Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced System Protector virus


  • This topic is locked This topic is locked
33 replies to this topic

#1 Tdoby

Tdoby

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 28 November 2014 - 03:36 PM

I'm helping a friend who seems to have a virus called Advanced System Protector along with a few other things ... Ask Toolbar, PC Performer, RegClean Pro, My PC Backup.   If I had to guess, the McAffee that is running is also not a legit copy or has been infected because when I try to stop or uninstall it say it is an active subscription and she hasn't renewed her subscription for over a year.   I ran Malwarebytes and it cleared 300+ files but then Windows would not boot up.   I did a system restore back to before the virus removal and Windows now boots up but with all the above popups.   Would appreciate any help.   Thank you.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by goldilocks at 12:19:13 on 2014-11-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3686.949 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\CxAudMsg64.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\PC Performer\PCPerformer.exe
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Users\goldilocks\AppData\Local\VNT\vntldr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Users\goldilocks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AWSRZ3U\FRST64.exe
C:\windows\system32\notepad.exe
C:\windows\system32\notepad.exe
C:\windows\system32\notepad.exe
C:\windows\system32\notepad.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?tpid=ASI2-V6&o=APN10740&pf=V7&trgb=&p2=%5EATQ%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EATQ&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_9.0.8112.16470&apn_uid=8DE180CE-14D1-4670-8AF6-8598043E2FE3&itbv=11.7.1.31&doi=2013-03-21&psv=
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = about:blank
uURLSearchHooks: SearchHook Class: {D8278076-BC68-4484-9233-6E7F1628B56C} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>
dURLSearchHooks: SearchHook Class: {D8278076-BC68-4484-9233-6E7F1628B56C} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ask Toolbar: {41534932-2D56-3600-76A7-7A786E7484D7} -
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ask Toolbar: {41534932-2D56-3600-76A7-7A786E7484D7} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [VNT] "C:\Program Files (x86)\VNT\vntldr.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\GOLDIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A} : DHCPNameServer = 71.10.216.1 71.10.216.2
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A}\24C6575644F6C6078696E6D27657563747 : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A}\34963736F63353733363 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A}\3516D63734963736F6 : DHCPNameServer = 68.115.71.53 24.247.15.53 24.217.0.5
TCP: Interfaces\{6BB2F91C-0FBF-4247-BCB8-1AC0440BE63A}\745647A756C6D616E6 : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{71A2D370-2175-48A1-9676-12ED342EB084} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Ask Toolbar: {41534932-2D56-3600-76A7-7A786E7484D7} -
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Ask Toolbar: {41534932-2D56-3600-76A7-7A786E7484D7} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-12-23 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-12-23 39008]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 348552]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-12-23 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-12-23 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-12-23 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-12-23 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-12-23 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-8-14 204288]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-10-30 166296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-7-7 2684224]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2011-12-23 198784]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-27 328928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-11-27 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-27 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-27 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-27 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-27 328928]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-23 199304]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-11-27 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-23 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-12-23 189912]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-8-14 115216]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 72128]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-4-21 36656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-23 436840]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-12-23 47232]
R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-12-23 250752]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-12-23 8320]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-10-5 36936]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-5-8 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-23 225216]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-12-23 307304]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
.
=============== Created Last 30 ================
.
2014-11-27 15:57:13 -------- d-----w- C:\FRST
2014-11-27 15:12:25 -------- d-----w- C:\ProgramData\Systweak
2014-11-27 00:42:29 -------- d-----w- C:\Users\goldilocks\AppData\Local\ElevatedDiagnostics
2014-11-23 23:39:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-23 23:39:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 23:19:54 -------- d-sh--w- C:\Users\goldilocks\AppData\Local\EmieBrowserModeList
.
==================== Find3M  ====================
.
2014-09-29 00:58:48 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
.
============= FINISH: 12:21:54.37 ===============
 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 28 November 2014 - 03:54 PM

Hello Tdoby,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Things to includ ein your next reply::

AdwCleaner log

JRT.txt

FRST.txt

Addition.txt

You may use multiple posts if need to post all the logs.

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 28 November 2014 - 05:02 PM

Hi Fireman4it and thank you for your very speedy reply.  Machine is running much faster now.   Below are the logs.

 

# AdwCleaner v4.102 - Report created 28/11/2014 at 13:04:55
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : goldilocks - LENOVO
# Running from : C:\Users\goldilocks\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : BackupStack
Service Deleted : CltMngSvc
Service Deleted : SPPD

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PC Performer
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Video Performer
Folder Deleted : C:\Program Files (x86)\VNT
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\GOLDIL~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\goldilocks\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\goldilocks\AppData\Local\Conduit
Folder Deleted : C:\Users\goldilocks\AppData\Local\SearchProtect
Folder Deleted : C:\Users\goldilocks\AppData\Local\VNT
Folder Deleted : C:\Users\goldilocks\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\goldilocks\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\iWin
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\Systweak
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\goldilocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\sasnative64.exe
File Deleted : C:\Users\goldilocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\goldilocks\Desktop\Sync Folder.lnk
File Deleted : C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Advanced System Protector_startup
Task Deleted : LaunchApp
Task Deleted : PC Performer
Task Deleted : PC Performer_DEFAULT
Task Deleted : PC Performer_UPDATES
Task Deleted : RegClean Pro
Task Deleted : RegClean Pro_DEFAULT
Task Deleted : RegClean Pro_UPDATES

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BE8E040-DAA5-4DC3-93A8-B8B80D5AA6D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E48E1A98-E24B-485C-9D1A-F81D72F416EF}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Performer
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v39.0.2171.71

[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?tpid=ASI2-V6&o=APN10740&l=dis&pf=V7&p2=%5EATQ%5EYYYYYY%5EYY%5EUS&gct=&itbv=11.7.1.31&doi=2013-03-21&apn_uid=8DE180CE-14D1-4670-8AF6-8598043E2FE3&apn_ptnrs=%5EATQ&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_9.0.8112.16470&psv=&pt=tb&trgb=&q={searchTerms}
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&q={searchTerms}&SSPV=
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&q={searchTerms}&SSPV=
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=1944A573-7218-414E-A4E8-9924B28F9CCD&n=780bfa58&ind=2014050904&p2=^Z7^xdm704^YYA^us
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ASI2-V6&o=APN10740&l=dis&pf=V7&p2=%5EATQ%5EYYYYYY%5EYY%5EUS&gct=&itbv=11.7.1.31&doi=2013-03-21&apn_uid=8DE180CE-14D1-4670-8AF6-8598043E2FE3&apn_ptnrs=%5EATQ&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_9.0.8112.16470&psv=&pt=tb&trgb=&q={searchTerms}
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&q={searchTerms}&SSPV=
[C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [12628 octets] - [28/11/2014 12:58:35]
AdwCleaner[S0].txt - [11655 octets] - [28/11/2014 13:04:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11716 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by goldilocks on Fri 11/28/2014 at 13:22:03.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{adff4c9a-4f49-4a1f-8885-360e107b7938}

