Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Behavior hints at Infection, but scans don't find anything


  • Please log in to reply
37 replies to this topic

#1 Shadowchaser1138

Shadowchaser1138

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 24 January 2015 - 05:14 PM

Hello.  I've been seeing odd behavior out of my computer for a couple of weeks now, which makes me suspect that it is infected with something.  However, scans I have run so far (McAfee antivirus, Malwarebytes, Spybot) have either turned up nothing, or only found minor issues like tracking cookies.

 

Issues I am seeing include the following:

  • System slowdowns
  • Occasional unfamiliar processes seen in Task Manager
  • Internet Explorer "New Tab" - the Frequent Sites randomly clear out and are either blank, or replaced with websites I don't use.
  • Internet Explorer - frequent freezing up
  • Internet Explorer - when trying to download any file (including FRST), I get the message "Your current security settings do not allow this file to be downloaded."  I never changed any such settings.  To get around this and download files, I have to use another browser (Chrome).

Please give me some guidance as to what I should do to clear this up.  FRST log is below.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by John (administrator) on OPTIMUS on 24-01-2015 15:44:19
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Akamai Technologies, Inc.) C:\Users\John\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\John\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Autodesk Inc.) C:\Program Files\Autodesk\Mechanical Simulation Job Manager\SimJobManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(Autodesk Inc.) C:\Users\John\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Autodesk Inc.) C:\Program Files\Autodesk\Mechanical Simulation Job Manager\dssp_jobserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [1990016 2014-11-13] (3Dconnexion, INC)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-03] (Autodesk Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-03-09] (TomTom)
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Policies\Explorer: [NoDrives] 8388608
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk
ShortcutTarget: AtHomeConnect.lnk -> C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block                            )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mechanical Simulation Job Manager.lnk
ShortcutTarget: Mechanical Simulation Job Manager.lnk -> C:\Program Files\Autodesk\Mechanical Simulation Job Manager\SimJobManager.exe (Autodesk Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1406567025-3271937370-2143371598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {36A0806C-A27F-4529-8072-F97B313A4C76} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {36A0806C-A27F-4529-8072-F97B313A4C76} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {75CDB7CC-9A79-4A1C-90EC-384BCB114410} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1406567025-3271937370-2143371598-1000 -> {75CDB7CC-9A79-4A1C-90EC-384BCB114410} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1406567025-3271937370-2143371598-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP8EP5-10049/training/ieatgpc1.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1406567025-3271937370-2143371598-1000: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1406567025-3271937370-2143371598-1000: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-18]

