Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I need help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I need help.

Unread postby mkdsk101 » April 23rd, 2015, 10:59 pm

I am getting these pop ups all the time. I am not sure about anything with this computer as as a few other people use to get on it. I just need it cleaned up, please and appreciate any help.

I get pop us with Pcfixing3 on them. Here is what one of the popups said.

You might be infected with adware / spyware virusYour location:Your IP address:Your ISP: 67.248.1.53 (Privacy Breached) CONFLICTED
UNKNOWN(1) Windows Chrome Browser Warning:Call 1 (855) 408-3014 immediately. Fast assistance with removing viruses.
(Toll-FREE, High Priority Call Line) Possible Privacy Breach if virus not removed immediately:
Data exposed to risk:
1. Your credit card details and banking information

2. Your e-mail passwords and other account passwords

3. Your Facebook, Skype, AIM, ICQ and other chat logs

4. Your private photos, family photos and other sensitive files

5. Your webcam could be accessed remotely by stalkers with a VPN virusWhat you must do:More about the virus:Seeing these pop-up's means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk. It's strongly advised that you call the number above and get your computer fixed before you continue using your internet, especially for shopping.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.45.2
Run by MARK at 22:41:00 on 2015-04-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.4297 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Windows\system32\dlbacoms.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\AOL\1429832463\ee\aolsoftware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {451C804F-C205-4F03-B48E-537EC94937BF} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [AdobeBridge] <no file>
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE"
mRun: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1429832463\ee\AOLSoftware.exe
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRANSF~1.LNK - C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}\445626F6271686723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}\D41627B6723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}\D6B64637B6130313 : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{BFB6B096-4145-4ED2-A8E0-19EDCA9E0ED4} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: {3e5ace07-d3b1-401e-848c-500240d770a0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {9dce7230-adf7-4ff0-aca3-eaa813430be6} - <orphaned>
x64-BHO: {af837aac-9262-4c2b-bfcd-35bf0d924342} - <orphaned>
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: {eb006223-12e3-4c68-b963-ff253eb8a6dc} - <orphaned>
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\12m4v1fj.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\12m4v1fj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfedisk;McAfee AAC Disk Filter Driver;C:\Windows\System32\drivers\mfedisk.sys [2015-2-17 101872]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-7-18 864072]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-7-18 340448]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-23 56336]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2013-5-10 28304]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2013-5-10 20112]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2015-3-11 26024]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-4-23 32912]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2013-5-10 27792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2012-6-20 457360]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2012-7-11 22160]
R2 dlba_device;dlba_device;C:\Windows\System32\dlbacoms.exe -service --> C:\Windows\System32\dlbacoms.exe -service [?]