 10:04 - 2014-06-27 16:42 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-10-28 08:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
     
    Some content of TEMP:
    ====================
    C:\Users\Adam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp6t1pe.dll
    C:\Users\Adam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_1bugr.dll
    C:\Users\Adam\AppData\Local\Temp\Extract.exe
    C:\Users\Adam\AppData\Local\Temp\G2MInstallerExtractor.exe
    C:\Users\Adam\AppData\Local\Temp\GLF4042.tmp.EXE
    C:\Users\Adam\AppData\Local\Temp\GLF49D2.tmp.EXE
    C:\Users\Adam\AppData\Local\Temp\GLF5AD0.tmp.EXE
    C:\Users\Adam\AppData\Local\Temp\GLF723B.tmp.EXE
    C:\Users\Adam\AppData\Local\Temp\GLF7ED5.tmp.EXE
    C:\Users\Adam\AppData\Local\Temp\mcitinfo_1416531085.exe
    C:\Users\Adam\AppData\Local\Temp\NeatExecAsUser64.exe
    C:\Users\Adam\AppData\Local\Temp\processcheck.exe
    C:\Users\Adam\AppData\Local\Temp\Quarantine.exe
    C:\Users\Adam\AppData\Local\Temp\SetACL.exe
    C:\Users\Adam\AppData\Local\Temp\SP56161.exe
    C:\Users\Adam\AppData\Local\Temp\SP56217.exe
    C:\Users\Adam\AppData\Local\Temp\SP56221.exe
    C:\Users\Adam\AppData\Local\Temp\SP56494.exe
    C:\Users\Adam\AppData\Local\Temp\SP56878.exe
    C:\Users\Adam\AppData\Local\Temp\SP56929.exe
    C:\Users\Adam\AppData\Local\Temp\SP56978.exe
    C:\Users\Adam\AppData\Local\Temp\SP57090.exe
    C:\Users\Adam\AppData\Local\Temp\SP57103.exe
    C:\Users\Adam\AppData\Local\Temp\SP57232.exe
    C:\Users\Adam\AppData\Local\Temp\SP57398.exe
    C:\Users\Adam\AppData\Local\Temp\SP57698.exe
    C:\Users\Adam\AppData\Local\Temp\sp58915.exe
    C:\Users\Adam\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Adam\AppData\Local\Temp\sqlite3.dll
    C:\Users\Adam\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Adam\AppData\Local\Temp\VipOtpProvsetup.exe
    C:\Users\Adam\AppData\Local\Temp\VistaTools64.dll
    C:\Users\Adam\AppData\Local\Temp\_is94E1.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-20 11:51
     
    ==================== End Of Log ============================

     

    Attached Files



    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 39,946 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:02 PM

    Posted 21 November 2014 - 02:28 PM

     
    Run this tool to clean your Temporary files/Folders.
     
    Download TFC to your desktop
    •  
    • Close any open windows.
    • Double click the TFC icon to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted, it should not take long to finish.
    • Once it's finished, click OK to reboot.
    • If it does not reboot, reboot your system manually.
    •  
    ===
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [ucilluo] => rundll32 "C:\Users\Adam\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [GehuRagqa] => regsvr32.exe "C:\ProgramData\GehuRagqa\GehuRagqa.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [PofuTyux] => regsvr32.exe "C:\ProgramData\PofuTyux\PofuTyux.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    Toolbar: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
    S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    C:\Windows\MEMORY.DMP
    C:\Windows\Minidump\111814-22510-01.dmp
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.URL
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.URL
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.URL
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    --RogueKiller--
    •  
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
     
    =======
     
    How is the computer running now?
     
     


    #8 rarco

    rarco
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:09:02 PM

    Posted 21 November 2014 - 05:20 PM

    TFC ran but never finished (waiting approx 30 min).  Tried again with the same result. Continued with your instructions: pasted the code box from your email, ran RogueKiller, and below are the two posts requested).  Internet not not appear to be lagging as much,

     

    Will await your instruction.

     

    Thanks,

    rarco

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
    Ran by Adam at 2014-11-21 16:43:46 Run:1
    Running from C:\Users\Adam\Downloads
    Loaded Profile: Adam (Available profiles: Adam)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKLM Group Policy restriction on
    software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [ucilluo] => rundll32 "C:\Users\Adam\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [GehuRagqa] => regsvr32.exe "C:\ProgramData\GehuRagqa\GehuRagqa.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...\Run: [PofuTyux] => regsvr32.exe "C:\ProgramData\PofuTyux\PofuTyux.dat"
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has
    239 more characters). <==== Poweliks!
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    BHO: McAfee SiteAdvisor BHO ->
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
    Toolbar: HKU\S-1-5-21-855291171-2823707313-3731299435-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files
    (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
    S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys
    [X]
    C:\Windows\MEMORY.DMP
    C:\Windows\Minidump\111814-22510-01.dmp
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.URL
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.URL
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.HTML
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.TXT
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.URL
     