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-06]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-06]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2015-01-22]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-27]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-03] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Mechanical Job Server; C:\Program Files\Autodesk\Mechanical Simulation Job Manager\dssp_jobServer.exe [404992 2014-07-02] (Autodesk Inc.) [File not signed]
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2014-11-13] (3Dconnexion) [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-05-30] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-05-30] (3Dconnextion Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 15:44 - 2015-01-24 15:46 - 00030368 _____ () C:\Users\John\Desktop\FRST.txt
2015-01-24 15:40 - 2015-01-24 15:40 - 02129920 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-24 12:05 - 2015-01-24 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-23 19:07 - 2015-01-23 19:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-22 22:31 - 2015-01-22 22:31 - 00001141 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-01-22 22:31 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-01-22 22:28 - 2015-01-22 22:28 - 00691576 _____ (Yahoo! Inc.) C:\Users\John\Downloads\msgr11us.exe
2015-01-13 19:00 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:00 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:00 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:00 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:00 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:00 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:59 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 18:59 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 18:59 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 18:59 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 18:59 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:59 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:59 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-02 18:54 - 2015-01-02 21:23 - 00003116 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2015-01-01 10:04 - 2015-01-04 18:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-01 10:04 - 2015-01-01 10:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-30 09:21 - 2014-12-30 09:26 - 00000000 ____D () C:\Users\John\Downloads\DAMANPRODUCTS_DD03P022S
2014-12-30 09:19 - 2014-12-30 09:19 - 00651409 _____ () C:\Users\John\Downloads\DAMANPRODUCTS_DD03P022S.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 15:44 - 2012-05-20 18:42 - 00000000 ____D () C:\FRST
2015-01-24 15:41 - 2012-04-05 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 15:39 - 2014-02-12 23:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf287ac17456a9.job
2015-01-24 15:17 - 2009-07-13 23:10 - 01494043 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 15:02 - 2012-09-05 02:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2015-01-24 14:35 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 14:35 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 14:11 - 2010-08-08 20:07 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-24 13:00 - 2014-04-14 20:53 - 00042927 _____ () C:\Users\John\Documents\Stock Research.xlsx
2015-01-24 12:01 - 2013-10-18 07:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-24 12:00 - 2012-08-31 18:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 12:00 - 2010-08-11 21:20 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2015-01-24 12:00 - 2010-08-11 21:20 - 00000000 ____D () C:\Windows\system32\logishrd
2015-01-24 12:00 - 2010-08-02 17:39 - 00000000 ____D () C:\Users\John\AppData\Local\SoftThinks
2015-01-24 11:59 - 2010-07-27 18:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 11:59 - 2010-07-27 17:59 - 00442222 _____ () C:\Windows\PFRO.log
2015-01-24 11:59 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 11:59 - 2009-07-13 22:51 - 00091552 _____ () C:\Windows\setupact.log
2015-01-23 23:00 - 2014-09-17 22:48 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 23:00 - 2013-12-03 23:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 23:00 - 2010-07-27 16:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 20:16 - 2013-05-22 12:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-23 20:16 - 2010-08-08 20:07 - 00068665 _____ () C:\Windows\system32\lvcoinst.log
2015-01-22 22:31 - 2010-08-02 18:57 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-22 19:41 - 2012-04-05 19:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 19:41 - 2012-04-05 19:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 19:41 - 2011-06-09 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 00:49 - 2014-12-04 23:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 19:54 - 2010-07-27 16:20 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-14 03:06 - 2013-07-17 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2010-08-02 18:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 23:47 - 2011-03-26 20:33 - 00000000 ____D () C:\Users\John\AppData\Local\CrashRpt
2015-01-06 22:59 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Aquarium
2015-01-04 09:15 - 2009-07-13 23:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 22:34 - 2010-07-27 16:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-02 22:34 - 2010-07-27 16:25 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 10:04 - 2012-05-21 20:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 10:04 - 2010-07-27 16:17 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 00:00 - 2010-08-03 20:28 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2014-12-29 23:02 - 2012-05-12 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-29 23:02 - 2010-07-27 16:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2011-10-01 16:47 - 2011-10-01 16:47 - 0037843 _____ () C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-08 23:00 - 2014-01-08 23:06 - 0007758 _____ () C:\Users\John\AppData\Roaming\Microsoft Excel 97-2003.TSK
2010-08-16 22:35 - 2010-08-16 22:35 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-09 17:27 - 2011-12-09 18:55 - 0010110 ___SH () C:\Users\John\AppData\Local\t6le76k8mp5pca
2013-10-10 17:38 - 2013-10-10 17:38 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-12-09 17:27 - 2011-12-09 18:55 - 0010110 ___SH () C:\ProgramData\t6le76k8mp5pca

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\jre-8u31-windows-au.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 03:52

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 24 January 2015 - 07:24 PM

Hi. I'm checking your log now and will reply with instructions soon.

#3 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 24 January 2015 - 11:13 PM

Have a bigger problem now. Computer was being sluggish while I was streaming a TV show off Amazon, so I restarted it.

Now I can't even get it to boot up properly. I get to the Windows 7 login screen, put in my password, but Windows doesn't really start. Sometimes I get my desktop background, sometimes a plain black screen.