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-4-8 708616]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-27 340744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-23 13592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-4-22 154856]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-9-27 752232]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [2014-11-21 422632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-27 340744]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-27 340744]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-27 340744]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-27 340744]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-4-1 76064]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-3-11 372144]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-9-27 250672]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-8-12 39056]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-9-28 166528]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-23 1692480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-7-18 68784]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-23 317440]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2014-12-19 401736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-7-18 337888]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-9-27 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-7-18 488000]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-1-16 482600]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2012-1-23 29288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 ioloSystemService;iolo System Service;"C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" --> C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 RoxWatch14;Roxio Hard Drive Watcher 14;C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [2012-7-18 341136]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-9-28 1074720]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-9-28 1358360]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-7 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-4-1 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-13 114688]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-12-23 406056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-1-16 100720]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RoxMediaDB14;RoxMediaDB14;C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [2012-7-18 1096848]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkTMini.sys [2015-3-27 528256]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-1 1255736]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2015-04-24 01:37:08 32912 -c--a-w- C:\Windows\System32\drivers\rawdsk3.sys
2015-04-24 01:37:06 -------- dc----w- C:\logs
2015-04-24 01:31:13 -------- dc----w- C:\Users\MARK\AppData\Roaming\iolo
2015-04-23 23:49:33 -------- dc----w- C:\Program Files (x86)\iolo
2015-04-23 23:44:39 -------- dc----w- C:\Users\MARK\AppData\Roaming\AOL
2015-04-23 23:44:24 778416 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-23 23:44:24 142512 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-23 23:43:42 -------- dc----w- C:\ProgramData\Viewpoint
2015-04-23 23:43:38 -------- dc----w- C:\Program Files (x86)\Viewpoint
2015-04-23 23:43:37 58696 -c--a-w- C:\Windows\SysWow64\AOLParconLink.exe
2015-04-23 23:41:48 24064 -c--a-w- C:\Windows\System32\drivers\wanatw64.sys
2015-04-23 23:41:26 -------- dc----w- C:\Users\MARK\AppData\Local\AOL
2015-04-23 23:40:53 -------- dc----w- C:\Program Files (x86)\Common Files\AOL
2015-04-23 23:40:53 -------- dc----w- C:\Program Files (x86)\AOL Desktop 9.7
2015-04-23 23:40:52 -------- dc----w- C:\Program Files (x86)\Common Files\aolshare
2015-04-23 21:38:55 -------- dc----w- C:\RegBackup
2015-04-23 20:09:33 -------- dc----w- C:\Windows\SysWow64\X86
2015-04-23 20:09:33 -------- dc----w- C:\Windows\SysWow64\AMD64
2015-04-23 20:08:44 -------- dc----w- C:\ProgramData\gdapmmldhdjnllepkpoijmfhieepocmn
2015-04-23 20:06:45 -------- dc----w- C:\ProgramData\{b081a1c8-60fd-7c32-b081-1a1c860f8721}
2015-04-18 23:03:57 -------- dc----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2015-04-17 21:33:45 -------- dc----w- C:\Users\MARK\AppData\Roaming\SUPERAntiSpyware.com
2015-04-17 21:33:22 -------- dc----w- C:\ProgramData\SUPERAntiSpyware.com
2015-04-17 21:33:22 -------- dc----w- C:\Program Files\SUPERAntiSpyware
2015-04-10 00:00:59 -------- dc----w- C:\AdwCleaner
2015-04-04 14:36:25 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-03 18:54:45 -------- dc----w- C:\ProgramData\Malwarebytes
2015-04-02 01:33:32 197704 -c--a-w- C:\Windows\System32\drivers\HipShieldK.sys
2015-04-02 01:33:23 76064 -c--a-w- C:\Windows\System32\drivers\McPvDrv.sys
2015-04-01 00:36:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-04-01 00:36:19 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-04-01 00:36:19 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-04-01 00:36:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-03-30 00:20:28 -------- dc-h--w- C:\MediaServer_Temp
