Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware, note sure what it is..computer barely running


  • This topic is locked This topic is locked
10 replies to this topic

#1 baggio10

baggio10

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 29 November 2014 - 10:16 PM

Any help would be greatly appreciated.   Downloaded a file and now computer barely works (very slow, pop ups occuring constantly, browser hijacked.  Took me over an hour to just work through the steps needed for this post as computer is running incredibly slowly.  I believe my McAfee securty program may have been comprimised as well.  DDS results located below.

 

 

Thanks in advance for your help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Owner at 21:57:33 on 2014-11-29
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3063.1843 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe
C:\WINDOWS\system32\lxebcoms.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\mbot_ca_165\mbot_ca_165.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\ConvertAd\ConvertAd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k ORBTR
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mStart Page = about:blank
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} -
BHO: ClickCaption: {A18EA34C-6D33-4298-8A54-7F16499904C0} - c:\program files\clickcaption_1.10.0.2\ie\ClickCaptionClientIE.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\documents and settings\owner\application data\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [ProPCCleaner] c:\program files\pro pc cleaner\ProPCCleaner.exe true
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ThpSrv] thpsrv /logon
mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [mbot_ca_165] "c:\program files\mbot_ca_165\mbot_ca_165.exe"
mRun: [ConvertAd] c:\documents and settings\owner\local settings\application data\convertad\ConvertAd.exe
mRun: [mbot_ca_163] "c:\program files\mbot_ca_163\mbot_ca_163.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315411040171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{629FB753-1EA6-4422-A102-6B67E976C157} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
AppInit_DLLs= _c:\progra~1\search~1\search~1\bin\vc32lo~1.dll c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\0p6aini3.default\
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_cmi_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtB0DtDyB0CtD0ByC0E0B0FtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0D0FyBtByBtCzztGtAyDzytCtG0DyE0AyEtGyE0BtA0DtGyDyEtAtB0Dzyzz0EyE0ByDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0A0D0A0FtDyEzytGyD0AtDtBtGyEtD0FyEtG0AyB0AzytGtDyByCzytAyDyC0EyCtCtC0D2Q&cr=345604284&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_cmi_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtB0DtDyB0CtD0ByC0E0B0FtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0D0FyBtByBtCzztGtAyDzytCtG0DyE0AyEtGyE0BtA0DtGyDyEtAtB0Dzyzz0EyE0ByDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0A0D0A0FtDyEzytGyD0AtDtBtGyEtD0FyEtG0AyB0AzytGtDyByCzytAyDyC0EyCtCtC0D2Q&cr=345604284&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_cmi_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtB0DtDyB0CtD0ByC0E0B0FtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0D0FyBtByBtCzztGtAyDzytCtG0DyE0AyEtGyE0BtA0DtGyDyEtAtB0Dzyzz0EyE0ByDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0A0D0A0FtDyEzytGyD0AtDtBtGyEtD0FyEtG0AyB0AzytGtDyByCzytAyDyC0EyCtCtC0D2Q&cr=345604284&ir=&q=
FF - user.js: extensions.srchvstrn.id - 001302D07C0B6EBF
FF - user.js: extensions.srchvstrn.instlDay - 16396
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 19:13:45
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_cmi_14_47_ff
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 345604284
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCtAtDtB0DtDyB0CtD0ByC0E0B0FtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0D0FyBtByBtCzztGtAyDzytCtG0DyE0AyEtGyE0BtA0DtGyDyEtAtB0Dzyzz0EyE0ByDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0A0D0A0FtDyEzytGyD0AtDtBtGyEtD0FyEtG0AyB0AzytGtDyByCzytAyDyC0EyCtCtC0D2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 576048]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2011-9-7 6144]
R1 {b082a895-f2bc-40a0-9735-d7592e9e422c}Gt;{b082a895-f2bc-40a0-9735-d7592e9e422c}Gt;c:\windows\system32\drivers\{b082a895-f2bc-40a0-9735-d7592e9e422c}Gt.sys [2014-11-22 55824]
R1 ccnfd_1_10_0_2;ccnfd_1_10_0_2;c:\windows\system32\drivers\ccnfd_1_10_0_2.sys [2014-10-30 52728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-12-26 93624]
R2 ccsvc_1.10.0.2;Click Caption 1.10.0.2 Client Service;c:\program files\clickcaption_1.10.0.2\service\ccsvc.exe [2014-10-30 277584]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-9-8 54760]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-5-19 133696]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-5-19 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-5-19 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-5-19 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-5-19 179600]
R2 Orbiter;Orbiter;c:\windows\system32\svchost.exe -k ORBTR [2008-4-14 14336]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 62832]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-26 238176]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 350240]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-9-23 91216]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2011-9-8 193192]
S2 Update Techgile;Update Techgile;"c:\program files\techgile\updatetechgile.exe" --> c:\program files\techgile\updateTechgile.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-5-19 147912]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-26 67816]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81296]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
S4 CltMngSvc;Search Protect Service;c:\program files\searchprotect\main\bin\CltMngSvc.exe [2014-11-10 3056960]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-11-23 16:35:46    --------    d-----w-    c:\program files\mbot_ca_163
2014-11-23 14:18:44    --------    d-----w-    c:\windows\system32\GroupPolicy
2014-11-23 00:27:21    55824    ----a-w-    c:\windows\system32\drivers\{b082a895-f2bc-40a0-9735-d7592e9e422c}Gt.sys
2014-11-23 00:20:09    --------    d-----w-    c:\program files\Techgile
2014-11-23 00:17:28    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Vosteran
2014-11-23 00:16:40    --------    d-----w-    c:\documents and settings\owner\local settings\application data\ConvertAd
2014-11-23 00:15:42    --------    d-----w-    c:\program files\ver2BlockAndSurf
2014-11-23 00:15:18    --------    d-----w-    c:\documents and settings\owner\local settings\application data\mbot_ca_165
2014-11-23 00:15:16    --------    d-----w-    c:\program files\mbot_ca_165
2014-11-23 00:13:58    --------    d-----w-    c:\documents and settings\owner\application data\WSE_Vosteran
2014-11-23 00:13:10    --------    d-----w-    c:\program files\ClickCaption_1.10.0.2
2014-11-22 23:47:21    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Pro_PC_Cleaner
2014-11-22 23:42:19    --------    d-----w-    c:\program files\ORBTR
2014-11-16 15:34:59    764    ----a-w-    c:\windows\system32\ff.bin
2014-11-16 15:27:43    546    ----a-w-    c:\windows\system32\schtasks.bin
2014-11-16 01:21:51    --------    d-----w-    c:\documents and settings\all users\application data\4001812108
2014-11-16 00:50:34    --------    d-----w-    c:\documents and settings\owner\ll
.
==================== Find3M  ====================
.
2014-11-11 22:06:32    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 22:06:32    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-30 21:39:26    52728    ----a-w-    c:\windows\system32\drivers\ccnfd_1_10_0_2.sys
.
============= FINISH: 21:59:13.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 04 December 2014 - 11:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 09 December 2014 - 09:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 09 December 2014 - 10:13 AM