Occasionally I see the Windows start bar, then get a message about explorer restarting. Then it just becomes the black screen. I can control-alt-delete to get to Task Manager or restart/logout options, but that's about it.

Any suggestions? I don't know if this new boot up issue is malware related or not, but either way I need some help with it.

#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 25 January 2015 - 02:17 PM

Boot into Safe Mode with Networking and see if you can get to your desktop. Also, do you have a USB flash drive and access to another computer that has internet?



#5 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 25 January 2015 - 02:53 PM

Tried that last night. While I am able to reach the desktop in Safe Mode (with or without networking), I'm not able to do much once I get there. It is as though it keeps partially restarting - items in the system tray flash on and off, the Help window explaining Safe Mode keeps popping back up if it has been closed.

Attempts to open Explorer or Control Panel in Safe Mode result in an "insufficient memory" message.

I was able to get into Safe Mode with Command Prompt last night, and used it to rescue most of my files.

I do have at least one 2 GB flash drive, as well as the external hard drive I backed up the files to. If we need a larger flash drive I have no problem with picking one up.

However, I do not have immediate access to another computer. Depending on what it is needed for, I may be able to use my work computer when I am back in the office tomorrow. Here at home, I only have access to one desktop computer and the iPhone I'm using to post replies to you.

FYI, this is a Dell computer. Now that I have rescued the bulk of my files, I don't really have any objections to using the Dell Datasafe restore functions if necessary to get back up and running.

#6 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 25 January 2015 - 03:49 PM

Meant to mention this in the previous post. I already looked at a couple of other methods for trying to fix this:

Startup Repair - this gets me nowhere. Every time it is run, it gives the following message:
"If you have recently attached a device to the computer, such as a camera or portable music player, remove it and restart your computer. If you continue to see this message, contact your system administrator or computer manufacturer for assistance."

There are no such devices plugged in to the computer. Even after unplugging everything but the mouse and keyboard, I still get the same message.

I also looked at doing a System Restore. There are no restore points available. They all seem to have been wiped out.

#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 25 January 2015 - 08:07 PM

If you have access to a clean computer and a have a USB stick, then do then following:

On the clean computer, download Avira Rescue System and follow the instructions in that page to make it booteable from the USB stick. Once that is done, go to your computer, get into the BIOS and set it to boot from the USB drive. Then, stick the USB device with the Avira Rescue System into the drive and follow the instructions in this site to run a scan and get a report: http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/267.

Post back the results.


Edited by Rootk, 25 January 2015 - 08:09 PM.


#8 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 26 January 2015 - 07:54 PM

Ran into a little issue. Access policies at work kept me from running the exe to set up the flash drive.

Since it's an ISO, and my work computer can burn CDs, is there any problem with just burning the CD and running it that way?

#9 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 27 January 2015 - 08:39 AM

No problems at all. You can burn the CD and boot from it.

#10 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 28 January 2015 - 12:19 PM

Okay, I booted from the cd (after changing the boot order) and ran the scan last night. It took about 7 hours to complete, and found 9 issues (some Trojans, some viruses). I saved the report to the "Desktop" in Avira, but I'm not sure where that actually puts the report file. If you want to see the report, how do I get it to you?

After running Avira, there is no change in my Windows boot issue. I still get the black screen as previously described.

#11 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 29 January 2015 - 10:51 AM

Do you remember the name of any of the infections?

#12 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 29 January 2015 - 08:44 PM

No, unfortunately I looked at it very briefly before leaving for work, assuming I would be able to get back to the report later.

I booted up from the cd again to see if I could find te report somewhere, but it looks like it isn't actually kept. Looks like I missed my chance for that.