2015-03-30 00:14:12 -------- dc----w- C:\ProgramData\Wondershare
2015-03-28 17:22:01 -------- dc----w- C:\Users\MARK\AppData\Local\Deshaker
2015-03-28 17:21:52 -------- dc----w- C:\Users\MARK\AppData\Local\videoeditor
2015-03-28 17:16:52 -------- dc----w- C:\ProgramData\Movavi
2015-03-28 01:21:45 53248 -c--a-w- C:\Windows\SysWow64\StkTProp.ax
2015-03-28 01:21:44 528256 -c--a-w- C:\Windows\System32\drivers\StkTMini.sys
.
==================== Find3M ====================
.
2015-04-23 03:52:12 20 -c--a-w- C:\Users\MARK\AppData\Roaming\appdataFr3.bin
2015-04-18 00:33:56 98216 -c--a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-04 22:02:36 900 -csha-w- C:\ProgramData\KGyGaAvL.sys
2015-03-18 19:49:49 499712 -c--a-w- C:\Windows\SysWow64\msvcp71.dll
2015-03-18 19:49:49 348160 -c--a-w- C:\Windows\SysWow64\msvcr71.dll
2015-03-14 15:22:00 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-14 15:22:00 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-03-14 15:22:00 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-14 15:22:00 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-03-14 15:22:00 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-14 15:22:00 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-14 15:22:00 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-03-14 15:22:00 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-14 15:20:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-03-14 15:20:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2015-03-13 22:24:32 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-13 22:24:32 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-13 22:15:54 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-13 22:15:54 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-13 22:14:07 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-13 22:14:07 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-13 22:13:37 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-13 22:13:04 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-13 22:13:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-13 22:13:04 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-13 22:13:04 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-13 22:13:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-13 22:13:04 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-13 22:13:04 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-13 22:13:04 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-13 22:13:04 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-13 22:13:04 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-13 22:12:14 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-13 22:12:14 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-13 22:10:59 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-03-13 22:09:55 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-03-13 22:09:55 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-03-13 22:07:02 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-03-13 22:06:58 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-03-13 22:06:51 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-03-13 22:06:51 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-03-13 22:06:51 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-03-13 22:06:20 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-03-11 21:46:01 99384 -c--a-w- C:\Users\MARK\AppData\Roaming\inst.exe
2015-03-11 21:46:01 82816 -c--a-w- C:\Users\MARK\AppData\Roaming\pcouffin.sys
2015-02-24 08:17:24 295552 -c----w- C:\Windows\System32\MpSigStub.exe
2015-02-17 18:39:52 101872 -c--a-w- C:\Windows\System32\drivers\mfedisk.sys
2015-02-17 18:38:48 401736 -c--a-w- C:\Windows\System32\drivers\mfeaack.sys
2015-02-17 18:38:12 68784 -c--a-w- C:\Windows\System32\drivers\cfwids.sys
2015-02-17 18:36:18 340448 -c--a-w- C:\Windows\System32\drivers\mfewfpk.sys
2015-02-17 18:36:08 250672 -c--a-w- C:\Windows\System32\mfevtps.exe
2015-02-17 18:34:42 864072 -c--a-w- C:\Windows\System32\drivers\mfehidk.sys
2015-02-17 18:33:54 488000 -c--a-w- C:\Windows\System32\drivers\mfefirek.sys
2015-02-17 18:33:10 337888 -c--a-w- C:\Windows\System32\drivers\mfeavfk.sys
.
============= FINISH: 22:41:53.41 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/31/2011 2:44:05 PM
System Uptime: 4/23/2015 10:32:34 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 56.179 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1691&SUBSYS_04AA1028&REV_01\4&290E7F79&0&00E3