This topic has been re-opened at the request of the person who originally posted.

#5 baggio10

baggio10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 09 December 2014 - 09:46 PM

Thanks for all your help thus far.  Was able to run Malwarebytes and after quarantining the suspect files, my computer runs much better (I have attached the log).

 

I was unsuccessful though in running the AdwCleaner program - it would get stuck on pending scan for over an hour (tried running it twice) with no results.

 

Farbar (FRST.text) is copy and pasted below as requested.  The Addition.txt file is attached as requested for your review.

 

Thanks again for all, I really appreciate it.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by Owner (administrator) on OWNER-906BBD5F2 on 09-12-2014 21:36:52
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\system32\lxebcoms.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
() C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_4.105(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-15] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-05-05] (UPEK Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-14] (Agere Systems)
HKLM\...\Run: [ThpSrv] => thpsrv /logon
HKLM\...\Run: [lxebmon.exe] => C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe [1382480 2014-12-06] (BitTorrent Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [ProPCCleaner] => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\datamngr.dll => c:\progra~1\wi371a~1\datamngr\datamngr.dll File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\iebho.dll => c:\progra~1\wi371a~1\datamngr\iebho.dll File Not Found
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> DefaultScope {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315411040171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US1056D20140723&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(2) [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-05-19]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-19]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-06-07] (Oracle Corporation)
S2 lxebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [176128 2005-12-20] (TOSHIBA Corporation) [File not signed]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.) [File not signed]
R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-09] (Malwarebytes Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-14] (Intel Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-12-25] () [File not signed]
S3 TBiosDrv; C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] () [File not signed]
R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-27] (TOSHIBA Corporation) [File not signed]
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91216 2011-07-08] (High Criteria inc.)
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:36 - 2014-12-09 21:37 - 00000000 ____D () C:\FRST
2014-12-09 15:19 - 2014-12-09 15:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-12-09 15:14 - 2014-12-09 15:14 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\My Safe
2014-12-02 18:22 - 2014-12-02 18:21 - 00106496 _____ () C:\WINDOWS\Minidump\Mini120214-01.dmp
2014-11-29 23:00 - 2014-11-29 23:01 - 00000000 ____D () C:\Avenger
2014-11-29 22:26 - 2014-12-09 20:46 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 22:25 - 2014-12-09 17:23 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 22:25 - 2014-12-09 17:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 22:25 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 22:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-29 21:59 - 2014-11-29 22:01 - 00021179 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-11-29 21:59 - 2014-11-29 22:01 - 00019711 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-11-23 09:18 - 2014-11-23 09:18 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-22 19:23 - 2014-11-22 19:24 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Stevie Brazil
2014-11-22 18:52 - 2014-11-22 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\AVS4YOU
2014-11-22 18:51 - 2014-11-22 18:51 - 00000890 _____ () C:\Documents and Settings\Owner\Desktop\AVS Audio Converter.lnk
2014-11-22 18:47 - 2014-12-09 17:45 - 00000300 _____ () C:\WINDOWS\Tasks\ProPCCleaner_Popup.job
2014-11-22 18:47 - 2014-11-22 18:48 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ProPCCleaner
2014-11-22 18:47 - 2014-11-22 18:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Pro_PC_Cleaner
2014-11-16 10:34 - 2014-11-17 17:17 - 00000764 _____ () C:\WINDOWS\system32\ff.bin
2014-11-16 10:27 - 2014-11-17 17:16 - 00000546 _____ () C:\WINDOWS\system32\schtasks.bin
2014-11-15 20:20 - 2014-11-15 20:20 - 00001732 _____ () C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