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\windows\s.bat"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\goldilocks\appdata\local\best buy pc app"
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{0DF86F7E-3A65-4900-B548-1E538B7AB9AE}
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{0E1FE6DA-DAE4-4181-B44F-78381FE1EC74}
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{4A869A30-0B53-4874-B71F-97EC5BEA9E3D}
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{5F14F3C9-A101-494F-A2F5-E5739C8F12BF}
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{6D261782-1962-46FE-B4F1-AD29AE8EF0E5}
Successfully deleted: [Empty Folder] C:\Users\goldilocks\appdata\local\{E70A5D58-4BCB-4F80-B3EB-359C61D96052}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/28/2014 at 13:38:46.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by goldilocks (administrator) on LENOVO on 28-11-2014 15:53:42
Running from C:\Users\goldilocks\Desktop
Loaded Profile: goldilocks (Available profiles: goldilocks)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-12-24] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-12-24] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-514926237-156647970-2710506277-1001\...\Run: [Google Update] => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-514926237-156647970-2710506277-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-24] (Google Inc.)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-514926237-156647970-2710506277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKU\S-1-5-21-514926237-156647970-2710506277-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-514926237-156647970-2710506277-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-514926237-156647970-2710506277-1001 - (No Name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - No File
SearchScopes: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> DefaultScope {C4A02ABC-6C2D-47BB-A0EC-EBC3B94112F0} URL = https://search.yahoo.com/search?fr=mcafee&type=B015US714D20140719&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS469
SearchScopes: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> {C4A02ABC-6C2D-47BB-A0EC-EBC3B94112F0} URL = https://search.yahoo.com/search?fr=mcafee&type=B015US714D20140719&p={SearchTerms}
BHO: Ask Toolbar -> {41534932-2D56-3600-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport_x64.dll" No File
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ask Toolbar -> {41534932-2D56-3600-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport.dll" No File
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Ask Toolbar - {41534932-2D56-3600-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport_x64.dll" No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {41534932-2D56-3600-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-514926237-156647970-2710506277-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\goldilocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-514926237-156647970-2710506277-1001: @talk.google.com/O1DPlugin -> C:\Users\goldilocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-514926237-156647970-2710506277-1001: @tools.google.com/Google Update;version=3 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-514926237-156647970-2710506277-1001: @tools.google.com/Google Update;version=9 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\goldilocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\goldilocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-12-24]
FF HKU\S-1-5-21-514926237-156647970-2710506277-1001\...\Firefox\Extensions: [module@com.arcadesafari.firefox] - C:\Users\goldilocks\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox
FF Extension: No Name - C:\Users\goldilocks\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2012-10-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3318152&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318152&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&SSPV="
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US714D20140719&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\goldilocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\goldilocks\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaakpoebmegjfllgpindfiionpnaoag [2013-06-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (SiteAdvisor) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-10-17]
CHR Extension: (GamingWonderland) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglnnifljabmkcecofpnlokcgnmbecia [2014-05-09]
CHR Extension: (Google Wallet) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR Extension: (Arcadesafari) - C:\Users\goldilocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlmmllkclondemfbkhhkkepmkcdbjdi [2014-03-13]
CHR HKLM\...\Chrome\Extension: [aaaakpoebmegjfllgpindfiionpnaoag] - C:\ProgramData\AskPartnerNetwork\Toolbar\ASI2-V6\CRX\ToolbarCR.crx []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [aaaakpoebmegjfllgpindfiionpnaoag] - C:\ProgramData\AskPartnerNetwork\Toolbar\ASI2-V6\CRX\ToolbarCR.crx [2014-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 15:53 - 2014-11-28 15:54 - 00024559 _____ () C:\Users\goldilocks\Desktop\FRST.txt
2014-11-28 15:45 - 2014-11-28 15:45 - 02117632 _____ (Farbar) C:\Users\goldilocks\Desktop\FRST64.exe
2014-11-28 15:38 - 2014-11-28 15:38 - 00002747 _____ () C:\Users\goldilocks\Desktop\JRT.txt
2014-11-28 15:21 - 2014-11-28 15:21 - 00011825 _____ () C:\Users\goldilocks\Desktop\AdwCleaner[S0].txt
2014-11-28 15:21 - 2014-11-28 15:21 - 00000000 ____D () C:\windows\ERUNT
2014-11-28 15:20 - 2014-11-28 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-28 14:58 - 2014-11-28 15:06 - 00000000 ____D () C:\AdwCleaner
2014-11-28 14:57 - 2014-11-28 14:58 - 02148864 _____ () C:\Users\goldilocks\Desktop\AdwCleaner.exe
2014-11-28 14:23 - 2014-11-28 14:23 - 00028520 _____ () C:\Users\goldilocks\Desktop\dds1.txt
2014-11-28 14:22 - 2014-11-28 14:22 - 00028520 _____ () C:\Users\goldilocks\Desktop\attach.txt
2014-11-28 14:22 - 2014-11-28 14:21 - 00022292 _____ () C:\Users\goldilocks\Desktop\dds.txt
2014-11-27 10:00 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-27 10:00 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-27 10:00 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-27 10:00 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-27 10:00 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-27 10:00 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-27 10:00 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-27 10:00 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-27 10:00 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-27 10:00 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-27 10:00 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-27 10:00 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-27 10:00 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-27 10:00 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-27 10:00 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-27 10:00 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-27 10:00 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-27 10:00 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-27 10:00 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-27 10:00 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-27 10:00 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-27 10:00 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-27 10:00 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-27 10:00 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-27 10:00 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-27 10:00 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-27 10:00 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-27 10:00 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-27 10:00 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-27 10:00 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-27 10:00 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-27 