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1691&SUBSYS_04AA1028&REV_01\4&290E7F79&0&00E3
Service: k57nd60a
.
==== System Restore Points ===================
.
RP425: 3/13/2015 10:08:55 PM - Restore Operation
RP426: 3/14/2015 10:18:55 AM - Windows Update
RP427: 3/15/2015 6:42:39 PM - Installed Asoftech Data Recovery
RP428: 3/17/2015 3:57:00 PM - Windows Update
RP429: 3/21/2015 7:44:51 PM - Installed USB2.0 Capture Device
RP430: 3/22/2015 1:35:35 PM - Removed USB2.0 Capture Device
RP431: 3/22/2015 1:41:00 PM - Installed USB2.0 Capture Device
RP432: 3/22/2015 1:48:02 PM - Removed USB2.0 Capture Device
RP433: 3/22/2015 4:09:36 PM - Device Driver Package Install: Syntek Sound, video and game controllers
RP434: 3/23/2015 4:08:20 PM - Installed Microsoft SQL Server 2005 Compact Edition [ENU]
RP435: 3/25/2015 5:39:22 PM - Installed USB2.0 Capture Device
RP436: 3/25/2015 6:07:41 PM - Installed USB2.0 ATV
RP437: 3/25/2015 6:08:18 PM - Device Driver Package Install: Syntek Sound, video and game controllers
RP438: 3/25/2015 6:26:17 PM - Removed USB2.0 ATV
RP439: 3/25/2015 6:27:46 PM - Installed USB2.0 ATV
RP440: 3/25/2015 6:28:10 PM - Device Driver Package Install: Syntek Sound, video and game controllers
RP441: 3/25/2015 6:55:31 PM - Removed USB2.0 ATV
RP442: 3/27/2015 8:27:17 PM - Installed USB2.0 ATV
RP443: 3/27/2015 8:27:59 PM - Device Driver Package Install: Syntek Sound, video and game controllers
RP444: 3/27/2015 8:36:09 PM - Software Removal Tool
RP445: 3/27/2015 9:05:26 PM - Removed USB2.0 Capture Device
RP446: 3/27/2015 9:06:47 PM - Removed USB2.0 ATV
RP447: 3/27/2015 9:21:13 PM - Installed USB2.0 ATV
RP448: 3/27/2015 9:21:59 PM - Device Driver Package Install: Syntek Sound, video and game controllers
RP449: 3/31/2015 8:23:32 PM - Restore Operation
RP450: 3/31/2015 8:36:22 PM - Windows Update
RP451: 4/3/2015 1:20:23 PM - McAfee Vulnerability Scanner
RP452: 4/4/2015 11:18:11 AM - Removed Asoftech Data Recovery
RP453: 4/9/2015 12:15:08 PM - Garmin Express
RP454: 4/9/2015 12:17:27 PM - Garmin Express
RP455: 4/9/2015 5:24:27 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP456: 4/10/2015 12:44:30 PM - McAfee Vulnerability Scanner
RP457: 4/18/2015 1:35:55 PM - Scheduled Checkpoint
RP458: 4/18/2015 7:03:03 PM - DCInstallRestorePoint
RP459: 4/23/2015 4:12:33 PM - Restore Operation
RP460: 4/23/2015 4:28:46 PM - DCInstallRestorePoint
.
==== Installed Programs ======================
.
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
ANT Drivers Installer x64
Any Video Converter Ultimate 5.5.8
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Bing Rewards Client Installer
Bonjour
Brorsoft Video Converter Ver 1.4.0.5345
Consumer In-Home Service Agreement
Corel WinDVD
D3DX10
Dell AIO Printer A940
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell VideoStage
DirectX 9 Runtime
Disketch Disc Label Software
DW WLAN Card
eBay
eLecta Live Virtual Room 8.0
Elevated Installer
Gamers Unite! Snag Bar
Garmin BaseCamp
Garmin City Navigator North America NT 2015.10
Garmin City Navigator North America NT 2015.30
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Golden Videos VHS to DVD Converter
Google Chrome
Google Update Helper
Graboid Video 3.89
Graboid Video 3.89 Setup
HandBrake 0.10.0
Intel(R) Control Center
Intel(R) Rapid Storage Technology
iTunes
Java 8 Update 31
Java 8 Update 45
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LAME v3.99.3 (for Windows)
LeapFrog Connect
LeapFrog Tag Plugin
McAfee Security Scan Plus
McAfee Total Protection
McAfee Virtual Technician
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Excel 97
Microsoft Mouse and Keyboard Center
Microsoft Outlook 97
Microsoft Silverlight
Microsoft SkyDrive
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
Mozilla Firefox 37.0.1 (x86 en-US)
Mozilla Maintenance Service
MPlayer (remove only)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Photo Common
Photo Gallery
PhotoShowExpress
PlayMemories Home
PlayReady PC Runtime x86
QuickTime 7
RBVirtualFolder64Inst
RealDownloader
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealProducer Plus 8.5
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Central
Roxio CinePlayer Decoder Pack
Roxio Creator NXT Pro
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Roxio VHS Capture Driver
Roxio Virtual Drive x64
Search App by Ask
Shared C Run-time for x64