#13 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 30 January 2015 - 08:06 AM

Please do the following:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc.
    If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#14 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 31 January 2015 - 07:52 PM

Log is below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by SYSTEM on MININT-KDP98GP on 30-01-2015 11:44:27
Running from J:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [1990016 2014-11-13] (3Dconnexion, INC)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-03] (Autodesk Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\John\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\John\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-03-09] (TomTom)
HKU\John\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\John\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\John\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\John\...\Run: [GoogleUpdate] => C:\Users\John\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [96256 2015-01-24] ()
HKU\John\...\Policies\Explorer: [NoDrives] 8388608
HKU\John\...\Policies\Explorer: []  
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-03] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 Mechanical Job Server; C:\Program Files\Autodesk\Mechanical Simulation Job Manager\dssp_jobServer.exe [404992 2014-07-02] (Autodesk Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2014-11-13] (3Dconnexion)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] ()
S2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
S2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-05-30] (3Dconnextion Inc.)
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-05-30] (3Dconnextion Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 19:59 - 2015-01-24 19:59 - 00000272 _____ () C:\Users\John\AppData\Roaming\HELP_DECRYPT.URL
2015-01-24 19:59 - 2015-01-24 19:59 - 00000272 _____ () C:\Users\John\AppData\HELP_DECRYPT.URL
2015-01-24 19:57 - 2015-01-24 19:57 - 00000272 _____ () C:\Users\John\AppData\Local\HELP_DECRYPT.URL
2015-01-24 19:50 - 2015-01-24 19:50 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-24 18:42 - 2015-01-24 18:43 - 00000416 ____H () C:\ProgramData\@system3.att
2015-01-24 18:42 - 2015-01-24 18:42 - 00000680 _____ () C:\ProgramData\@system.temp
2015-01-24 18:42 - 2015-01-24 18:42 - 00000480 ____H () C:\Users\John\AppData\Roaming\麽鎒駓覜
2015-01-24 18:42 - 2015-01-24 18:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\FrameworkUpdate
2015-01-24 18:41 - 2015-01-29 13:14 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-24 18:41 - 2015-01-24 18:41 - 00000000 ___HD () C:\62a8495d
2015-01-24 15:46 - 2015-01-24 15:47 - 00082960 _____ () C:\Users\John\Desktop\Addition.txt
2015-01-24 15:44 - 2015-01-24 15:48 - 00039888 _____ () C:\Users\John\Desktop\FRST.txt
2015-01-24 15:40 - 2015-01-24 15:40 - 02129920 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-23 19:07 - 2015-01-24 18:41 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-22 22:31 - 2015-01-22 22:31 - 00001141 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-01-22 22:31 - 2015-01-22 22:31 - 00001141 _____ () C:\ProgramData\Desktop\Yahoo! Messenger.lnk
2015-01-22 22:28 - 2015-01-22 22:28 - 00691576 _____ (Yahoo! Inc.) C:\Users\John\Downloads\msgr11us.exe
2015-01-13 19:00 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-13 19:00 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-13 19:00 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-13 19:00 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-13 19:00 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:00 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:59 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-13 18:59 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-13 18:59 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-13 18:59 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-13 18:59 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:59 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:59 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-02 18:54 - 2015-01-02 21:23 - 00003116 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2015-01-01 10:04 - 2015-01-01 10:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-01 10:04 - 2015-01-01 10:04 - 00002021 _____ () C:\ProgramData\Desktop\Adobe Reader XI.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 11:44 - 2012-05-20 18:42 - 00000000 ____D () C:\FRST