10:00 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-27 10:00 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-27 10:00 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-27 10:00 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-27 10:00 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-27 10:00 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-27 10:00 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-27 10:00 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-27 10:00 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-27 10:00 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-27 10:00 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-27 10:00 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-27 10:00 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-27 10:00 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-27 10:00 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-27 10:00 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-27 10:00 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-27 10:00 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-27 10:00 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-27 10:00 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-27 10:00 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-27 10:00 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-27 10:00 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-27 10:00 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-27 10:00 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-27 09:59 - 2014-11-27 10:01 - 04163057 _____ () C:\Users\goldilocks\Downloads\tdsskiller.zip
2014-11-27 09:57 - 2014-11-28 15:53 - 00000000 ____D () C:\FRST
2014-11-27 09:56 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-27 09:56 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-27 09:55 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-27 09:55 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-27 09:55 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-27 09:55 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-27 09:55 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-27 09:55 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-27 09:55 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-27 09:55 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-27 09:55 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-27 09:55 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-27 09:54 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-27 09:54 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-27 09:53 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-27 09:49 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-27 09:49 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-27 09:47 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-27 09:47 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-27 09:47 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-27 09:47 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-27 09:47 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-27 09:47 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-27 09:47 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-27 09:47 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-27 09:47 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-27 09:47 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-26 18:44 - 2014-11-27 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-25 13:22 - 2014-11-25 13:22 - 00000000 _____ () C:\Users\goldilocks\AppData\Local\{2E0F71C1-6AE2-48E0-8246-EBB673B0ED1A}
2014-11-23 17:39 - 2014-11-27 09:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 17:39 - 2014-11-26 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware1
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 17:19 - 2014-11-23 17:19 - 00000000 __SHD () C:\Users\goldilocks\AppData\Local\EmieBrowserModeList
2014-11-23 17:14 - 2014-11-23 17:20 - 00002360 _____ () C:\Users\goldilocks\Desktop\Rkill.txt
2014-11-22 17:16 - 2014-11-22 17:16 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (2).m4v
2014-11-22 17:15 - 2014-11-22 17:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (1).m4v
2014-11-22 17:14 - 2014-11-22 17:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p).m4v
2014-11-11 03:20 - 2014-11-11 03:20 - 00000000 ____D () C:\Users\goldilocks\AppData\Roaming\Mozilla
2014-11-05 03:17 - 2014-11-27 09:17 - 00001350 _____ () C:\Users\goldilocks\Desktop\Clean Registry for Free!.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 15:25 - 2012-02-03 15:14 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA.job
2014-11-28 15:25 - 2011-12-23 23:52 - 01474783 _____ () C:\windows\WindowsUpdate.log
2014-11-28 15:20 - 2013-08-12 04:03 - 00001844 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-11-28 15:19 - 2009-07-13 23:13 - 00006226 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-28 15:16 - 2009-07-13 22:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 15:16 - 2009-07-13 22:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 15:14 - 2011-12-24 01:04 - 00580816 _____ () C:\windows\system32\fastboot.set
2014-11-28 15:13 - 2011-12-24 00:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 15:13 - 2011-12-24 00:36 - 11157943 _____ () C:\FaceProv.log
2014-11-28 15:13 - 2011-12-24 00:36 - 00000000 ____D () C:\ProgramData\VeriFace
2014-11-28 15:11 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-28 15:11 - 2009-07-13 22:51 - 00059870 _____ () C:\windows\setupact.log
2014-11-28 15:11 - 2009-07-13 22:45 - 00263640 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-28 15:08 - 2010-11-20 21:47 - 00252698 _____ () C:\windows\PFRO.log
2014-11-28 15:07 - 2013-03-21 13:45 - 00000494 _____ () C:\windows\Tasks\Arcadesafari.job
2014-11-28 13:47 - 2012-02-03 15:14 - 00000876 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core.job
2014-11-27 09:29 - 2011-12-24 00:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-27 09:26 - 2011-12-24 00:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-11-27 09:20 - 2012-02-03 15:14 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA
2014-11-27 09:20 - 2012-02-03 15:14 - 00003512 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core
2014-11-27 09:20 - 2011-12-24 00:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-27 09:20 - 2011-12-24 00:58 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-27 09:20 - 2011-12-24 00:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 09:11 - 2012-01-30 15:44 - 00000000 ____D () C:\Users\goldilocks
2014-11-27 09:09 - 2013-03-21 13:45 - 00000000 ____D () C:\Users\goldilocks\AppData\Local\Arcadesafari
2014-11-27 09:09 - 2012-04-07 16:39 - 00000000 ____D () C:\Users\goldilocks\Desktop\Easter
2014-11-27 09:09 - 2012-03-09 16:27 - 00000000 ____D () C:\Users\goldilocks\Desktop\Power point
2014-11-27 09:09 - 2012-01-30 15:45 - 00000000 ____D () C:\Users\goldilocks\AppData\Local\BioExcess
2014-11-27 09:09 - 2012-01-30 15:44 - 00000000 ____D () C:\Users\goldilocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-11-27 09:09 - 2011-12-24 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-27 09:09 - 2011-12-24 00:36 - 00000000 ____D () C:\ProgramData\Port Locker
2014-11-27 09:09 - 2011-12-24 00:29 - 00000000 ____D () C:\Program Files\mcafee.com
2014-11-27 09:09 - 2011-12-24 00:29 - 00000000 ____D () C:\Program Files\mcafee
2014-11-27 09:09 - 2011-12-24 00:29 - 00000000 ____D () C:\Program Files (x86)\mcafee.com
2014-11-27 09:09 - 2011-12-24 00:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-27 09:09 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-27 09:09 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2014-11-27 09:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-27 09:08 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2014-11-26 18:37 - 2010-11-20 20:50 - 00000000 ____D () C:\Users\Administrator
2014-11-26 18:24 - 2012-05-08 16:21 - 00056832 ___SH () C:\Users\goldilocks\Desktop\Thumbs.db