    End
     
    *****************
     
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM Group Policy restriction on => Error: No automatic fix found for this entry.
    software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION => Error: No automatic fix found for this entry.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ucilluo => value deleted successfully.
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GehuRagqa => value deleted successfully.
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PofuTyux => value deleted successfully.
    "HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
    "HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
    239 more characters). <==== Poweliks! => Error: No automatic fix found for this entry.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully.
    "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully.
    "HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: McAfee SiteAdvisor BHO ->" => Key not found.
    "HKCR\CLSID\BHO: McAfee SiteAdvisor BHO ->" => Key not found.
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File => Error: No automatic fix found for this entry.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
    "HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key deleted successfully.
    HKU\S-1-5-21-855291171-2823707313-3731299435-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    "HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files not found.
    (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File => Error: No automatic fix found for this entry.
    Could not move "c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL" => Scheduled to move on reboot.
    c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
    C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    McAPExe => Unable to stop service
    McAPExe => Service deleted successfully.
    SBRE => Service deleted successfully.
    [X] => Error: No automatic fix found for this entry.
    C:\Windows\MEMORY.DMP => Moved successfully.
    C:\Windows\Minidump\111814-22510-01.dmp => Moved successfully.
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
    C:\Users\Adam\AppData\Roaming\DECRYPT_INSTRUCTION.URL => Moved successfully.
    C:\Users\Adam\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
    C:\Users\Adam\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.
     
    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-21 16:46:45)<=
     
    c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => Moved successfully.
     
    ==== End of Fixlog ====
     
     
     
    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
     
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Adam [Administrator]
    Mode : Delete -- Date : 11/21/2014  17:11:32
     
    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] VPDAgent_x64.exe -- C:\Windows\VPDAgent_x64.exe[-] -> Killed [TermProc]
     
    ¤¤¤ Registry : 8 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> Deleted
    [PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Deleted
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
     
    ¤¤¤ Tasks : 0 ¤¤¤
     
    ¤¤¤ Files : 0 ¤¤¤
     
    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
     
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
    --- User ---
    [MBR] 751add5cfeb9a857b6126cba599fe577
    [BSP] ce661af226f1b89a6cc507034bbd0deb : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 588895 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1206466560 | Size: 17321 MB
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
     
    ============================================
    RKreport_SCN_11212014_170659.log - RKreport_DEL_11212014_170742.log - RKreport_DEL_11212014_170758.log - RKreport_DEL_11212014_170800.log
    RKreport_DEL_11212014_170801.log - RKreport_SCN_11212014_171004.log

     



    #9 nasdaq

    nasdaq

    • Malware Response Team
    • 39,946 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:02 PM

    Posted 22 November 2014 - 10:43 AM

    Now that you have cleaned the items that were bad and after a restart of the computer please run the TFC cleaning tool.

     

    Let me know if it finishes the scan.

    ===

     

    Reset Internet Explorer:
    Menu > Tools > Internet Options > General Tab.
    Click the Reset button on the bottom of the pane.
    Click the Apply button.
    Close IE.
     
    ===

     

    Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======


    #10 rarco

    rarco
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:09:02 PM

    Posted 23 November 2014 - 11:54 AM


    TFC continued to run with progress bar going about 1/3 the way and would reset every 1-2 seconds (attached pics).
    TFC icon (upper right) and title pane flickering. 
    Ran for approx 40 min and then I did a force quit.
     
    Reset IE under Advanced Settings
     
    User folder (Adam) is now created on desktop along with My Computer. Has a lock icon on it when viewed in 'C' drive (attached pic).
    Many folders greyed out.  
     
    Recycle Bin (attached pic)
     
    Computer running pretty fast though.
     
    Requested log below:
     

    Results of screen317's Security Check version 0.99.90  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    McAfee Anti-Virus and Anti-Spyware   
     WMI entry may not exist for antivirus; attempting automatic update. 
    `````````Anti-malware/Other Utilities Check:````````` 
     Ad-Aware 
     Adobe Reader 10.1.12 Adobe Reader out of Date!  
     Google Chrome (38.0.2125.111) 
     Google Chrome (39.0.2171.65) 
     Google Chrome (chrome.exe..) 
     Google Chrome (debug.log..) 
     Google Chrome (Dictionaries...) 
     Google Chrome (master_preferences...) 
    ````````Process Check: objlist.exe by Laurent````````  
     Ad-Aware AAWService.exe is disabled! 
     Ad-Aware AAWTray.exe is disabled! 
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 6% 
    ````````````````````End of Log`````````````````````` 

     

    Attached Files



    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 39,946 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:02 PM

    Posted 23 November 2014 - 01:27 PM

     
     
    Note the remark one the page.
     
    Limitations:
    This program is advertising supported and may offer to install third party programs that are not required for the program to run. These may include a toolbar, changing your homepage, default search engine or other third party programs. Please watch the installation carefully to opt out. For more information:
     
    Can you now open this folder and find out what it holds.


    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,946 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:02 PM

    Posted 29 November 2014 - 09:40 AM

    Are you still with me?

    #13 rarco

    rarco
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:09:02 PM

    Posted 01 December 2014 - 10:37 AM

    Yes, I'm still with you (sorry for the delay).  I am able to open the locked icon without running the app you recommended. Would you still  like me run the Unlocker app?



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,946 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:02 PM

    Posted 01 December 2014 - 11:40 AM

    I am able to open the locked icon without running the app you recommended

    What can you tell me about this locked Icon?
    Can you Right click the icon and look at the properties?

    #15 rarco

    rarco
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:09:02 PM

    Posted 01 December 2014 - 01:36 PM

    Yes I can look at the properties.  Seems to be acting 'normal'.  In many folders now there are numerous shortcuts that are 'greyed out' and some say access denied.  Not sure if what we're doing in creating folders or could it of been due to using a dropbox or google drive account recently?

     

    Pic(s) attachedAttached File  Adam folder picRS.jpg   59.49KB   0 downloads

     

     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users