2015-01-29 13:15 - 2009-07-13 23:10 - 01622060 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 13:15 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 13:15 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 13:14 - 2012-08-31 18:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 13:14 - 2010-08-11 21:20 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2015-01-29 13:14 - 2010-08-11 21:20 - 00000000 ____D () C:\Windows\System32\logishrd
2015-01-29 13:14 - 2010-08-02 17:39 - 00000000 ____D () C:\Users\John\AppData\Local\SoftThinks
2015-01-29 13:13 - 2010-08-08 20:07 - 00000000 _____ () C:\Windows\System32\Drivers\lvuvc.hs
2015-01-29 13:13 - 2010-07-27 18:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 13:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 13:13 - 2009-07-13 22:51 - 00093008 _____ () C:\Windows\setupact.log
2015-01-27 13:41 - 2012-04-05 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 09:06 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-24 21:41 - 2012-04-05 19:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:41 - 2012-04-05 19:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 21:41 - 2011-06-09 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:39 - 2014-02-12 23:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf287ac17456a9.job
2015-01-24 20:08 - 2014-01-01 18:25 - 00000000 ___SD () C:\Users\John\Documents\My Data Sources
2015-01-24 20:08 - 2013-11-04 21:26 - 00000000 ____D () C:\Users\John\Documents\Inventor Beta
2015-01-24 20:08 - 2011-03-26 20:33 - 00000000 ____D () C:\Users\John\Documents\My Drawings
2015-01-24 20:08 - 2010-08-02 19:43 - 00000000 ____D () C:\Users\John\Documents\My Received Files
2015-01-24 20:07 - 2013-05-08 19:07 - 00000000 ____D () C:\Users\John\Documents\Inventor
2015-01-24 20:06 - 2012-03-11 15:19 - 00000000 ____D () C:\Users\John\Documents\HRBlock
2015-01-24 20:06 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Engineering
2015-01-24 20:06 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Discover Money Market Statements
2015-01-24 20:05 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\College
2015-01-24 20:04 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Chronicles of the Armada
2015-01-24 20:04 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Bank Statements
2015-01-24 20:03 - 2014-05-30 22:44 - 00000000 ____D () C:\Users\John\Documents\Acade 2015
2015-01-24 20:03 - 2010-08-02 20:47 - 00000000 ____D () C:\Users\John\Documents\Aquarium
2015-01-24 20:02 - 2012-09-05 02:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2015-01-24 20:01 - 2014-05-30 22:08 - 00000000 ____D () C:\Users\John\Documents\3dsMaxDesign
2015-01-24 20:01 - 2012-12-07 23:53 - 00000000 ____D () C:\Users\John\Documents\Abby's Doll Bed
2015-01-24 20:00 - 2014-08-04 17:20 - 00000000 ____D () C:\Users\John\Desktop\EP355 Simulation Test
2015-01-24 19:59 - 2012-05-29 18:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Autodesk
2015-01-24 19:59 - 2012-03-11 17:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\pdf995
2015-01-24 19:59 - 2012-03-11 15:24 - 00000000 ____D () C:\Users\John\AppData\Roaming\TaxCut
2015-01-24 19:59 - 2011-03-26 20:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\DraftSight
2015-01-24 19:59 - 2010-12-19 20:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\TomTom
2015-01-24 19:59 - 2010-12-06 18:09 - 00000000 ____D () C:\Users\John\AppData\Roaming\PCDr
2015-01-24 19:59 - 2010-08-02 18:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Yahoo!
2015-01-24 19:59 - 2010-08-02 17:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dell
2015-01-24 19:58 - 2010-08-02 19:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\Apple Computer
2015-01-24 19:58 - 2010-08-02 18:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
2015-01-24 19:57 - 2014-03-12 17:35 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2015-01-24 19:57 - 2010-08-02 18:20 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Games
2015-01-24 19:56 - 2012-01-04 20:03 - 00000000 ____D () C:\Users\John\AppData\Local\Google
2015-01-24 19:56 - 2011-03-26 20:33 - 00000000 ____D () C:\Users\John\AppData\Local\CrashRpt
2015-01-24 19:55 - 2014-09-19 12:51 - 00000000 ____D () C:\Users\John\AppData\Local\Blizzard Entertainment
2015-01-24 19:55 - 2014-09-19 12:51 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net
2015-01-24 19:55 - 2012-05-29 18:55 - 00000000 ____D () C:\Users\John\AppData\Local\Autodesk