2014-11-15 20:20 - 2014-11-15 20:20 - 00001732 _____ () C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
2014-11-15 20:19 - 2014-11-15 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2014-11-15 20:19 - 2014-11-15 20:19 - 00000000 ____D () C:\Program Files\WinZip
2014-11-15 19:57 - 2014-12-09 15:13 - 00000368 _____ () C:\WINDOWS\Tasks\SuperFastPC_AutorunOnStartup.job
2014-11-15 19:50 - 2014-11-15 19:50 - 00000000 ____D () C:\Documents and Settings\Owner\ll
2014-11-11 16:10 - 2014-12-09 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:38 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-09 21:18 - 2014-04-27 08:42 - 00000000 ____D () C:\AdwCleaner
2014-12-09 21:06 - 2012-08-29 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-09 19:06 - 2012-08-29 23:32 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-09 19:06 - 2011-09-08 10:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:39 - 2011-09-28 12:37 - 00681900 _____ () C:\Documents and Settings\All Users\lxeb.log
2014-12-09 17:23 - 2014-04-27 08:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-09 17:11 - 2011-09-08 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
2014-12-09 16:54 - 2014-08-05 12:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2014-12-09 16:45 - 2011-09-06 17:32 - 01613473 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 15:19 - 2014-04-27 10:20 - 00001611 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
2014-12-09 15:17 - 2012-06-30 10:53 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2014-12-09 15:17 - 2012-06-30 10:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2014-12-09 15:14 - 2011-09-08 11:02 - 00528636 _____ () C:\Documents and Settings\All Users\lxebscan.log
2014-12-09 15:14 - 2011-09-06 13:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-09 15:13 - 2014-03-19 15:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-09 15:13 - 2013-05-19 19:14 - 00000000 ____D () C:\Program Files\McAfee
2014-12-09 15:13 - 2011-09-06 17:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-09 15:13 - 2011-09-06 13:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-08 21:55 - 2011-09-06 17:46 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-08 21:55 - 2011-09-06 17:46 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-08 21:43 - 2014-07-18 12:54 - 00138514 _____ () C:\WINDOWS\setupapi.log
2014-12-08 17:50 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-02 18:22 - 2012-01-14 08:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-01 17:39 - 2011-09-08 10:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-11-30 17:54 - 2014-08-28 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\De La Salle
2014-11-29 22:59 - 2011-09-06 13:09 - 00000000 ___RD () C:\WINDOWS\Web
2014-11-29 21:53 - 2011-11-02 16:47 - 00002187 _____ () C:\Documents and Settings\All Users\Desktop\Safari.lnk
2014-11-23 11:30 - 2008-04-14 07:00 - 00000705 _____ () C:\WINDOWS\win.ini
2014-11-22 19:36 - 2011-12-24 23:23 - 00327680 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-11-22 19:36 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner
2014-11-22 19:24 - 2014-10-11 21:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Faasoft Audio Converter
2014-11-22 18:52 - 2011-12-25 00:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
2014-11-22 18:52 - 2011-12-03 19:55 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVS4YOU
2014-11-22 18:52 - 2011-12-03 19:51 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-22 18:52 - 2011-12-03 19:51 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-22 18:35 - 2014-10-19 07:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Doc Film Proposals
2014-11-22 18:12 - 2011-07-31 19:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\LPS
2014-11-20 20:56 - 2014-07-01 09:58 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-20 15:34 - 2014-07-01 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-19 20:14 - 2011-09-10 09:16 - 00063488 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-15 07:51 - 2012-06-30 10:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2014-11-11 18:34 - 2013-08-14 22:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-11 18:27 - 2011-09-07 14:37 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 17:00 - 2014-04-27 09:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\98304582-3706-C604-788F-767F5DC7E18D.dll
C:\Documents and Settings\Owner\Local Settings\Temp\BSI.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo2fszw.dll
C:\Documents and Settings\Owner\Local Settings\Temp\flacdec2.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\vmw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VSTStubSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WMD.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 10 December 2014 - 08:16 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