Some content of TEMP:
====================
C:\Users\goldilocks\AppData\Local\Temp\apnpip.exe
C:\Users\goldilocks\AppData\Local\Temp\APNSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\as_twc.exe
C:\Users\goldilocks\AppData\Local\Temp\BackupSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\dlLogic.exe
C:\Users\goldilocks\AppData\Local\Temp\GCVerifier.dll
C:\Users\goldilocks\AppData\Local\Temp\nsbA630.exe
C:\Users\goldilocks\AppData\Local\Temp\nslE137.exe
C:\Users\goldilocks\AppData\Local\Temp\nsqEAC9.exe
C:\Users\goldilocks\AppData\Local\Temp\nsw91E4.exe
C:\Users\goldilocks\AppData\Local\Temp\Quarantine.exe
C:\Users\goldilocks\AppData\Local\Temp\SPSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\spstub.exe
C:\Users\goldilocks\AppData\Local\Temp\sqlite3.dll
C:\Users\goldilocks\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x64.exe
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x86.exe
C:\Users\goldilocks\AppData\Local\Temp\verifier.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 12:01

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by goldilocks at 2014-11-28 15:55:05
Running from C:\Users\goldilocks\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Arcadesafari (HKU\S-1-5-21-514926237-156647970-2710506277-1001\...\Arcadesafari) (Version:  - Arcadesafari)
Ask Toolbar (HKLM-x32\...\{41534932-2D56-3600-76A7-A758B70C1300}) (Version: 12.19.0.3627 - APN, LLC) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{C5E7EB18-8F3A-2192-7435-7D68CB4907CB}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
CWA Reminder by We-Care.com v4.1.21.3 (HKLM-x32\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.3 - We-Care.com)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.616.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-514926237-156647970-2710506277-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\goldilocks\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-10-2014 12:37:56 Windows Backup
03-11-2014 08:16:06 Windows Backup
10-11-2014 09:58:38 Windows Backup
12-11-2014 12:12:06 Windows Update
17-11-2014 10:11:27 Windows Backup
19-11-2014 11:00:23 Windows Update
27-11-2014 15:24:00 Windows Backup
28-11-2014 19:47:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16C44B3E-A7F3-4B94-B74D-E02BAE5BA253} - System32\Tasks\Arcadesafari => C:\Users\goldilocks\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2014-08-28] (Arcadesafari)
Task: {1A4696A5-3115-4298-B97E-763ED22DDF64} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {41E57241-536B-466B-A9F8-821670AF420D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {894C3557-AB6C-4931-A798-A43D5E5EF9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {C0DEC6E4-3872-4B8D-876D-632176D44AF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {D2C3F3EB-8993-4A74-BF3D-62B50B35EFE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: C:\windows\Tasks\Arcadesafari.job => C:\Users\goldilocks\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core.job => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA.job => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-01-21 10:45 - 2009-01-21 10:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2008-12-19 21:20 - 2011-12-24 01:01 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-03-14 08:21 - 2011-03-14 08:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-28 17:38 - 2011-06-28 17:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-24 00:36 - 2011-12-24 00:36 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-12-24 00:36 - 2011-12-24 00:36 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2011-12-24 00:36 - 2011-12-24 00:36 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-514926237-156647970-2710506277-500 - Administrator - Disabled)
goldilocks (S-1-5-21-514926237-156647970-2710506277-1001 - Administrator - Enabled) => C:\Users\goldilocks
Guest (S-1-5-21-514926237-156647970-2710506277-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-514926237-156647970-2710506277-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/28/2014 03:50:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 3686.11 MB
Available physical RAM: 1708.26 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 5125.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:194.28 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 18491682)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 28 November 2014 - 07:14 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Best Buy pc app
Best Buy pc app
Ask Toolbar


Additional instructions can be found here if needed.

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   4.91KB   5 downloads

 

 

Let me know how the machine is doing after this fix. Are you wanting to take MCafee off the system?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 28 November 2014 - 08:11 PM

Machine running much better.  When it restarted there was a box that said Bio Excess has stopped working -- not sure if this is a necessary program.  Also, there was a popup that said (I think) Lenova EE optimizer that I closed.   Would like to keep McAfee but thought it may be infected.  

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by goldilocks at 2014-11-28 18:34:31 Run:1
Running from C:\Users\goldilocks\Desktop
Loaded Profile: goldilocks (Available profiles: goldilocks)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-514926237-156647970-2710506277-1001 - (No Name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - No File
BHO: Ask Toolbar -> {41534932-2D56-3600-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport_x64.dll" No File
BHO-x32: Ask Toolbar -> {41534932-2D56-3600-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport.dll" No File
Toolbar: HKLM - Ask Toolbar - {41534932-2D56-3600-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {41534932-2D56-3600-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI2-V6\Passport.dll" No File
Toolbar: HKU\S-1-5-21-514926237-156647970-2710506277-1001 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKU\S-1-5-21-514926237-156647970-2710506277-1001\...\Firefox\Extensions: [module@com.arcadesafari.firefox] - C:\Users\goldilocks\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox
FF Extension: No Name - C:\Users\goldilocks\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2012-10-01]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3318152&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318152&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP79697B6F-5E49-4725-8971-0D8F9CCFDB90&SSPV="
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U3 mfeapfk01; No ImagePath
U3 mfeavfk01; No ImagePath
C:\Users\goldilocks\AppData\Local\Temp\apnpip.exe
C:\Users\goldilocks\AppData\Local\Temp\APNSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\as_twc.exe
C:\Users\goldilocks\AppData\Local\Temp\BackupSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\dlLogic.exe
C:\Users\goldilocks\AppData\Local\Temp\GCVerifier.dll
C:\Users\goldilocks\AppData\Local\Temp\nsbA630.exe
C:\Users\goldilocks\AppData\Local\Temp\nslE137.exe
C:\Users\goldilocks\AppData\Local\Temp\nsqEAC9.exe
C:\Users\goldilocks\AppData\Local\Temp\nsw91E4.exe
C:\Users\goldilocks\AppData\Local\Temp\Quarantine.exe
C:\Users\goldilocks\AppData\Local\Temp\SPSetup.exe
C:\Users\goldilocks\AppData\Local\Temp\spstub.exe
C:\Users\goldilocks\AppData\Local\Temp\sqlite3.dll
C:\Users\goldilocks\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x64.exe
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x86.exe
Task: {16C44B3E-A7F3-4B94-B74D-E02BAE5BA253} - System32\Tasks\Arcadesafari => C:\Users\goldilocks\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2014-08-28] (Arcadesafari)
Task: C:\windows\Tasks\Arcadesafari.job => C:\Users\goldilocks\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
emptytemp:

 

 

 

 

 

 

 