SiteAdvisor
SmartSound Common Data
SmartSound Quicktracks 5
SMPlayer 0.6.9
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SpyroPortalDriver
StreamTorrent 1.0
SUPERAntiSpyware
SyncUP
System Checkup 3.5
THX TruStudio PC
Transfer Utility
Triple Scoop Music
USB2.0 ATV
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Vegas Pro 12.0 (64-bit)
VideoPad Video Editor
Viewpoint Media Player
VirtualDJ Home FREE
VSO ConvertXToDVD
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.2.3)
WordPerfect Office IFilter 32-bit
WordPerfect Office IFilter 64-bit
WordPerfect Office X7
WordPerfect Office X7 - Common Files
WordPerfect Office X7 - Common Files English
WordPerfect Office X7 - IPM Content TBYB
WordPerfect Office X7 - IPM TBYB
WordPerfect Office X7 - Lightning Files
WordPerfect Office X7 - Lightning Files English
WordPerfect Office X7 - Oxford
WordPerfect Office X7 - Presentations Files
WordPerfect Office X7 - Presentations Files English
WordPerfect Office X7 - Quattro Pro Files
WordPerfect Office X7 - Quattro Pro Files English
WordPerfect Office X7 - Setup Files
WordPerfect Office X7 - System Files
WordPerfect Office X7 - WordPerfect Files
WordPerfect Office X7 - WordPerfect Files English
WordPerfect Office X7 - WPD format Props x64
WordPerfect Office X7 - WT
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
4/23/2015 9:56:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/23/2015 7:41:39 PM, Error: Service Control Manager [7030] - The AOL Connectivity Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/23/2015 6:44:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll
4/23/2015 5:39:34 PM, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:34 PM, Error: Service Control Manager [7034] - The McAfee CSP Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:34 PM, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:34 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:34 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/23/2015 5:39:33 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:33 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The Dell DataSafe Online service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:32 PM, Error: Service Control Manager [7034] - The Corel License Validation Service V2, Powered by arvato service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The Roxio SAIB Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The dlea_device service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The dlba_device service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The BOT4Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 5:39:31 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/23/2015 5:39:31 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/23/2015 5:39:31 PM, Error: Service Control Manager [7031] - The Garmin Device Interaction Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/23/2015 5:39:30 PM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 4:22:20 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/23/2015 4:19:39 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
4/23/2015 10:35:46 PM, Error: Service Control Manager [7000] - The iolo System Service service failed to start due to the following error: The system cannot find the file specified.
4/23/2015 10:35:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service ioloSystemService with arguments "" in order to run the server: {40310869-27A4-42B1-8AAD-E4CEFB3BE286}
4/23/2015 10:34:49 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
4/23/2015 10:34:49 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
4/23/2015 10:34:49 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
4/23/2015 10:33:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
4/23/2015 10:33:25 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2015 10:33:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
4/23/2015 10:33:23 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2015 10:33:22 PM, Error: Service Control Manager [7023] - The Roxio Hard Drive Watcher 14 service terminated with the following error: %%-2147467243
4/23/2015 10:28:49 PM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
4/23/2015 1:31:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
4/23/2015 1:31:24 AM, Error: Service Control Manager [7000] - The Garmin Device Interaction Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm
Advertisement
Register to Remove