() C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_4.105(2).exe
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [ProPCCleaner] => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\datamngr.dll => c:\progra~1\wi371a~1\datamngr\datamngr.dll File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\iebho.dll => c:\progra~1\wi371a~1\datamngr\iebho.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\user.js
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(2) [2014-04-27]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL; No ImagePath
Task: C:\WINDOWS\Tasks\SuperFastPC_AutorunOnStartup.job => C:\Program Files\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
C:\Documents and Settings\Owner\Local Settings\Temp\98304582-3706-C604-788F-767F5DC7E18D.dll
C:\Documents and Settings\Owner\Local Settings\Temp\BSI.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo2fszw.dll
C:\Documents and Settings\Owner\Local Settings\Temp\flacdec2.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\vmw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VSTStubSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WMD.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

After the Restart of the computer try to run the AdwCleaner tool.
Clean everything that has been identified.

===

p.s.
Remember that the Farbar tool is running from your Downlaods folder.
C:\Documents and Settings\Owner\My Documents\Downloads

How is the computer running now?

#7 baggio10

baggio10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 13 December 2014 - 09:46 PM

Thank-you for your help. Computer is running a bit better!

I can actually start up programs although still running a bit slow.

 

FRST log posted below as you have requested.

Thanks again!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Owner (administrator) on OWNER-906BBD5F2 on 13-12-2014 21:33:49
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\system32\lxebcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
() C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-15] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-05-05] (UPEK Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-14] (Agere Systems)
HKLM\...\Run: [ThpSrv] => thpsrv /logon
HKLM\...\Run: [lxebmon.exe] => C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe [1385040 2014-12-13] (BitTorrent Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [ProPCCleaner] => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\RunOnce: [Adobe Speed Launcher] => 1418515923
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\datamngr.dll => c:\progra~1\wi371a~1\datamngr\datamngr.dll File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\iebho.dll => c:\progra~1\wi371a~1\datamngr\iebho.dll File Not Found
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> DefaultScope {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315411040171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US1056D20140723&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(2) [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-05-19]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-19]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-06-07] (Oracle Corporation)
S2 lxebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [176128 2005-12-20] (TOSHIBA Corporation) [File not signed]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.) [File not signed]
R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-13] (Malwarebytes Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-14] (Intel Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-12-25] () [File not signed]
S3 TBiosDrv; C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] () [File not signed]
R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-27] (TOSHIBA Corporation) [File not signed]
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91216 2011-07-08] (High Criteria inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 19:32 - 2014-12-13 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-12-13 19:12 - 2014-12-13 19:12 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\My Safe
2014-12-10 17:58 - 2014-12-10 17:58 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-12-10 17:58 - 2014-12-10 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-12-10 17:57 - 2014-12-10 17:59 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-10 17:49 - 2014-12-10 17:49 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-12-10 17:49 - 2014-12-10 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-12-10 17:46 - 2014-12-10 17:49 - 00000000 ____D () C:\Program Files\iTunes
2014-12-10 17:46 - 2014-12-10 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-10 17:46 - 2014-12-10 17:46 - 00000000 ____D () C:\Program Files\iPod
2014-12-09 21:46 - 2014-12-09 21:46 - 00029980 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-12-09 21:36 - 2014-12-13 21:34 - 00000000 ____D () C:\FRST
2014-12-09 18:16 - 2014-12-09 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-02 18:22 - 2014-12-02 18:21 - 00106496 _____ () C:\WINDOWS\Minidump\Mini120214-01.dmp
2014-11-29 23:00 - 2014-11-29 23:01 - 00000000 ____D () C:\Avenger
2014-11-29 22:26 - 2014-12-13 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 22:25 - 2014-12-09 17:23 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 22:25 - 2014-12-09 17:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 22:25 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 22:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-29 21:59 - 2014-11-29 22:01 - 00021179 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-11-29 21:59 - 2014-11-29 22:01 - 00019711 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-11-23 09:18 - 2014-11-23 09:18 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-22 19:23 - 2014-11-22 19:24 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Stevie Brazil