*****************

C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\VeriFace Enc" => Key deleted successfully.
"HKCR\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-514926237-156647970-2710506277-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41534932-2D56-3600-76A7-7A786E7484D7} => Value not found.
"HKCR\CLSID\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41534932-2D56-3600-76A7-7A786E7484D7} => Value not found.
"HKCR\Wow6432Node\CLSID\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
HKU\S-1-5-21-514926237-156647970-2710506277-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} => value deleted successfully.
"HKCR\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16}" => Key not found.
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-514926237-156647970-2710506277-1001\Software\Mozilla\Firefox\Extensions\\module@com.arcadesafari.firefox => value deleted successfully.
C:\Users\goldilocks\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
nvUpdatusService => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
mfeapfk01 => Service deleted successfully.
mfeavfk01 => Service deleted successfully.
C:\Users\goldilocks\AppData\Local\Temp\apnpip.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\as_twc.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\dlLogic.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\GCVerifier.dll => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\nsbA630.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\nslE137.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\nsqEAC9.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\nsw91E4.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\spstub.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\goldilocks\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16C44B3E-A7F3-4B94-B74D-E02BAE5BA253}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16C44B3E-A7F3-4B94-B74D-E02BAE5BA253}" => Key deleted successfully.
C:\Windows\System32\Tasks\Arcadesafari => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Arcadesafari" => Key deleted successfully.
C:\windows\Tasks\Arcadesafari.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => Key deleted successfully.
EmptyTemp: => Removed 12.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 28 November 2014 - 11:23 PM

I would uninstall and reinstall MCafee just to be safe.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 29 November 2014 - 10:55 AM

Good Morning,

Laptop had a rough night.   I downloaded and ran the Malwarebytes.  It detected 224 non malicious threats and on restart would not reboot.   I started in safe mode...deleted McAffee and Malwarebytes and reinstalled and ran again and this morning when I got up there was a blue screen that said something like Windows encountered a problem and shut down.   I can sign onto Windows but only get a black screen.  

 

The initial malwarebytes scan shut down before it produced a log.  The log produced in Safe Mode is below.   I am currently running the Emisisoft scan in safe mode and will attach the scan when it's finished. 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/29/2014
Scan Time: 12:42:19 AM
Logfile: mlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database:
Rootkit Database:
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: goldilocks

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322173
Time Elapsed: 18 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken:
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#8 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 29 November 2014 - 11:29 AM

The Emisisoft scan finished and I tried restarting in normal mode and got the black screen after the windows sign on screen.  Am now back in safe mode.

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/29/2014 8:45:58 AM
User account: lenovo\goldilocks

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/29/2014 8:50:07 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS  detected: Setting.NoFolderOptions (A)
C:\windows\version.txt  detected: Application.Win32.Toolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-514926237-156647970-2710506277-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-514926237-156647970-2710506277-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN  detected: Setting.NoRun (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir  detected: Application.Win32.WebToolbar (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Performer\PCPerformer.dll.vir  detected: Application.Generic.784187 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir  detected: Application.Win32.SProtect (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir  detected: Application.Win32.SProtect (A)
C:\FRST\Quarantine\C\Users\goldilocks\AppData\Local\Temp\spstub.exe.xBAD  detected: Application.Win32.InstallTool (A)

Scanned 190085
Found 12

Scan end: 11/29/2014 10:13:51 AM
Scan time: 1:23:44

C:\FRST\Quarantine\C\Users\goldilocks\AppData\Local\Temp\spstub.exe.xBAD Quarantined Application.Win32.InstallTool (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir Quarantined Application.Win32.SProtect (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir Quarantined Application.Win32.SProtect (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Performer\PCPerformer.dll.vir Quarantined Application.Generic.784187 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Quarantined Application.Win32.WebToolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-514926237-156647970-2710506277-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-514926237-156647970-2710506277-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
C:\windows\version.txt Quarantined Application.Win32.Toolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A)

Quarantined 12



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 29 November 2014 - 05:30 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   29bytes   5 downloads

 

See if it will boot correctly after this fix.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 29 November 2014 - 06:00 PM

No, it didn't work -- still a black screen.  

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by goldilocks at 2014-11-29 16:52:30 Run:2
Running from C:\Users\goldilocks\Desktop
Loaded Profile: goldilocks (Available profiles: goldilocks)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-11-06 12:01
*****************

Error: The restore operation should be done in the recovery mode.