Re: I need help.

Unread postby pgmigg » April 24th, 2015, 12:45 am

Hello mkdsk101,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help.

Unread postby pgmigg » April 24th, 2015, 1:01 am

Hello mkdsk101,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
StreamTorrent 1.0
As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    StreamTorrent 1.0
  4. Click on the Change/Remove button to uninstall it.
  5. When the program have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
TSG - SysInfo utility
  1. Please download SysInfo.exe and save it to your Desktop.
  2. Right click SysInfo.exe and select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. The small square window will be opened with already highlighted text - please right click on it, select Copy and then paste it in your next post.

Step 4.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 5.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Your decision about P2P program
  2. Do you have any problems executing the instructions?
  3. Contents of CKFiles.txt log file
  4. Contents of TSG - SysInfo utility
  5. Contents of a log created by codecheck.txt
  6. Contents of a log created by MGADiag.exe
  7. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 1:24 pm

A. I deleted the P2P program
B. I have no problems with the instructions.


I am willing to get rid of anything on this computer that should not be on it so I would appreciate you to continue to please help me clear all of this up. Anything that you see on my computer that should not be on it I am willing to get rid of it.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\roxio creator nxt\windvd\windiverter.dll
c:\programdata\{a4865541-8880-0d66-a486-655418885506}\remo recover 4.0 crack, keygen license key full version.dat
c:\programdata\{b081a1c8-60fd-7c32-b081-1a1c860f8721}\spyhunter 4 registration key incl crack full free download.dat
c:\users\mark\desktop\garbage\spyhunter version 4 cracked.zip
c:\users\mark\desktop\garbage\spyhunter-4-crack-loader-+-serials.zip
scanner sequence 3.BC.11.CNAPEZ
----- EOF -----
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 1:27 pm

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8174 Mb
Graphics Card: NVIDIA GeForce GT 530, 1024 Mb
Hard Drives: C: Total - 463332 MB, Free - 57422 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 1:31 pm

Codecheck Version 1.0

04024
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 1:32 pm

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5838D220-C8FB-4A5B-AE5C-44DFCCB06E8C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2130412082-872510349-2259372935</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS 8300 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20111017000000.000000+000</Date></BIOS><HWID>74253007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7601.0000-3572011
Installation ID: 010024252022072072036972653913328300379720777401591415
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 4/24/2015 1:31:58 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:21:2015 18:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAEAAAADAAAAAgABAAEAln2Cchp2UASE5/QfoIPWyjBHDNFMAS5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SSDT AMICPU PROC
SLIC DELL FX09
OSFR DELL FX09
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 1:34 pm

This computer is used for personal use only.

Is that all you need from me right now?
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby pgmigg » April 24th, 2015, 3:30 pm

Hello mkdsk101,

Is that all you need from me right now?
No. You posted the second part of the log created by MGADiag.exe only.
Please re-post the whole log in the next reply. The Log should be started from:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->


Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help.

Unread postby mkdsk101 » April 24th, 2015, 3:49 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {5838D220-C8FB-4A5B-AE5C-44DFCCB06E8C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150202-1526
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5838D220-C8FB-4A5B-AE5C-44DFCCB06E8C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2130412082-872510349-2259372935</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS 8300 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20111017000000.000000+000</Date></BIOS><HWID>74253007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7601.0000-3572011
Installation ID: 010024252022072072036972653913328300379720777401591415
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 4/24/2015 3:46:03 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:21:2015 18:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAEAAAADAAAAAgABAAEAln2Cchp2UASE5/QfoIPWyjBHDNFMAS5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SSDT AMICPU PROC
SLIC DELL FX09
OSFR DELL FX09
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby pgmigg » April 25th, 2015, 1:16 am

Hello mkdsk101,

I am willing to get rid of anything on this computer that should not be on it so I would appreciate you to continue to please help me clear all of this up. Anything that you see on my computer that should not be on it I am willing to get rid of it.
Thank you! Let continue...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Bing Rewards Client Installer
    Gamers Unite! Snag Bar
    Java 8 Update 31
    Java Auto Updater
    McAfee Security Scan Plus
    Search App by Ask
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Checkup 3.5
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot (restart) your computer.

Step 3.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.
    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help.

Unread postby mkdsk101 » April 25th, 2015, 1:25 pm

When I did the TDSSKiller there were no threats found even after I checked the box named "Verify file digital signatures" so I stopped at that point to come here and ask should I move on to step 4 OTL download?
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 25th, 2015, 4:06 pm

Okay I figured out what I was doing wrong so here is the TDSSKILLER log.