2015-01-24 19:55 - 2010-08-02 19:00 - 00000000 ____D () C:\Users\John\AppData\Local\Apple Computer
2015-01-24 19:54 - 2013-10-30 23:09 - 00000000 ____D () C:\Users\John\.AdskAppManager
2015-01-24 19:54 - 2012-05-29 21:38 - 00000000 ____D () C:\Users\John\AppData\Local\Akamai
2015-01-24 19:50 - 2013-09-03 22:17 - 00000000 ____D () C:\Qoobox
2015-01-24 19:50 - 2012-05-17 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-24 19:50 - 2012-03-11 15:16 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-24 19:50 - 2010-08-02 19:00 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-01-24 19:50 - 2010-07-27 16:25 - 00000000 ____D () C:\ProgramData\Skype
2015-01-24 19:50 - 2010-07-27 16:20 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-24 19:44 - 2012-07-31 18:33 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-24 19:44 - 2012-05-29 18:44 - 00000000 ____D () C:\ProgramData\Autodesk
2015-01-24 19:44 - 2011-03-26 20:16 - 00000000 ____D () C:\ProgramData\Dassault Systemes
2015-01-24 19:44 - 2010-08-11 21:20 - 00000000 ____D () C:\ProgramData\Logitech
2015-01-24 19:44 - 2010-08-08 20:09 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-24 19:44 - 2010-07-27 16:31 - 00000000 ____D () C:\ProgramData\Dell
2015-01-24 19:23 - 2012-05-29 18:42 - 00000000 ____D () C:\Autodesk
2015-01-24 19:23 - 2012-01-22 19:04 - 00000000 ____D () C:\Netgear
2015-01-24 19:23 - 2010-07-27 18:39 - 00000000 ____D () C:\dell
2015-01-24 18:42 - 2014-05-26 16:50 - 00000000 ____D () C:\Barnhart Test
2015-01-24 18:41 - 2013-09-03 21:46 - 00000000 ____D () C:\AdwCleaner
2015-01-24 17:00 - 2013-05-22 12:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-24 17:00 - 2010-08-08 20:07 - 00069265 _____ () C:\Windows\System32\lvcoinst.log
2015-01-24 13:00 - 2014-04-14 20:53 - 00042927 _____ () C:\Users\John\Documents\Stock Research.xlsx
2015-01-24 12:01 - 2013-10-18 07:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-24 11:59 - 2010-07-27 17:59 - 00442222 _____ () C:\Windows\PFRO.log
2015-01-23 23:00 - 2014-09-17 22:48 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-23 23:00 - 2014-09-17 22:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 23:00 - 2013-12-03 23:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 23:00 - 2010-07-27 16:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-22 22:31 - 2010-08-02 18:57 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-18 00:49 - 2014-12-04 23:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-14 03:06 - 2013-07-17 02:00 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-14 03:00 - 2010-08-02 18:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-04 09:15 - 2009-07-13 23:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 22:34 - 2010-07-27 16:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 10:04 - 2012-05-21 20:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 10:04 - 2010-07-27 16:17 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 00:00 - 2010-08-03 20:28 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
 
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\John\AppData\Local\Temp\update.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info ===========================  
 
Percentage of memory in use: 11%
Total physical RAM: 8151.08 MB
Available physical RAM: 7226.05 MB
Total Pagefile: 8149.23 MB
Available Pagefile: 7221.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.59 GB) (Free:167.72 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (LEXAR) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 48E2F468)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
 
 
LastRegBack: 2015-01-14 03:52
 
==================== End Of Log ============================



#15 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:52 PM

Posted 02 February 2015 - 08:08 AM

Please download the attached file and save it next to FRST.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Enter System Recovery Options as you did before.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now, reboot normally and see if the problem is solved, if not, then do the following:

Enter System Recovery Options.
On the System Recovery Options select Command Prompt
In the command window type in chkdsk /r C: >e:\chkdsk.txt and press Enter. (Replace letter e with the drive letter of your flash drive.)
A log (chkdsk.txt) will be created on the flashdrive, please post it to your reply.

Attached Files


Edited by Rootk, 02 February 2015 - 08:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users