2014-11-22 18:52 - 2014-11-22 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\AVS4YOU
2014-11-22 18:51 - 2014-11-22 18:51 - 00000890 _____ () C:\Documents and Settings\Owner\Desktop\AVS Audio Converter.lnk
2014-11-22 18:47 - 2014-12-12 17:45 - 00000300 _____ () C:\WINDOWS\Tasks\ProPCCleaner_Popup.job
2014-11-22 18:47 - 2014-11-22 18:48 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ProPCCleaner
2014-11-22 18:47 - 2014-11-22 18:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Pro_PC_Cleaner
2014-11-16 10:34 - 2014-11-17 17:17 - 00000764 _____ () C:\WINDOWS\system32\ff.bin
2014-11-16 10:27 - 2014-11-17 17:16 - 00000546 _____ () C:\WINDOWS\system32\schtasks.bin
2014-11-15 20:20 - 2014-11-15 20:20 - 00001732 _____ () C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
2014-11-15 20:20 - 2014-11-15 20:20 - 00001732 _____ () C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
2014-11-15 20:19 - 2014-11-15 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2014-11-15 20:19 - 2014-11-15 20:19 - 00000000 ____D () C:\Program Files\WinZip
2014-11-15 19:57 - 2014-12-13 19:11 - 00000368 _____ () C:\WINDOWS\Tasks\SuperFastPC_AutorunOnStartup.job
2014-11-15 19:50 - 2014-11-15 19:50 - 00000000 ____D () C:\Documents and Settings\Owner\ll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 21:35 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-13 21:18 - 2014-08-05 12:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2014-12-13 21:06 - 2012-08-29 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-13 19:32 - 2014-04-27 10:20 - 00001611 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
2014-12-13 19:21 - 2011-09-06 17:32 - 01693541 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-13 19:16 - 2012-06-30 10:53 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2014-12-13 19:14 - 2012-06-30 10:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2014-12-13 19:12 - 2011-09-08 11:02 - 00529186 _____ () C:\Documents and Settings\All Users\lxebscan.log
2014-12-13 19:11 - 2014-03-19 15:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-13 19:11 - 2011-09-06 17:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-13 19:11 - 2011-09-06 13:22 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-13 19:11 - 2011-09-06 13:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-13 08:17 - 2011-09-06 17:46 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-13 08:17 - 2011-09-06 17:46 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-12 17:15 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-11 17:08 - 2014-04-27 09:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-10 17:46 - 2011-09-08 10:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-10 17:45 - 2014-06-04 16:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-10 17:26 - 2011-09-08 10:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-09 21:59 - 2014-07-01 09:58 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-12-09 21:58 - 2014-07-01 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-09 21:57 - 2013-08-14 22:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 21:50 - 2011-09-07 14:37 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 21:18 - 2014-04-27 08:42 - 00000000 ____D () C:\AdwCleaner
2014-12-09 19:06 - 2012-08-29 23:32 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-09 19:06 - 2011-09-08 10:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:39 - 2011-09-28 12:37 - 00681900 _____ () C:\Documents and Settings\All Users\lxeb.log
2014-12-09 17:23 - 2014-04-27 08:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-09 17:11 - 2011-09-08 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
2014-12-09 15:13 - 2013-05-19 19:14 - 00000000 ____D () C:\Program Files\McAfee
2014-12-08 21:43 - 2014-07-18 12:54 - 00138514 _____ () C:\WINDOWS\setupapi.log
2014-12-02 18:22 - 2012-01-14 08:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-01 17:39 - 2011-09-08 10:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-11-30 17:54 - 2014-08-28 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\De La Salle
2014-11-29 22:59 - 2011-09-06 13:09 - 00000000 ___RD () C:\WINDOWS\Web
2014-11-29 21:53 - 2011-11-02 16:47 - 00002187 _____ () C:\Documents and Settings\All Users\Desktop\Safari.lnk
2014-11-23 11:30 - 2008-04-14 07:00 - 00000705 _____ () C:\WINDOWS\win.ini
2014-11-22 19:36 - 2011-12-24 23:23 - 00327680 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-11-22 19:36 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner
2014-11-22 19:24 - 2014-10-11 21:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Faasoft Audio Converter
2014-11-22 18:52 - 2011-12-25 00:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
2014-11-22 18:52 - 2011-12-03 19:55 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVS4YOU
2014-11-22 18:52 - 2011-12-03 19:51 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-22 18:52 - 2011-12-03 19:51 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-22 18:35 - 2014-10-19 07:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Doc Film Proposals
2014-11-22 18:12 - 2011-07-31 19:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\LPS
2014-11-19 20:14 - 2011-09-10 09:16 - 00063488 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-15 07:51 - 2012-06-30 10:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\98304582-3706-C604-788F-767F5DC7E18D.dll
C:\Documents and Settings\Owner\Local Settings\Temp\BSI.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0drlf.dll
C:\Documents and Settings\Owner\Local Settings\Temp\flacdec2.exe
C:\Documents and Settings\Owner\Local Settings\Temp\vmw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VSTStubSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WMD.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 14 December 2014 - 09:37 AM

Well this did not go as planned.

I suggest you create a new folder on your Desktop.

Name it My_fix

Copy the Farbar tool from you Dowload folder to that newly created folder.

Save the following FixList.txt file in that folder also.

Run the tool and select the fix button.



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\datamngr.dll => c:\progra~1\wi371a~1\datamngr\datamngr.dll File Not Found
AppInit_DLLs:  c:\progra~1\wi371a~1\datamngr\iebho.dll => c:\progra~1\wi371a~1\datamngr\iebho.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\user.js
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(2) [2014-04-27]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\Owner\Local Settings\Temp\98304582-3706-C604-788F-767F5DC7E18D.dll
C:\Documents and Settings\Owner\Local Settings\Temp\BSI.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0drlf.dll
C:\Documents and Settings\Owner\Local Settings\Temp\flacdec2.exe
C:\Documents and Settings\Owner\Local Settings\Temp\vmw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VSTStubSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WMD.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======




..

#9 baggio10

baggio10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 14 December 2014 - 08:18 PM

Hi there,

 

Hopefully this works this time around!

Computer is running better.  Here are the results from the last security check scan.

 

 

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 McAfee Internet Security    
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 CCleaner     
 Java™ 6 Update 29  
 Java 7 Update 17  
 Java™ SE Runtime Environment 6
 Java version 32-bit out of Date!
  Adobe Flash Player     15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 15 December 2014 - 09:13 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 29
Java 7 Update 17
Java™ SE Runtime Environment 6


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 21 December 2014 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users