13:06:56.0343 0x1ff4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:07:17.0469 0x1ff4 ============================================================
13:07:17.0469 0x1ff4 Current date / time: 2015/04/25 13:07:17.0469
13:07:17.0469 0x1ff4 SystemInfo:
13:07:17.0469 0x1ff4
13:07:17.0469 0x1ff4 OS Version: 6.1.7601 ServicePack: 1.0
13:07:17.0469 0x1ff4 Product type: Workstation
13:07:17.0469 0x1ff4 ComputerName: MARK-PC
13:07:17.0469 0x1ff4 UserName: MARK
13:07:17.0469 0x1ff4 Windows directory: C:\Windows
13:07:17.0469 0x1ff4 System windows directory: C:\Windows
13:07:17.0469 0x1ff4 Running under WOW64
13:07:17.0469 0x1ff4 Processor architecture: Intel x64
13:07:17.0469 0x1ff4 Number of processors: 8
13:07:17.0469 0x1ff4 Page size: 0x1000
13:07:17.0469 0x1ff4 Boot type: Normal boot
13:07:17.0469 0x1ff4 ============================================================
13:07:19.0476 0x1ff4 KLMD registered as C:\Windows\system32\drivers\59489969.sys
13:07:19.0866 0x1ff4 System UUID: {2C98094B-AB1D-3F4F-341E-8E93A041C78E}
13:07:20.0626 0x1ff4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:07:20.0658 0x1ff4 ============================================================
13:07:20.0658 0x1ff4 \Device\Harddisk0\DR0:
13:07:20.0658 0x1ff4 MBR partitions:
13:07:20.0658 0x1ff4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A7F000
13:07:20.0658 0x1ff4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A93000, BlocksNum 0x388F2800
13:07:20.0658 0x1ff4 ============================================================
13:07:20.0673 0x1ff4 C: <-> \Device\Harddisk0\DR0\Partition2
13:07:20.0673 0x1ff4 ============================================================
13:07:20.0673 0x1ff4 Initialize success
13:07:20.0673 0x1ff4 ============================================================
13:07:52.0838 0x1500 Deinitialize success
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 25th, 2015, 4:20 pm

OTL logfile created on: 4/25/2015 4:09:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARK\Desktop\MM
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 68.33% Memory free
15.96 Gb Paging File | 13.39 Gb Available in Paging File | 83.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.47 Gb Total Space | 51.61 Gb Free Space | 11.41% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/04/25 14:25:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MARK\Desktop\MM\OTL.exe
PRC - [2015/04/08 14:50:12 | 000,708,616 | ---- | M] (Garmin Ltd. or its subsidiaries) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
PRC - [2014/12/19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/10/31 16:38:40 | 002,072,928 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/10/10 11:44:56 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/09/13 12:24:54 | 000,277,360 | ---- | M] (arvato digital services llc) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2012/11/27 22:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/07/11 01:04:00 | 000,022,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2012/06/20 15:48:28 | 000,457,360 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2012/03/22 10:55:02 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 12:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 12:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/05/20 12:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/01 14:12:30 | 000,537,968 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1429832463\ee\aolsoftware.exe