==== End of Fixlog ====



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 30 November 2014 - 12:45 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2014 - 03:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014
Ran by SYSTEM on MININT-EHRGUHN on 30-11-2014 14:39:10
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-12-23] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-12-23] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\goldilocks\...\Run: [Google Update] => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\goldilocks\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\USERS\GOLDILOCKS\DESKTOP\BIN\a2ddax64.sys [26176 2014-11-28] (Emsisoft GmbH)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 cleanhlp; C:\Users\goldilocks\Desktop\bin\cleanhlp64.sys [57024 2014-11-28] (Emsisoft GmbH)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 14:48 - 2014-11-29 14:48 - 00000029 _____ () C:\Users\goldilocks\Downloads\fixlist.txt
2014-11-29 06:42 - 2014-11-29 08:13 - 00000000 ____D () C:\Users\goldilocks\Desktop\bin
2014-11-29 06:42 - 2014-11-29 06:42 - 00000669 _____ () C:\Users\goldilocks\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-29 06:42 - 2014-11-28 22:15 - 00432328 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start Emergency Kit Scanner.exe
2014-11-29 06:42 - 2014-11-28 22:15 - 00423064 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start BlitzBlank.exe
2014-11-29 06:42 - 2014-11-28 22:15 - 00004079 ____N () C:\Users\goldilocks\Desktop\readme.txt
2014-11-29 06:42 - 2014-11-28 22:14 - 00432328 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start Commandline Scanner.exe
2014-11-29 06:23 - 2014-11-29 06:23 - 00455920 _____ () C:\Windows\Minidump\112914-20280-01.dmp
2014-11-28 23:29 - 2014-11-28 23:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-28 23:29 - 2014-11-28 23:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-28 23:29 - 2014-11-28 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-28 23:29 - 2014-10-01 09:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-28 23:29 - 2014-10-01 09:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-28 23:29 - 2014-10-01 09:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-28 23:28 - 2014-11-28 23:28 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\goldilocks\Desktop\mbam-setup.exe
2014-11-28 14:03 - 2014-11-28 14:03 - 00000355 _____ () C:\Users\goldilocks\Desktop\Computer - Shortcut.lnk
2014-11-28 13:55 - 2014-11-28 13:56 - 00015958 _____ () C:\Users\goldilocks\Desktop\Addition.txt
2014-11-28 13:45 - 2014-11-28 13:45 - 02117632 _____ (Farbar) C:\Users\goldilocks\Desktop\FRST64.exe
2014-11-28 13:38 - 2014-11-28 13:38 - 00002747 _____ () C:\Users\goldilocks\Desktop\JRT.txt
2014-11-28 13:21 - 2014-11-28 13:21 - 00011825 _____ () C:\Users\goldilocks\Desktop\AdwCleaner[S0].txt
2014-11-28 13:21 - 2014-11-28 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-11-28 12:58 - 2014-11-28 22:33 - 00000000 ____D () C:\AdwCleaner
2014-11-28 12:57 - 2014-11-28 12:58 - 02148864 _____ () C:\Users\goldilocks\Desktop\AdwCleaner.exe
2014-11-28 12:23 - 2014-11-28 12:23 - 00028520 _____ () C:\Users\goldilocks\Desktop\dds1.txt
2014-11-28 12:22 - 2014-11-28 12:22 - 00028520 _____ () C:\Users\goldilocks\Desktop\attach.txt
2014-11-28 12:22 - 2014-11-28 12:21 - 00022292 _____ () C:\Users\goldilocks\Desktop\dds.txt
2014-11-27 08:00 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-27 08:00 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-27 08:00 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-27 08:00 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-27 08:00 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-27 08:00 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-27 08:00 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-27 08:00 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-27 08:00 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-27 08:00 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-27 08:00 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-27 08:00 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-27 08:00 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-27 08:00 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-27 08:00 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-27 08:00 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-27 08:00 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-27 08:00 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-27 08:00 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-27 08:00 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-27 08:00 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-27 08:00 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-27 08:00 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-27 08:00 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-27 08:00 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-27 08:00 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-27 08:00 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-27 08:00 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-27 08:00 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-27 08:00 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-27 08:00 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-27 08:00 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-27 08:00 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-27 08:00 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-27 08:00 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-27 08:00 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-27 08:00 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-27 08:00 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-27 08:00 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-27 08:00 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-27 08:00 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-27 08:00 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-27 08:00 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-27 08:00 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-27 08:00 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-27 08:00 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-27 08:00 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-27 08:00 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-27 08:00 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-27 08:00 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-27 08:00 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-27 08:00 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-27 08:00 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-27 08:00 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-27 08:00 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-27 08:00 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-27 07:59 - 2014-11-27 08:01 - 04163057 _____ () C:\Users\goldilocks\Downloads\tdsskiller.zip
2014-11-27 07:57 - 2014-11-30 14:39 - 00000000 ____D () C:\FRST
2014-11-27 07:56 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-27 07:56 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-27 07:55 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-27 07:54 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-27 07:54 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-27 07:53 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-27 07:49 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-27 07:49 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-27 07:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-27 07:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-27 07:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-27 07:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-27 07:47 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-27 07:47 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-27 07:47 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-27 07:47 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-27 07:47 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-27 07:47 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-25 11:22 - 2014-11-25 11:22 - 00000000 _____ () C:\Users\goldilocks\AppData\Local\{2E0F71C1-6AE2-48E0-8246-EBB673B0ED1A}
2014-11-23 15:39 - 2014-11-23 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 15:19 - 2014-11-23 15:19 - 00000000 __SHD () C:\Users\goldilocks\AppData\Local\EmieBrowserModeList
2014-11-23 15:14 - 2014-11-23 15:20 - 00002360 _____ () C:\Users\goldilocks\Desktop\Rkill.txt
2014-11-22 15:16 - 2014-11-22 15:16 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (2).m4v
2014-11-22 15:15 - 2014-11-22 15:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (1).m4v
2014-11-22 15:14 - 2014-11-22 15:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p).m4v
2014-11-11 01:20 - 2014-11-11 01:20 - 00000000 ____D () C:\Users\goldilocks\AppData\Roaming\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 12:23 - 2011-12-23 23:04 - 00095896 _____ () C:\Windows\System32\fastboot.set
2014-11-30 12:22 - 2011-12-23 22:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 12:22 - 2011-12-23 22:36 - 11190350 _____ () C:\FaceProv.log
2014-11-30 12:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 12:22 - 2009-07-13 20:51 - 00060688 _____ () C:\Windows\setupact.log
2014-11-29 15:43 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 15:43 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 15:02 - 2009-07-13 21:13 - 00006226 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-29 12:16 - 2011-12-23 21:52 - 01505036 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 10:41 - 2012-02-03 13:14 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA.job
2014-11-29 06:23 - 2012-05-08 10:22 - 420418380 _____ () C:\Windows\MEMORY.DMP
2014-11-29 06:23 - 2012-05-08 10:22 - 00000000 ____D () C:\Windows\Minidump
2014-11-29 06:23 - 2010-11-20 19:47 - 00257262 _____ () C:\Windows\PFRO.log
2014-11-28 23:26 - 2011-12-23 22:36 - 00000000 ____D () C:\ProgramData\VeriFace
2014-11-28 23:25 - 2011-12-23 22:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-11-28 23:25 - 2011-12-23 22:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-28 23:25 - 2011-12-23 22:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-28 23:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-28 22:30 - 2012-05-08 14:21 - 00056832 ___SH () C:\Users\goldilocks\Desktop\Thumbs.db
2014-11-28 16:59 - 2012-02-19 09:04 - 23303893 _____ () C:\Windows\System32\PsBoot.log
2014-11-28 16:59 - 2012-02-19 09:04 - 00000000 _____ () C:\Windows\System32\defragLog.log
2014-11-28 13:11 - 2009-07-13 20:45 - 00263640 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-28 11:47 - 2012-02-03 13:14 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core.job
2014-11-27 07:20 - 2012-02-03 13:14 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA
2014-11-27 07:20 - 2012-02-03 13:14 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core
2014-11-27 07:20 - 2011-12-23 22:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-27 07:20 - 2011-12-23 22:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-27 07:20 - 2011-12-23 22:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 07:11 - 2012-01-30 13:44 - 00000000 ____D () C:\users\goldilocks
2014-11-27 07:09 - 2012-04-07 14:39 - 00000000 ____D () C:\Users\goldilocks\Desktop\Easter
2014-11-27 07:09 - 2012-03-09 14:27 - 00000000 ____D () C:\Users\goldilocks\Desktop\Power point
2014-11-27 07:09 - 2012-01-30 13:45 - 00000000 ____D () C:\Users\goldilocks\AppData\Local\BioExcess
2014-11-27 07:09 - 2011-12-23 22:36 - 00000000 ____D () C:\ProgramData\Port Locker
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-27 07:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-26 16:37 - 2010-11-20 18:50 - 00000000 ____D () C:\users\Administrator

Some content of TEMP:
====================
C:\Users\goldilocks\AppData\Local\Temp\Quarantine.exe
C:\Users\goldilocks\AppData\Local\Temp\sqlite3.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-27 04:38:30
Restore point made on: 2014-11-03 00:16:50
Restore point made on: 2014-11-10 01:59:07
Restore point made on: 2014-11-12 04:13:08
Restore point made on: 2014-11-17 02:11:56
Restore point made on: 2014-11-19 03:00:58
Restore point made on: 2014-11-27 07:26:19
Restore point made on: 2014-11-28 11:49:26

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3686.11 MB
Available physical RAM: 3085.3 MB
Total Pagefile: 3684.31 MB
Available Pagefile: 3077.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:207.23 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.01 GB) NTFS
Drive g: (TRAVELDRIVE) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 18491682)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: D7BB2F09)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

LastRegBack: 2014-11-06 10:01

==================== End Of Log ============================



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 30 November 2014 - 07:37 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

LastRegBack: 2014-11-06 10:01

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

See if it will boot after this fix.


Edited by fireman4it, 30 November 2014 - 07:37 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Tdoby

Tdoby
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2014 - 09:47 PM

The Desktop displayed, the Lenova EE Optimizer displayed (esc out of that) and a box that said BioExcess has stopped working that gives the option Check online for a solution or close the program.  Closed and then any keystroke took 5-10 minutes.  When I tried to shut down a box that soething like Wndows is missing popped up.  I clicked ctl alt del and a Failure to display security and shut down options box appeared.  I shut down and restarted another two times and black screen.   Restarted again got the desktop with the BioExcess has stopped working box.     Not sure what to do.  (Responding from a different laptop).

 

Just another note that I see McAfee in the list below and I did remove the program. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014
Ran by SYSTEM on MININT-EHRGUHN on 30-11-2014 14:39:10
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-12-23] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-12-23] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\goldilocks\...\Run: [Google Update] => C:\Users\goldilocks\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\goldilocks\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\USERS\GOLDILOCKS\DESKTOP\BIN\a2ddax64.sys [26176 2014-11-28] (Emsisoft GmbH)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 cleanhlp; C:\Users\goldilocks\Desktop\bin\cleanhlp64.sys [57024 2014-11-28] (Emsisoft GmbH)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 14:48 - 2014-11-29 14:48 - 00000029 _____ () C:\Users\goldilocks\Downloads\fixlist.txt
2014-11-29 06:42 - 2014-11-29 08:13 - 00000000 ____D () C:\Users\goldilocks\Desktop\bin
2014-11-29 06:42 - 2014-11-29 06:42 - 00000669 _____ () C:\Users\goldilocks\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-29 06:42 - 2014-11-28 22:15 - 00432328 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start Emergency Kit Scanner.exe
2014-11-29 06:42 - 2014-11-28 22:15 - 00423064 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start BlitzBlank.exe
2014-11-29 06:42 - 2014-11-28 22:15 - 00004079 ____N () C:\Users\goldilocks\Desktop\readme.txt
2014-11-29 06:42 - 2014-11-28 22:14 - 00432328 ____N (Emsisoft GmbH) C:\Users\goldilocks\Desktop\Start Commandline Scanner.exe
2014-11-29 06:23 - 2014-11-29 06:23 - 00455920 _____ () C:\Windows\Minidump\112914-20280-01.dmp
2014-11-28 23:29 - 2014-11-28 23:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-28 23:29 - 2014-11-28 23:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-28 23:29 - 2014-11-28 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-28 23:29 - 2014-10-01 09:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-28 23:29 - 2014-10-01 09:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-28 23:29 - 2014-10-01 09:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-28 23:28 - 2014-11-28 23:28 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\goldilocks\Desktop\mbam-setup.exe
2014-11-28 14:03 - 2014-11-28 14:03 - 00000355 _____ () C:\Users\goldilocks\Desktop\Computer - Shortcut.lnk
2014-11-28 13:55 - 2014-11-28 13:56 - 00015958 _____ () C:\Users\goldilocks\Desktop\Addition.txt
2014-11-28 13:45 - 2014-11-28 13:45 - 02117632 _____ (Farbar) C:\Users\goldilocks\Desktop\FRST64.exe
2014-11-28 13:38 - 2014-11-28 13:38 - 00002747 _____ () C:\Users\goldilocks\Desktop\JRT.txt
2014-11-28 13:21 - 2014-11-28 13:21 - 00011825 _____ () C:\Users\goldilocks\Desktop\AdwCleaner[S0].txt
2014-11-28 13:21 - 2014-11-28 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-11-28 12:58 - 2014-11-28 22:33 - 00000000 ____D () C:\AdwCleaner
2014-11-28 12:57 - 2014-11-28 12:58 - 02148864 _____ () C:\Users\goldilocks\Desktop\AdwCleaner.exe
2014-11-28 12:23 - 2014-11-28 12:23 - 00028520 _____ () C:\Users\goldilocks\Desktop\dds1.txt
2014-11-28 12:22 - 2014-11-28 12:22 - 00028520 _____ () C:\Users\goldilocks\Desktop\attach.txt
2014-11-28 12:22 - 2014-11-28 12:21 - 00022292 _____ () C:\Users\goldilocks\Desktop\dds.txt
2014-11-27 08:00 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-27 08:00 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-27 08:00 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-27 08:00 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-27 08:00 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-27 08:00 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-27 08:00 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-27 08:00 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-27 08:00 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-27 08:00 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-27 08:00 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-27 08:00 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-27 08:00 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-27 08:00 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-27 08:00 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-27 08:00 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-27 08:00 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-27 08:00 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-27 08:00 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-27 08:00 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-27 08:00 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-27 08:00 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-27 08:00 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-27 08:00 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-27 08:00 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-27 08:00 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-27 08:00 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-27 08:00 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-27 08:00 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-27 08:00 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-27 08:00 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-27 08:00 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-27 08:00 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-27 08:00 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-27 08:00 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-27 08:00 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-27 08:00 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-27 08:00 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-27 08:00 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-27 08:00 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-27 08:00 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-27 08:00 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-27 08:00 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-27 08:00 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-27 08:00 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-27 08:00 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-27 08:00 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-27 08:00 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-27 08:00 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-27 08:00 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-27 08:00 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-27 08:00 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-27 08:00 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-27 08:00 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-27 08:00 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-27 08:00 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-27 07:59 - 2014-11-27 08:01 - 04163057 _____ () C:\Users\goldilocks\Downloads\tdsskiller.zip
2014-11-27 07:57 - 2014-11-30 14:39 - 00000000 ____D () C:\FRST
2014-11-27 07:56 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-27 07:56 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-27 07:55 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-27 07:55 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-27 07:55 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-27 07:55 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-27 07:55 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-27 07:54 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-27 07:54 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-27 07:53 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-27 07:49 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-27 07:49 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-27 07:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-27 07:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-27 07:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-27 07:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-27 07:47 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-27 07:47 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-27 07:47 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-27 07:47 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-27 07:47 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-27 07:47 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-25 11:22 - 2014-11-25 11:22 - 00000000 _____ () C:\Users\goldilocks\AppData\Local\{2E0F71C1-6AE2-48E0-8246-EBB673B0ED1A}
2014-11-23 15:39 - 2014-11-23 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 15:19 - 2014-11-23 15:19 - 00000000 __SHD () C:\Users\goldilocks\AppData\Local\EmieBrowserModeList
2014-11-23 15:14 - 2014-11-23 15:20 - 00002360 _____ () C:\Users\goldilocks\Desktop\Rkill.txt
2014-11-22 15:16 - 2014-11-22 15:16 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (2).m4v
2014-11-22 15:15 - 2014-11-22 15:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p) (1).m4v
2014-11-22 15:14 - 2014-11-22 15:15 - 12652676 _____ () C:\Users\goldilocks\Downloads\Vietnam Memorial Path 2-SD (480p).m4v
2014-11-11 01:20 - 2014-11-11 01:20 - 00000000 ____D () C:\Users\goldilocks\AppData\Roaming\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 12:23 - 2011-12-23 23:04 - 00095896 _____ () C:\Windows\System32\fastboot.set
2014-11-30 12:22 - 2011-12-23 22:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 12:22 - 2011-12-23 22:36 - 11190350 _____ () C:\FaceProv.log
2014-11-30 12:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 12:22 - 2009-07-13 20:51 - 00060688 _____ () C:\Windows\setupact.log
2014-11-29 15:43 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 15:43 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 15:02 - 2009-07-13 21:13 - 00006226 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-29 12:16 - 2011-12-23 21:52 - 01505036 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 10:41 - 2012-02-03 13:14 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA.job
2014-11-29 06:23 - 2012-05-08 10:22 - 420418380 _____ () C:\Windows\MEMORY.DMP
2014-11-29 06:23 - 2012-05-08 10:22 - 00000000 ____D () C:\Windows\Minidump
2014-11-29 06:23 - 2010-11-20 19:47 - 00257262 _____ () C:\Windows\PFRO.log
2014-11-28 23:26 - 2011-12-23 22:36 - 00000000 ____D () C:\ProgramData\VeriFace
2014-11-28 23:25 - 2011-12-23 22:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-11-28 23:25 - 2011-12-23 22:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-28 23:25 - 2011-12-23 22:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-28 23:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-28 22:30 - 2012-05-08 14:21 - 00056832 ___SH () C:\Users\goldilocks\Desktop\Thumbs.db
2014-11-28 16:59 - 2012-02-19 09:04 - 23303893 _____ () C:\Windows\System32\PsBoot.log
2014-11-28 16:59 - 2012-02-19 09:04 - 00000000 _____ () C:\Windows\System32\defragLog.log
2014-11-28 13:11 - 2009-07-13 20:45 - 00263640 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-28 11:47 - 2012-02-03 13:14 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core.job
2014-11-27 07:20 - 2012-02-03 13:14 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001UA
2014-11-27 07:20 - 2012-02-03 13:14 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-514926237-156647970-2710506277-1001Core
2014-11-27 07:20 - 2011-12-23 22:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-27 07:20 - 2011-12-23 22:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-27 07:20 - 2011-12-23 22:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 07:11 - 2012-01-30 13:44 - 00000000 ____D () C:\users\goldilocks
2014-11-27 07:09 - 2012-04-07 14:39 - 00000000 ____D () C:\Users\goldilocks\Desktop\Easter
2014-11-27 07:09 - 2012-03-09 14:27 - 00000000 ____D () C:\Users\goldilocks\Desktop\Power point
2014-11-27 07:09 - 2012-01-30 13:45 - 00000000 ____D () C:\Users\goldilocks\AppData\Local\BioExcess
2014-11-27 07:09 - 2011-12-23 22:36 - 00000000 ____D () C:\ProgramData\Port Locker
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-27 07:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-27 07:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-26 16:37 - 2010-11-20 18:50 - 00000000 ____D () C:\users\Administrator

Some content of TEMP:
====================
C:\Users\goldilocks\AppData\Local\Temp\Quarantine.exe
C:\Users\goldilocks\AppData\Local\Temp\sqlite3.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-27 04:38:30
Restore point made on: 2014-11-03 00:16:50
Restore point made on: 2014-11-10 01:59:07
Restore point made on: 2014-11-12 04:13:08
Restore point made on: 2014-11-17 02:11:56
Restore point made on: 2014-11-19 03:00:58
Restore point made on: 2014-11-27 07:26:19
Restore point made on: 2014-11-28 11:49:26

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3686.11 MB
Available physical RAM: 3085.3 MB
Total Pagefile: 3684.31 MB
Available Pagefile: 3077.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:207.23 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.01 GB) NTFS
Drive g: (TRAVELDRIVE) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 18491682)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: D7BB2F09)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

LastRegBack: 2014-11-06 10:01

==================== End Of Log ============================



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:18 PM

Posted 01 December 2014 - 01:22 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

RestoreQuarantine:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

See if it will work now


Edited by fireman4it, 01 December 2014 - 01:27 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users