========== Modules (No Company Name) ==========

MOD - [2015/04/01 18:45:30 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/11/22 18:56:40 | 012,503,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\acf75ee70346212b52ed1c1dd92c8c7d\System.Windows.Forms.ni.dll
MOD - [2014/11/22 18:56:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/11/22 18:56:30 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/11/22 18:56:18 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/11/22 18:55:56 | 014,902,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7a04e3ad6d19b63ff1ab1def6ff70471\PresentationFramework.ni.dll
MOD - [2014/11/22 18:55:46 | 012,621,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d35307d3a0a0eb9ab485115bf82e1ed8\PresentationCore.ni.dll
MOD - [2014/11/22 18:55:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/11/22 18:54:24 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014/11/22 18:54:11 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\11295b4ad79dbeadee6c83ae45a8a07f\System.IdentityModel.ni.dll
MOD - [2014/11/22 18:54:10 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
MOD - [2014/11/22 18:54:09 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\da4175d4363c1bcecb984a44cd53664f\SMDiagnostics.ni.dll
MOD - [2014/11/22 18:54:08 | 017,477,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0d51a457c4cb85cd5ae8439094387ad3\System.ServiceModel.ni.dll
MOD - [2014/11/22 18:53:21 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9c41049a9716f9c34e8dfad27ac45153\System.WorkflowServices.ni.dll
MOD - [2014/11/22 18:51:42 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\26e521624e8e8c879ac83245694d809a\System.ServiceModel.Web.ni.dll
MOD - [2014/11/22 18:34:52 | 000,420,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0c626059a0fd78e964c1970ddfd3058b\System.Xml.Linq.ni.dll
MOD - [2014/11/22 16:46:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/11/22 16:44:34 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/31 16:37:56 | 001,498,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/09/28 11:34:09 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/05/19 17:19:02 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/01 20:29:06 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm

Re: I need help.

Unread postby mkdsk101 » April 25th, 2015, 4:21 pm

========== Services (SafeList) ==========

SRV:64bit: - [2015/03/13 18:11:43 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/03/03 11:59:54 | 000,752,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2015/03/01 18:40:32 | 000,372,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe -- (mfemms)
SRV:64bit: - [2015/02/27 14:29:14 | 000,605,472 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2015/02/17 14:36:08 | 000,250,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2015/02/17 14:33:46 | 000,232,656 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2015/02/11 17:15:42 | 000,340,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2014/11/21 11:17:58 | 000,422,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe -- (mccspsvc)
SRV:64bit: - [2010/01/07 17:09:40 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2007/03/05 16:57:40 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbacoms.exe -- (dlba_device)
SRV - [2015/04/24 21:47:39 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/04/23 22:25:28 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/04/17 11:07:38 | 000,154,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2015/04/08 14:50:12 | 000,708,616 | ---- | M] (Garmin Ltd. or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
SRV - [2014/12/19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/27 21:08:00 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2013/09/13 12:24:54 | 000,277,360 | ---- | M] (arvato digital services llc) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2012/11/27 22:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/07/18 07:40:50 | 000,341,136 | ---- | M] (Corel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe -- (RoxWatch14)
SRV - [2012/07/18 07:40:34 | 001,096,848 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe -- (RoxMediaDB14)
SRV - [2012/07/11 01:04:00 | 000,022,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2012/06/20 15:48:28 | 000,457,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2011/12/23 02:42:21 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/20 12:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/03/05 16:57:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlbacoms.exe -- (dlba_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys -- (SliceDisk5)
DRV:64bit: - [2015/03/25 09:53:06 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3)
DRV:64bit: - [2015/02/28 01:10:50 | 000,076,064 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2015/02/17 14:39:52 | 000,101,872 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfedisk.sys -- (mfedisk)
DRV:64bit: - [2015/02/17 14:38:48 | 000,401,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeaack.sys -- (mfeaack)
DRV:64bit: - [2015/02/17 14:38:12 | 000,068,784 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2015/02/17 14:36:18 | 000,340,448 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2015/02/17 14:34:42 | 000,864,072 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2015/02/17 14:33:54 | 000,488,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2015/02/17 14:33:10 | 000,337,888 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2015/01/16 00:48:08 | 000,100,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2015/01/16 00:48:02 | 000,482,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2014/01/07 08:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/03/18 17:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/28 15:15:08 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,028,304 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,027,792 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,020,112 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/23 04:13:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/23 04:13:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/11/17 17:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2011/05/20 13:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 13:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 23:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/08 08:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/20 19:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/12 15:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
mkdsk101
Regular Member
 
Posts: 91
Joined: April 23rd, 2015, 7:11 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware