lnr123bsr

I am getting random background noise (mostly ads) when I am on various webpages. (Like now, and all I have open is the malwarebytes page.) Here are my logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2 Run by Leslie at 19:18:27 on 2014-04-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1939 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DHCPNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll Notify: PCANotify - PCANotify.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\gk0ks86b.default-1384008138800\ FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\users\leslie\appdata\local\citrix\plugins\104\npappdetector.dll FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-3 81920] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2013-3-11 1248256] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-25 195400] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-7 108032] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-15 14848] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-15 49152] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400] S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2010-10-4 486176] S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2012-11-21 26496] S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] . =============== Created Last 30 ================ . 2014-04-07 04:18:22 454656 ----a-w- c:\windows\system32\vbscript.dll 2014-03-12 18:08:07 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 18:08:06 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-03-12 18:07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 18:07:44 509440 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 18:07:43 381440 ----a-w- c:\windows\system32\wer.dll 2014-03-12 18:07:43 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-03-12 18:07:43 185344 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 18:07:43 1237504 ----a-w- c:\windows\system32\msxml3.dll 2014-03-12 18:07:33 3419136 ----a-w- c:\windows\system32\d2d1.dll 2014-03-12 18:07:33 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2014-03-12 18:06:35 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-03-12 18:06:35 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-03-12 18:06:35 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-03-12 18:06:35 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-03-12 18:06:35 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-03-12 18:06:35 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-03-12 18:06:35 428032 ----a-w- c:\windows\system32\secproc.dll 2014-03-12 18:06:35 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-03-12 18:06:35 390144 ----a-w- c:\windows\system32\msdrm.dll . ==================== Find3M ==================== . 2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll . ============= FINISH: 19:18:48.04 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/16/2010 4:24:46 PM System Uptime: 4/7/2014 7:01:46 PM (0 hours ago) . Motherboard: Dell Inc. | | 0CKCXH Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 345.627 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C7200 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP278: 3/11/2014 12:52:17 AM - Scheduled Checkpoint RP279: 3/12/2014 2:08:11 PM - Windows Update RP280: 3/12/2014 3:17:09 PM - Windows Modules Installer RP281: 3/12/2014 3:25:29 PM - Windows Modules Installer RP282: 3/12/2014 3:41:05 PM - Windows Modules Installer RP283: 3/12/2014 3:50:10 PM - Windows Update RP284: 3/20/2014 1:41:09 PM - Scheduled Checkpoint RP285: 3/28/2014 11:28:12 AM - Scheduled Checkpoint RP286: 4/5/2014 11:02:11 AM - Scheduled Checkpoint RP287: 4/7/2014 12:17:53 AM - Windows Update . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Acrobat 9.5.5 - CPSID_83708 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.5 AIO_Scan Aleks 3.15 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm C7200 C7200_Help Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon Personal Printing Guide Canon PowerShot SX120 IS Camera User Guide Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC 8 Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Citrix Online Launcher Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Copy Dell Backup and Recovery Manager Dell Edoc Viewer Destinations DeviceDiscovery DocProc Dropbox ESET Online Scanner v3 Fax Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.7.0.1172 GPBaseService2 HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. 2 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPProductAssistant Intel® Graphics Media Accelerator Driver Intel® TV Wizard Intel® Matrix Storage Manager Internet Explorer (Enable DEP) iTunes iVideo Converter Java 7 Update 45 Java Auto Updater Junk Mail filter update LEGO MINDSTORMS EV3 LEGO MINDSTORMS EV3 Home Content LEGO MINDSTORMS EV3 Home Edition LEGO MINDSTORMS EV3 Home English Support LEGO MINDSTORMS EV3 Uninstaller LEGO MINDSTORMS NXT Driver LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Maxtor Backup Maxtor OneTouch III Memeo Instant Backup MFCLOC Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Basic 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Silverlight 5.1 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NETGEAR Genie Network NI .NET Framework 4 NI EulaDepot NI MDF Support NI Security Update (KB 67L8LCQW) NI Uninstaller NI VC2008MSMs x86 OCR Software by I.R.I.S. 13.0 PowerDVD DX PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_Min QuickBooks QuickBooks Pro 2013 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scan Seagate Dashboard Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Skype Toolbars Skype™ 4.2 SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status Symantec pcAnywhere System Requirements Lab for Intel Toolbox TrayApp UnloadSupport ViewChoice Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) WebReg Where in the World Is Carmen Sandiego? Treasures of Knowledge Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 4/7/2014 7:17:22 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/7/2014 7:02:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 4/7/2014 7:02:05 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried. 4/7/2014 7:02:03 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect. 4/7/2014 7:02:03 PM, Error: Service Control Manager [7000] - The NETGEARGenieDaemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/7/2014 6:58:31 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/6/2014 4:46:14 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 4/4/2014 1:43:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 4/4/2014 1:43:54 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. . ==== End Of File =========================== Thank you.

That tool worked great. My Windows Update is now all set for the first time in over a year! Thank you so much!

Things seem to be running well. The only problem I have is that I cannot run Windows Update. In fact, I haven't been able to run Windows Update since the last time the computer got a similar infection about 18 months ago. Is the best thing just to re-install Windows? Thanks.

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.13.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Leslie :: LESLIE-PC [administrator] 11/13/2013 8:48:00 PM mbam-log-2013-11-13 (20-48-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235050 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x86 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013 Ran by Leslie at 2013-11-13 18:03:35 Run:2 Running from C:\Users\Leslie\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {7B50BDB3-C216-4BCA-8886-B8714390C5E1} - System32\Tasks\task251025498 => C:\Users\Public\Documents\e.exe C:\Users\Public\Documents\e.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B50BDB3-C216-4BCA-8886-B8714390C5E1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B50BDB3-C216-4BCA-8886-B8714390C5E1} => Key deleted successfully. C:\Windows\System32\Tasks\task251025498 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task251025498 => Key deleted successfully. "C:\Users\Public\Documents\e.exe" => File/Directory not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. RemoteAccess => Service deleted successfully. ==== End of Fixlog ====

Yes, I ran fixdamage.exe but I don't think I rebooted last time. So I ran it again and rebooted. There was no message that anything was found. Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01 Ran by Leslie at 2013-11-12 08:42:16 Running from C:\Users\Leslie\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8) Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.2.0) Adobe Acrobat 9.2.0 - CPSID_50026 Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.6.602.180) Adobe Reader 9.2 (Version: 9.2.0) AIO_Scan (Version: 130.0.365.000) Aleks 3.15 Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) BufferChm (Version: 130.0.331.000) C7200 (Version: 130.0.365.000) C7200_Help (Version: 100.0.206.000) Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.0.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4) Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9) Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34) Canon Personal Printing Guide (Version: 1.0.0.1) Canon PowerShot SX120 IS Camera User Guide (Version: 1.0.1.2) Canon Utilities CameraWindow (Version: 7.3.0.4) Canon Utilities CameraWindow DC (Version: 7.4.1.10) Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19) Canon Utilities MyCamera (Version: 7.3.0.5) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (Version: 6.4.0.7) Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11) Citrix Online Launcher (Version: 1.0.110) Citrix online plug-in - web (Version: 12.1.0.30) Citrix online plug-in (DV) (Version: 12.1.0.30) Citrix online plug-in (HDX) (Version: 12.1.0.30) Citrix online plug-in (USB) (Version: 12.1.0.30) Citrix online plug-in (Web) (Version: 12.1.0.30) Copy (Version: 130.0.428.000) Dell Backup and Recovery Manager (Version: 1.1.0) Dell Edoc Viewer (Version: 1.0.0) Destinations (Version: 130.0.0.0) DeviceDiscovery (Version: 130.0.465.000) DocProc (Version: 13.0.0.0) Dropbox (HKCU Version: 2.0.22) ESET Online Scanner v3 Fax (Version: 130.0.418.000) GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172) GPBaseService2 (Version: 130.0.371.000) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) HP Update (Version: 4.000.011.006) HPPhotoGadget (Version: 130.0.282.000) HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000) HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000) HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000) hpphotosmartdisclabelplugin (Version: 2.04.0000) HPPhotosmartEssential (Version: 2.04.0000) HPProductAssistant (Version: 130.0.371.000) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2869) Intel® TV Wizard Intel® Matrix Storage Manager Internet Explorer (Enable DEP) iTunes (Version: 11.1.1.11) iVideo Converter Junk Mail filter update (Version: 14.0.8089.726) LiveReg (Symantec Corporation) (Version: 2.3.0.1833) LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Maxtor Backup (Version: 1.00.0011) Maxtor OneTouch III (Version: 3.00.0015) Memeo Instant Backup (Version: 4.60.0.7252) MFCLOC (Version: 1.00.0000) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014) Microsoft Office Basic 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Search Enhancement Pack (Version: 1.2.123.0) Microsoft Silverlight (Version: 4.0.60831.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) NETGEAR Genie (Version: 2.2.27.1 ) Network (Version: 130.0.572.000) OCR Software by I.R.I.S. 13.0 (Version: 13.0) PowerDVD DX (Version: 8.3.5424) PS_AIO_02_ProductContext (Version: 130.0.365.000) PS_AIO_02_Software (Version: 130.0.365.000) PS_AIO_02_Software_Min (Version: 130.0.365.000) QuickBooks (Version: 23.0.4007.2305) QuickBooks Pro 2013 (Version: 23.0.4006.2305) QuickTime (Version: 7.69.80.9) Realtek High Definition Audio Driver (Version: 6.0.1.5859) Roxio Creator Audio (Version: 3.7.0) Roxio Creator Copy (Version: 3.7.0) Roxio Creator Data (Version: 3.7.0) Roxio Creator DE 10.3 (Version: 10.3) Roxio Creator DE 10.3 (Version: 3.7.0) Roxio Creator Tools (Version: 3.7.0) Roxio Express Labeler 3 (Version: 3.2.2) Roxio Update Manager (Version: 6.0.0) Scan (Version: 13.0.0.0) Seagate Dashboard (Version: 1.0.0.809) Skype Toolbars (Version: 1.0.4051) Skype™ 4.2 (Version: 4.2.187) SmartWebPrinting (Version: 130.0.457.000) SolutionCenter (Version: 130.0.373.000) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) Status (Version: 130.0.469.000) Symantec pcAnywhere (Version: 11.0.0) System Requirements Lab for Intel (Version: 4.5.13.0) Toolbox (Version: 130.0.648.000) TrayApp (Version: 130.0.422.000) UnloadSupport (Version: 11.0.0) ViewChoice Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1) WebReg (Version: 130.0.132.017) Where in the World Is Carmen Sandiego? Treasures of Knowledge Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Photo Gallery (Version: 14.0.8081.709) Windows Live Sign-in Assistant (Version: 5.000.818.5) Windows Live Sync (Version: 14.0.8089.726) Windows Live Toolbar (Version: 14.0.8064.206) Windows Live Upload Tool (Version: 14.0.8014.1029) Windows Live Writer (Version: 14.0.8089.0726) ==================== Restore Points ========================= 04-11-2013 15:26:24 Scheduled Checkpoint 05-11-2013 19:49:10 Removed Java 7 Update 6 ==================== Hosts content: ========================== 2009-07-13 21:04 - 2013-11-03 23:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {7B50BDB3-C216-4BCA-8886-B8714390C5E1} - System32\Tasks\task251025498 => C:\Users\Public\Documents\e.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Photosmart C7200 series Description: Photosmart C7200 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2013 11:18:28 PM) (Source: Windows Activation Technologies) (User: ) Description: Health check failure: hr = 0x8004FE21, HealthStatus: 0x000000000003EFFF Error: (11/11/2013 09:59:50 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/11/2013 09:59:45 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/11/2013 09:59:45 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/11/2013 09:59:39 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/11/2013 09:59:33 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/11/2013 09:59:26 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied. . Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2013": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init' Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2013": Connection String:CON=QBConnectionPool-Probe-QB_data_engine_23; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Family, Ear, Nose & Throat.QBW;ENG=QB_data_engine_23;DBN=69afee3f280c41f3bf9bc556078394da Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2013": Connection Error:Invalid user ID or password System errors: ============= Error: (11/12/2013 08:39:46 AM) (Source: Service Control Manager) (User: ) Description: The NETGEARGenieDaemon service failed to start due to the following error: %%1053 Error: (11/12/2013 08:39:46 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect. Error: (11/11/2013 10:52:14 PM) (Source: mbamchameleon) (User: ) Description: C01C0005 Error: (11/11/2013 10:50:08 PM) (Source: mbamchameleon) (User: ) Description: C01C0005 Error: (11/11/2013 03:07:50 PM) (Source: Service Control Manager) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (11/11/2013 10:11:28 AM) (Source: Service Control Manager) (User: ) Description: The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s). Error: (11/11/2013 07:41:42 AM) (Source: Service Control Manager) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (11/10/2013 09:15:53 AM) (Source: Service Control Manager) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (11/09/2013 09:43:57 AM) (Source: Service Control Manager) (User: ) Description: The NETGEARGenieDaemon service failed to start due to the following error: %%1053 Error: (11/09/2013 09:43:57 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect. Microsoft Office Sessions: ========================= Error: (01/05/2013 11:02:52 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4986 seconds with 2040 seconds of active time. This session ended with a crash. Error: (10/12/2011 02:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/12/2011 11:52:38 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3544 seconds with 1860 seconds of active time. This session ended with a crash. Error: (12/23/2010 00:36:34 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11035 seconds with 4440 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-04-01 01:15:54.508 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 01:15:54.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.302 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.043 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 3036.99 MB Available physical RAM: 2323.93 MB Total Pagefile: 6072.26 MB Available Pagefile: 5356.48 MB Total Virtual: 2047.88 MB Available Virtual: 1894.5 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:6.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 7740BF64) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01 Ran by Leslie (administrator) on LESLIE-PC on 12-11-2013 08:41:38 Running from C:\Users\Leslie\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800 FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Leslie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}] - C:\Users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= S3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2003-05-29] (Symantec Corporation) S3 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] () R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo) S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-25] (NETGEAR) S3 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( ) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo) ==================== Drivers (Whitelisted) ==================== R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10901 2003-04-21] (Symantec Corporation) S4 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [24365 2003-05-05] (Symantec Corporation) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software) R0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation) S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.) S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [73496 2010-03-09] (Symantec Corporation) U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [13824 2012-03-30] () S3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [486176 2000-09-26] (Xirlink, Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\Leslie\AppData\Local\Temp\catchme.sys [x] S3 lmimirr; system32\DRIVERS\lmimirr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 ____D C:\Windows\LastGood 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD7436.tmp 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD71D6.tmp 2013-11-11 22:26 - 2013-11-11 22:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Leslie\Desktop\mbar-1.07.0.1007.exe 2013-11-09 09:47 - 2013-11-09 09:47 - 00760937 _____ (Farbar) C:\Users\Leslie\Desktop\MiniToolBox.exe 2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6CC7.tmp 2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6C3B.tmp 2013-11-09 09:42 - 2013-11-09 09:42 - 00000000 ____D C:\Users\Leslie\Desktop\Old Firefox Data 2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD68E0.tmp 2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD6826.tmp 2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD9241.tmp 2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD8FB3.tmp 2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9656.tmp 2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9500.tmp 2013-11-06 08:20 - 2013-11-06 21:55 - 00184844 _____ C:\Windows\PFRO.log 2013-11-06 08:18 - 2013-11-06 08:18 - 00000000 ____D C:\Users\Leslie\Doctor Web 2013-11-05 15:05 - 2013-11-11 23:13 - 01090275 _____ (Farbar) C:\Users\Leslie\Desktop\FRST.exe 2013-11-05 14:54 - 2013-11-05 14:54 - 00004603 _____ C:\JavaRa.log 2013-11-05 14:51 - 2013-11-05 14:55 - 00000000 ____D C:\Users\Leslie\Desktop\Remove Java 2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST 2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp 2013-11-04 23:33 - 2013-11-04 23:34 - 00000000 ____D C:\AdwCleaner 2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT 2013-11-04 23:16 - 2013-11-11 22:53 - 00000000 ____D C:\Users\Leslie\Desktop\mbar 2013-11-04 23:16 - 2013-11-11 22:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-04 23:16 - 2013-11-11 22:28 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp 2013-11-03 23:15 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-03 23:15 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-03 23:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-03 23:14 - 2013-11-03 23:59 - 00000000 ____D C:\Qoobox 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp 2013-10-31 22:45 - 2013-11-12 08:39 - 00002092 _____ C:\Windows\setupact.log 2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-31 22:43 - 2013-11-03 08:53 - 391172094 _____ C:\avenger.txt 2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google 2013-10-31 22:23 - 2013-10-31 22:44 - 00000000 ____D C:\ProgramData\gpngVpn3 2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google 2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx 2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp 2013-10-23 13:37 - 2009-08-19 22:50 - 00046928 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll 2013-10-23 13:37 - 2009-08-19 22:50 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll 2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk ==================== One Month Modified Files and Folders ======= 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 ____D C:\Windows\LastGood 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD7436.tmp 2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD71D6.tmp 2013-11-12 08:39 - 2013-10-31 22:45 - 00002092 _____ C:\Windows\setupact.log 2013-11-12 08:39 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-12 08:38 - 2009-07-13 23:55 - 01428563 _____ C:\Windows\WindowsUpdate.log 2013-11-11 23:24 - 2009-12-03 15:59 - 00785112 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-11 23:23 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-11 23:23 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-11 23:13 - 2013-11-05 15:05 - 01090275 _____ (Farbar) C:\Users\Leslie\Desktop\FRST.exe 2013-11-11 22:53 - 2013-11-04 23:16 - 00000000 ____D C:\Users\Leslie\Desktop\mbar 2013-11-11 22:53 - 2013-11-04 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-11 22:28 - 2013-11-04 23:16 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-11 22:27 - 2013-11-11 22:26 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Leslie\Desktop\mbar-1.07.0.1007.exe 2013-11-11 22:27 - 2010-03-13 22:07 - 00007613 _____ C:\Users\Leslie\AppData\Local\Resmon.ResmonCfg 2013-11-11 10:02 - 2010-09-27 13:55 - 00002054 ____H C:\Users\Leslie\Documents\Default.rdp 2013-11-11 10:00 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-11-09 09:47 - 2013-11-09 09:47 - 00760937 _____ (Farbar) C:\Users\Leslie\Desktop\MiniToolBox.exe 2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6CC7.tmp 2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6C3B.tmp 2013-11-09 09:42 - 2013-11-09 09:42 - 00000000 ____D C:\Users\Leslie\Desktop\Old Firefox Data 2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD68E0.tmp 2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD6826.tmp 2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD9241.tmp 2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD8FB3.tmp 2013-11-06 21:55 - 2013-11-06 08:20 - 00184844 _____ C:\Windows\PFRO.log 2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9656.tmp 2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9500.tmp 2013-11-06 08:19 - 2009-07-13 23:53 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-06 08:18 - 2013-11-06 08:18 - 00000000 ____D C:\Users\Leslie\Doctor Web 2013-11-06 08:18 - 2010-02-16 16:24 - 00000000 ____D C:\Users\Leslie 2013-11-05 14:55 - 2013-11-05 14:51 - 00000000 ____D C:\Users\Leslie\Desktop\Remove Java 2013-11-05 14:54 - 2013-11-05 14:54 - 00004603 _____ C:\JavaRa.log 2013-11-05 14:49 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Java 2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST 2013-11-05 01:00 - 2010-02-16 16:48 - 00000000 ____D C:\Users\Leslie\Documents\Adobe 2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp 2013-11-04 23:34 - 2013-11-04 23:33 - 00000000 ____D C:\AdwCleaner 2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT 2013-11-04 10:01 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Word 2013-11-04 09:44 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Excel 2013-11-03 23:59 - 2013-11-03 23:14 - 00000000 ____D C:\Qoobox 2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp 2013-11-03 23:24 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini 2013-11-03 23:22 - 2012-03-31 22:18 - 00000000 ____D C:\Windows\ERDNT 2013-11-03 23:22 - 2009-07-13 21:03 - 49283072 _____ C:\Windows\system32\config\software.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 15204352 _____ C:\Windows\system32\config\system.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00524288 _____ C:\Windows\system32\config\default.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp 2013-11-03 08:53 - 2013-10-31 22:43 - 391172094 _____ C:\avenger.txt 2013-11-02 10:46 - 2012-11-14 23:50 - 00003117 _____ C:\SeagateAdapter 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp 2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-31 22:44 - 2013-10-31 22:23 - 00000000 ____D C:\ProgramData\gpngVpn3 2013-10-31 22:43 - 2009-12-03 17:44 - 00000000 ____D C:\Windows\Panther 2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google 2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google 2013-10-30 14:13 - 2010-08-25 10:45 - 00000000 ____D C:\Users\Leslie\Documents\My Scans 2013-10-28 17:59 - 2012-08-26 18:59 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\.minecraft 2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx 2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv 2013-10-23 23:14 - 2010-03-16 22:54 - 00000000 ____D C:\Users\Leslie\Documents\Fax 2013-10-23 14:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp 2013-10-23 14:19 - 2010-02-16 16:25 - 00000000 ____D C:\Users\Leslie\AppData\Local\Adobe 2013-10-23 14:18 - 2012-04-24 12:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-23 14:18 - 2011-11-28 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-23 14:09 - 2013-10-07 09:38 - 00000000 ____D C:\Users\Leslie\AppData\Local\Deployment 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp 2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Adobe 2013-10-22 17:58 - 2013-05-24 15:25 - 00000000 ____D C:\Quickbooks backup files 2013-10-21 17:26 - 2012-01-03 11:06 - 00000000 ___RD C:\Users\Leslie\Dropbox 2013-10-21 17:26 - 2012-01-03 11:03 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Dropbox Some content of TEMP: ==================== C:\Users\Leslie\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 10:04 ==================== End Of Log ============================

Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.11.12.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Leslie :: LESLIE-PC [administrator] 11/11/2013 10:28:58 PM mbar-log-2013-11-11 (22-28-58).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 221747 Time elapsed: 8 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.926000 GHz Memory total: 3184513024, free: 2358857728 Downloaded database version: v2013.11.12.02 Downloaded database version: v2013.10.11.02 Initializing... ====================== ------------ Kernel report ------------ 11/11/2013 22:28:54 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Gernuwa.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\Drivers\awlegacy.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ctxusbm.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\dot4usb.sys \SystemRoot\system32\DRIVERS\Dot4.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\Dot4Prt.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\gdi32.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\shell32.dll \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\clbcatq.dll \Windows\System32\imm32.dll \Windows\System32\wininet.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\usp10.dll \Windows\System32\difxapi.dll \Windows\System32\user32.dll \Windows\System32\ole32.dll \Windows\System32\Wldap32.dll \Windows\System32\lpk.dll \Windows\System32\iertutil.dll \Windows\System32\msvcrt.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR2 Upper Device Object: 0xffffffff85c72130 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff85a68580 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86ec0a58 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff86054028 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86ec0a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86ec0698, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86ec0a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86054028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7740BF64 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 945969200 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff85c72130, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff88cb3820, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85c72130, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85a68580, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished Attached is FRST.txt. Addtion.txt was not created. FRST.txt

The result is attached here. For some reason I can no longer paste into this window. Also, when I restart my computer, I still get the corrupted recycle bin message. Should I empty the recycle bin? Thanks. Result.txt

After chkdsk ran, I got the corrupted recycle bin message again. Also, most times when I try to go to malwarebytes.org, I get a message saying the page cannot be found, but after I refresh, the page loads. Here are the chkdsk results: 　 Checking file system on C: The type of the file system is NTFS. Volume label is OS. 　 A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... 198144 file records processed. File verification completed. 610 large file records processed. 0 bad file records processed. 10 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 249054 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 198144 file SDs/SIDs processed. CHKDSK is compacting the security descriptor stream Cleaning up 2100 unused security descriptors. 25456 data files processed. CHKDSK is verifying Usn Journal... 37241440 USN bytes processed. Usn Journal verification completed. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 472984599 KB total disk space. 464007828 KB in 148926 files. 93244 KB in 25459 indexes. 0 KB in bad sectors. 316007 KB in use by the system. 65536 KB occupied by the log file. 8567520 KB available on disk. 4096 bytes in each allocation unit. 118246149 total allocation units on disk. 2141880 allocation units available on disk. Internal Info: 00 06 03 00 3a a9 02 00 a1 b2 04 00 00 00 00 00 ....:........... e5 1b 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;........... 38 90 30 00 50 01 2f 00 60 1d 2f 00 00 00 2f 00 8.0.P./.`./.../. Windows has finished checking your disk. Please wait while your computer restarts.

Should I have the disk check automatically fix file system errors?

Dr.Web CureIt finished with "No Threats Found." (The first time I tried to run it, the computer crased. When it rebooted, I got the message that said the recycle bin on c:\ is corrupted. It said, "Do you want to empty the recycle bin for this drive?" I said, no. I've received this message several times and I keep saying no.) A CureIt.log was not created.

JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Nov 05 14:54:07 2013 There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: JavaPlugin.FamilyVersionSupport Found and removed: Software\Classes\JavaPlugin.170_06 Found and removed: SOFTWARE\Classes\JavaPlugin Found and removed: SOFTWARE\Classes\JavaPlugin.170_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\.jnlp Found and removed: SOFTWARE\Classes\JNLPFile Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013 Ran by Leslie at 2013-11-05 15:07:42 Run:1 Running from C:\Users\Leslie\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Documents and Settings\All Users\audiults.dll C:\Documents and Settings\All Users\Application Data\audiults.dll C:\Documents and Settings\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 C:\ProgramData\audiults.dll C:\Users\All Users\audiults.dll C:\Users\All Users\Application Data\audiults.dll C:\Users\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://download.eset...lineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://content.syste...el_4.5.13.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) ***************** C:\Documents and Settings\All Users\audiults.dll => Moved successfully. "C:\Documents and Settings\All Users\Application Data\audiults.dll" => File/Directory not found. C:\Documents and Settings\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully. "C:\ProgramData\audiults.dll" => File/Directory not found. "C:\Users\All Users\audiults.dll" => File/Directory not found. "C:\Users\All Users\Application Data\audiults.dll" => File/Directory not found. "C:\Users\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0" => File/Directory not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF8721A1-F487-4FF6-9DCA-D94A06968A32} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{EF8721A1-F487-4FF6-9DCA-D94A06968A32} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D06FA7D3-3FFA-4683-95B7-9EFC295F4FCF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D06FA7D3-3FFA-4683-95B7-9EFC295F4FCF} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF8721A1-F487-4FF6-9DCA-D94A06968A32} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{EF8721A1-F487-4FF6-9DCA-D94A06968A32} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully. HKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} => Key not found. HKCR\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} => Key deleted successfully. HKCR\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => Key deleted successfully. HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully. HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key not found. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2 => Key not found. C:\Windows\system32\npDeployJava1.dll => Moved successfully. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2 => Key not found. C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found. ==== End of Fixlog ====

Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Leslie :: LESLIE-PC [administrator] 11/4/2013 11:16:30 PM mbar-log-2013-11-04 (23-16-30).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 217185 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.926000 GHz Memory total: 3184513024, free: 2676908032 Initializing... ====================== ------------ Kernel report ------------ 11/04/2013 23:16:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Gernuwa.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\Drivers\awlegacy.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ctxusbm.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\dot4usb.sys \SystemRoot\system32\DRIVERS\Dot4.sys \SystemRoot\system32\DRIVERS\Dot4Prt.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\ws2_32.dll \Windows\System32\lpk.dll \Windows\System32\advapi32.dll \Windows\System32\difxapi.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\gdi32.dll \Windows\System32\iertutil.dll \Windows\System32\imagehlp.dll \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\nsi.dll \Windows\System32\Wldap32.dll \Windows\System32\msctf.dll \Windows\System32\ole32.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\clbcatq.dll \Windows\System32\kernel32.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\sechost.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\rpcrt4.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR7 Upper Device Object: 0xffffffff85bb6ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff859b4ca8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff883f9030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000074\ Lower Device Object: 0xffffffff883f9ca8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86ec1218 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff86056028 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86ec1218, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86ec2d18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86ec1218, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86056028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7740BF64 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 945969200 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff85bb6ac8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85c2f7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85bb6ac8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff859b4ca8, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 82155408 Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 3608 Numsec = 3930600 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2014314496 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff883f9030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff883f9990, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff883f9030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff883f9ca8, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Home Premium x86 Ran by Leslie on Mon 11/04/2013 at 23:30:18.66 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D06FA7D3-3FFA-4683-95B7-9EFC295F4FCF} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Leslie\AppData\Roaming\mozilla\firefox\profiles\bgknw8eh.default\extensions\fdbnsxnzlz@fdbnsxnzlz.org.xpi [Tracur] Emptied folder: C:\Users\Leslie\AppData\Roaming\mozilla\firefox\profiles\bgknw8eh.default\minidumps [32 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/04/2013 at 23:31:48.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.011 - Report created 04/11/2013 at 23:34:54 # Updated 03/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : Leslie - LESLIE-PC # Running from : E:\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EE699F-AB25-42D8-8781-558C5D1D2FAD} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1099736F-918D-4628-803B-E4E8B4B73DAC} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E9CF86-68DD-46CC-9B18-370658635768} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7601.17514 -\\ Mozilla Firefox v21.0 (en-US) [ File : C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\bgknw8eh.default\prefs.js ] ************************* AdwCleaner[R0].txt - [48433 octets] - [04/11/2013 23:33:25] AdwCleaner[s0].txt - [1516 octets] - [04/11/2013 23:34:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1576 octets] ########## ESET list of found threats: C:\Documents and Settings\All Users\audiults.dll Win32/PSW.Papras.CD trojan C:\Documents and Settings\All Users\Application Data\audiults.dll Win32/PSW.Papras.CD trojan C:\Documents and Settings\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-3629c05c a variant of Java/Exploit.CVE-2010-4452.A trojan C:\Documents and Settings\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4cf3d289-2fc9a501 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan C:\ProgramData\audiults.dll Win32/PSW.Papras.CD trojan C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\80000000.@.vir probably a variant of Win32/Sirefef.FA trojan C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\800000cb.@.vir a variant of Win32/Sirefef.FL trojan C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\AFFE.tmp.vir a variant of Win32/Kryptik.ADMA trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan C:\TDSSKiller_Quarantine\01.04.2012_09.17.47\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan C:\Users\All Users\audiults.dll Win32/PSW.Papras.CD trojan C:\Users\All Users\Application Data\audiults.dll Win32/PSW.Papras.CD trojan C:\Users\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-3629c05c a variant of Java/Exploit.CVE-2010-4452.A trojan C:\Users\Leslie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4cf3d289-2fc9a501 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by Leslie (administrator) on LESLIE-PC on 05-11-2013 01:01:38 Running from E:\ Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {EF8721A1-F487-4FF6-9DCA-D94A06968A32} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKCU - {D06FA7D3-3FFA-4683-95B7-9EFC295F4FCF} URL = http://www.bing.com/search?q={searchTerms}&FORM=DLSDF7&pc=MDDS&src=IE-SearchBox SearchScopes: HKCU - {EF8721A1-F487-4FF6-9DCA-D94A06968A32} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\bgknw8eh.default FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Leslie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}] - C:\Users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= S3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2003-05-29] (Symantec Corporation) S3 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] () R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo) S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-25] (NETGEAR) S3 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( ) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo) ==================== Drivers (Whitelisted) ==================== R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10901 2003-04-21] (Symantec Corporation) S4 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [24365 2003-05-05] (Symantec Corporation) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software) R0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation) S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.) S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [73496 2010-03-09] (Symantec Corporation) U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [13824 2012-03-30] () S3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [486176 2000-09-26] (Xirlink, Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\Leslie\AppData\Local\Temp\catchme.sys [x] S3 lmimirr; system32\DRIVERS\lmimirr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST 2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 ____D C:\Windows\LastGood 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp 2013-11-04 23:33 - 2013-11-04 23:34 - 00000000 ____D C:\AdwCleaner 2013-11-04 23:31 - 2013-11-04 23:31 - 00001154 _____ C:\Users\Leslie\Desktop\JRT.txt 2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT 2013-11-04 23:16 - 2013-11-04 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-04 23:16 - 2013-11-04 23:16 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-04 23:16 - 2013-11-04 23:16 - 00000000 ____D C:\Users\Leslie\Desktop\mbar 2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp 2013-11-03 23:15 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-03 23:15 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-03 23:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-03 23:15 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-03 23:14 - 2013-11-03 23:59 - 00000000 ____D C:\Qoobox 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp 2013-10-31 22:45 - 2013-11-04 23:36 - 00001812 _____ C:\Windows\setupact.log 2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-31 22:43 - 2013-11-03 08:53 - 391172094 _____ C:\avenger.txt 2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google 2013-10-31 22:23 - 2013-10-31 22:44 - 00000000 ____D C:\ProgramData\gpngVpn3 2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google 2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx 2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp 2013-10-23 13:37 - 2009-08-19 22:50 - 00046928 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll 2013-10-23 13:37 - 2009-08-19 22:50 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll 2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-10-07 09:38 - 2013-10-23 14:09 - 00000000 ____D C:\Users\Leslie\AppData\Local\Deployment 2013-10-06 23:02 - 2013-10-06 23:02 - 00000000 _____ C:\Windows\system32\Drivers\OLDC4F4.tmp 2013-10-06 23:02 - 2013-10-06 23:02 - 00000000 _____ C:\Windows\system32\Drivers\OLDC340.tmp 2013-10-06 23:00 - 2013-10-07 20:58 - 00011567 _____ C:\Users\Leslie\Documents\soccer list 2013.xlsx 2013-10-06 22:59 - 2013-10-06 22:59 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\Program Files\iTunes 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST 2013-11-05 01:00 - 2010-02-16 16:48 - 00000000 ____D C:\Users\Leslie\Documents\Adobe 2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET 2013-11-04 23:43 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-04 23:43 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-04 23:41 - 2009-12-03 15:59 - 00785112 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-04 23:39 - 2009-07-13 23:55 - 01302639 _____ C:\Windows\WindowsUpdate.log 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 ____D C:\Windows\LastGood 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp 2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp 2013-11-04 23:36 - 2013-10-31 22:45 - 00001812 _____ C:\Windows\setupact.log 2013-11-04 23:36 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-04 23:34 - 2013-11-04 23:33 - 00000000 ____D C:\AdwCleaner 2013-11-04 23:31 - 2013-11-04 23:31 - 00001154 _____ C:\Users\Leslie\Desktop\JRT.txt 2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT 2013-11-04 23:25 - 2013-11-04 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-04 23:16 - 2013-11-04 23:16 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-04 23:16 - 2013-11-04 23:16 - 00000000 ____D C:\Users\Leslie\Desktop\mbar 2013-11-04 10:01 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Word 2013-11-04 09:44 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Excel 2013-11-03 23:59 - 2013-11-03 23:14 - 00000000 ____D C:\Qoobox 2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp 2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp 2013-11-03 23:24 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini 2013-11-03 23:22 - 2012-03-31 22:18 - 00000000 ____D C:\Windows\ERDNT 2013-11-03 23:22 - 2009-07-13 21:03 - 49283072 _____ C:\Windows\system32\config\software.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 15204352 _____ C:\Windows\system32\config\system.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00524288 _____ C:\Windows\system32\config\default.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-11-03 23:21 - 2010-02-16 16:24 - 00000000 ____D C:\Users\Leslie 2013-11-03 23:14 - 2009-07-13 23:53 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp 2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp 2013-11-03 08:53 - 2013-10-31 22:43 - 391172094 _____ C:\avenger.txt 2013-11-02 10:46 - 2012-11-14 23:50 - 00003117 _____ C:\SeagateAdapter 2013-10-31 22:56 - 2010-03-13 22:07 - 00007620 _____ C:\Users\Leslie\AppData\Local\Resmon.ResmonCfg 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp 2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp 2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-31 22:44 - 2013-10-31 22:23 - 00000000 ____D C:\ProgramData\gpngVpn3 2013-10-31 22:43 - 2009-12-03 17:44 - 00000000 ____D C:\Windows\Panther 2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google 2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google 2013-10-31 22:20 - 2010-09-27 13:55 - 00002054 ____H C:\Users\Leslie\Documents\Default.rdp 2013-10-31 22:19 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-30 14:13 - 2010-08-25 10:45 - 00000000 ____D C:\Users\Leslie\Documents\My Scans 2013-10-28 17:59 - 2012-08-26 18:59 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\.minecraft 2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx 2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv 2013-10-23 23:14 - 2010-03-16 22:54 - 00000000 ____D C:\Users\Leslie\Documents\Fax 2013-10-23 14:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp 2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp 2013-10-23 14:19 - 2010-02-16 16:25 - 00000000 ____D C:\Users\Leslie\AppData\Local\Adobe 2013-10-23 14:18 - 2012-04-24 12:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-23 14:18 - 2011-11-28 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-23 14:09 - 2013-10-07 09:38 - 00000000 ____D C:\Users\Leslie\AppData\Local\Deployment 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp 2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp 2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Adobe 2013-10-22 17:58 - 2013-05-24 15:25 - 00000000 ____D C:\Quickbooks backup files 2013-10-21 17:26 - 2012-01-03 11:06 - 00000000 ___RD C:\Users\Leslie\Dropbox 2013-10-21 17:26 - 2012-01-03 11:03 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Dropbox 2013-10-07 20:58 - 2013-10-06 23:00 - 00011567 _____ C:\Users\Leslie\Documents\soccer list 2013.xlsx 2013-10-07 09:38 - 2010-03-10 00:35 - 00000000 ___HD C:\Users\Leslie\AppData\Local\Apps\2.0 2013-10-06 23:02 - 2013-10-06 23:02 - 00000000 _____ C:\Windows\system32\Drivers\OLDC4F4.tmp 2013-10-06 23:02 - 2013-10-06 23:02 - 00000000 _____ C:\Windows\system32\Drivers\OLDC340.tmp 2013-10-06 22:59 - 2013-10-06 22:59 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\Program Files\iTunes 2013-10-06 22:58 - 2013-10-06 22:58 - 00000000 ____D C:\Program Files\iPod 2013-10-06 22:58 - 2010-03-12 00:14 - 00000000 ____D C:\Program Files\Common Files\Apple Files to move or delete: ==================== C:\ProgramData\audiults.dll Some content of TEMP: ==================== C:\Users\Leslie\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 11:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013 Ran by Leslie at 2013-11-05 01:01:57 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8) Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.2.0) Adobe Acrobat 9.2.0 - CPSID_50026 Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.6.602.180) Adobe Reader 9.2 (Version: 9.2.0) AIO_Scan (Version: 130.0.365.000) Aleks 3.15 Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) BufferChm (Version: 130.0.331.000) C7200 (Version: 130.0.365.000) C7200_Help (Version: 100.0.206.000) Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.0.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4) Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9) Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34) Canon Personal Printing Guide (Version: 1.0.0.1) Canon PowerShot SX120 IS Camera User Guide (Version: 1.0.1.2) Canon Utilities CameraWindow (Version: 7.3.0.4) Canon Utilities CameraWindow DC (Version: 7.4.1.10) Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19) Canon Utilities MyCamera (Version: 7.3.0.5) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (Version: 6.4.0.7) Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11) Citrix Online Launcher (Version: 1.0.110) Citrix online plug-in - web (Version: 12.1.0.30) Citrix online plug-in (DV) (Version: 12.1.0.30) Citrix online plug-in (HDX) (Version: 12.1.0.30) Citrix online plug-in (USB) (Version: 12.1.0.30) Citrix online plug-in (Web) (Version: 12.1.0.30) Copy (Version: 130.0.428.000) Dell Backup and Recovery Manager (Version: 1.1.0) Dell Edoc Viewer (Version: 1.0.0) Destinations (Version: 130.0.0.0) DeviceDiscovery (Version: 130.0.465.000) DocProc (Version: 13.0.0.0) Dropbox (HKCU Version: 2.0.22) ESET Online Scanner v3 Fax (Version: 130.0.418.000) GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172) GPBaseService2 (Version: 130.0.371.000) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) HP Update (Version: 4.000.011.006) HPPhotoGadget (Version: 130.0.282.000) HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000) HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000) HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000) hpphotosmartdisclabelplugin (Version: 2.04.0000) HPPhotosmartEssential (Version: 2.04.0000) HPProductAssistant (Version: 130.0.371.000) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2869) Intel® TV Wizard Intel® Matrix Storage Manager Internet Explorer (Enable DEP) iTunes (Version: 11.1.1.11) iVideo Converter Java 7 Update 6 (Version: 7.0.60) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 14.0.8089.726) LiveReg (Symantec Corporation) (Version: 2.3.0.1833) LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Maxtor Backup (Version: 1.00.0011) Maxtor OneTouch III (Version: 3.00.0015) Memeo Instant Backup (Version: 4.60.0.7252) MFCLOC (Version: 1.00.0000) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014) Microsoft Office Basic 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Search Enhancement Pack (Version: 1.2.123.0) Microsoft Silverlight (Version: 4.0.60831.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) NETGEAR Genie (Version: 2.2.27.1 ) Network (Version: 130.0.572.000) OCR Software by I.R.I.S. 13.0 (Version: 13.0) PowerDVD DX (Version: 8.3.5424) PS_AIO_02_ProductContext (Version: 130.0.365.000) PS_AIO_02_Software (Version: 130.0.365.000) PS_AIO_02_Software_Min (Version: 130.0.365.000) QuickBooks (Version: 23.0.4007.2305) QuickBooks Pro 2013 (Version: 23.0.4006.2305) QuickTime (Version: 7.69.80.9) Realtek High Definition Audio Driver (Version: 6.0.1.5859) Roxio Creator Audio (Version: 3.7.0) Roxio Creator Copy (Version: 3.7.0) Roxio Creator Data (Version: 3.7.0) Roxio Creator DE 10.3 (Version: 10.3) Roxio Creator DE 10.3 (Version: 3.7.0) Roxio Creator Tools (Version: 3.7.0) Roxio Express Labeler 3 (Version: 3.2.2) Roxio Update Manager (Version: 6.0.0) Scan (Version: 13.0.0.0) Seagate Dashboard (Version: 1.0.0.809) Skype Toolbars (Version: 1.0.4051) Skype™ 4.2 (Version: 4.2.187) SmartWebPrinting (Version: 130.0.457.000) SolutionCenter (Version: 130.0.373.000) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) Status (Version: 130.0.469.000) Symantec pcAnywhere (Version: 11.0.0) System Requirements Lab for Intel (Version: 4.5.13.0) Toolbox (Version: 130.0.648.000) TrayApp (Version: 130.0.422.000) UnloadSupport (Version: 11.0.0) ViewChoice Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1) WebReg (Version: 130.0.132.017) Where in the World Is Carmen Sandiego? Treasures of Knowledge Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Photo Gallery (Version: 14.0.8081.709) Windows Live Sign-in Assistant (Version: 5.000.818.5) Windows Live Sync (Version: 14.0.8089.726) Windows Live Toolbar (Version: 14.0.8064.206) Windows Live Upload Tool (Version: 14.0.8014.1029) Windows Live Writer (Version: 14.0.8089.0726) ==================== Restore Points ========================= 04-11-2013 15:26:24 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 21:04 - 2013-11-03 23:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {7B50BDB3-C216-4BCA-8886-B8714390C5E1} - System32\Tasks\task251025498 => C:\Users\Public\Documents\e.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Photosmart C7200 series Description: Photosmart C7200 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (11/04/2013 11:36:09 PM) (Source: Service Control Manager) (User: ) Description: The NETGEARGenieDaemon service failed to start due to the following error: %%1053 Error: (11/04/2013 11:36:09 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect. Microsoft Office Sessions: ========================= Error: (01/05/2013 11:02:52 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4986 seconds with 2040 seconds of active time. This session ended with a crash. Error: (10/12/2011 02:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/12/2011 11:52:38 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3544 seconds with 1860 seconds of active time. This session ended with a crash. Error: (12/23/2010 00:36:34 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11035 seconds with 4440 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-04-01 01:15:54.508 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 01:15:54.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.302 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.043 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 3036.99 MB Available physical RAM: 1982.22 MB Total Pagefile: 6072.26 MB Available Pagefile: 5141.29 MB Total Virtual: 2047.88 MB Available Virtual: 1871.11 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:9.89 GB) NTFS Drive e: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 7740BF64) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 82155408) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================

Also, ComboFix did not close properly. An error message popped up saying that the installation was unsuccessful and that the Recycle bin was corrupted. It asked me if I wanted to delete the Recycle bin. I said no.

That worked. Here is the log file: ComboFix 13-11-03.02 - Leslie 11/03/2013 23:16:36.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2449 [GMT -5:00] Running from: E:\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Google\Desktop\Install c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\@ c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\00000001.@ c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\00000002.@ c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\80000000.@ c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\80000001.@ c:\program files\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\9519~1\A535~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\U\800000cb.@ c:\programdata\Microsoft\Windows\DRM\AFFE.tmp c:\users\Leslie\AppData\Local\Google\Desktop\Install c:\users\Leslie\AppData\Local\Google\Desktop\Install\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\2E2F~1\28F0~1\E628~1\{a7099379-9a4c-a3ff-eeca-e490979c0b6e}\@ c:\users\Leslie\g2mdlhlpx.exe c:\windows\PFRO.log c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-10-04 to 2013-11-04 ))))))))))))))))))))))))))))))) . . 2013-11-04 04:24 . 2013-11-04 04:24 0 ----a-w- c:\windows\system32\drivers\OLD3B6B.tmp 2013-11-04 04:24 . 2013-11-04 04:24 0 ----a-w- c:\windows\system32\drivers\OLD3A82.tmp 2013-11-03 13:59 . 2013-11-03 14:17 -------- d-----w- C:\temp 2013-11-03 13:57 . 2013-11-03 13:57 0 ----a-w- c:\windows\system32\drivers\OLD7E25.tmp 2013-11-03 13:57 . 2013-11-03 13:57 0 ----a-w- c:\windows\system32\drivers\OLD7BB6.tmp 2013-11-01 03:48 . 2013-11-01 04:18 -------- d-----w- c:\windows\Logs 2013-11-01 03:46 . 2013-11-01 03:46 0 ----a-w- c:\windows\system32\drivers\OLD7DF6.tmp 2013-11-01 03:46 . 2013-11-01 03:46 0 ----a-w- c:\windows\system32\drivers\OLD7CEE.tmp 2013-11-01 03:28 . 2013-11-01 03:28 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-11-01 03:24 . 2013-11-01 03:24 -------- d-----w- c:\program files\Google 2013-11-01 03:23 . 2013-11-01 03:44 -------- d-----w- c:\programdata\gpngVpn3 2013-11-01 03:23 . 2013-11-01 03:23 -------- d-----w- c:\users\Leslie\AppData\Local\Google 2013-10-23 19:23 . 2013-10-23 19:23 0 ----a-w- c:\windows\system32\drivers\OLD6FD3.tmp 2013-10-23 19:23 . 2013-10-23 19:23 0 ----a-w- c:\windows\system32\drivers\OLD6E00.tmp 2013-10-23 18:39 . 2013-10-23 18:39 0 ----a-w- c:\windows\system32\drivers\OLD9186.tmp 2013-10-23 18:39 . 2013-10-23 18:39 0 ----a-w- c:\windows\system32\drivers\OLD8E1D.tmp 2013-10-23 18:37 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-10-23 18:37 . 2009-08-20 03:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll 2013-10-07 14:38 . 2013-10-23 19:09 -------- d-----w- c:\users\Leslie\AppData\Local\Deployment 2013-10-07 04:02 . 2013-10-07 04:02 0 ----a-w- c:\windows\system32\drivers\OLDC4F4.tmp 2013-10-07 04:02 . 2013-10-07 04:02 0 ----a-w- c:\windows\system32\drivers\OLDC340.tmp 2013-10-07 03:58 . 2013-10-07 03:58 -------- d-----w- c:\program files\iPod 2013-10-07 03:58 . 2013-10-07 03:58 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-07 03:58 . 2013-10-07 03:58 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-23 19:18 . 2012-04-24 17:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-23 19:18 . 2011-11-29 03:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-11 20:55 . 2013-08-11 20:55 0 ----a-w- c:\windows\system32\drivers\OLD7A00.tmp 2013-08-11 20:55 . 2013-08-11 20:55 0 ----a-w- c:\windows\system32\drivers\OLD77DF.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-10-03 03:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-10-03 08:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\disks-sd] 2012-06-19 19:10 76800 ----a-w- c:\programdata\audiults.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2013-05-23 07:11 2786104 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch] 2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup] 2010-04-23 00:33 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie] 2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400] R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\bgknw8eh.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2011-10-24 09:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3036) c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\System32\dinotify.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2013-11-03 23:26:40 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-04 04:26 ComboFix2.txt 2012-04-01 14:24 . Pre-Run: 3,781,439,488 bytes free Post-Run: 11,682,406,400 bytes free . - - End Of File - - 53943C00116BF4D2099AC81B71311C77 CDB4DE4BBD714F152979DA2DCBEF57EB

My files are now backed up. I tried to download ComboFix, but I cannot get it to save to my computer. It goes through the steps but then nothing is there.

Yes I would like to proceed with trying to clean the computer. Is it okay to back up files beforehand?

Will system restore work? If I do need to reformat, can I backup my files beforehand? I do have a backup but it doesn't have some newer files.

Malwarebytes found 3 instances of Rootkit.0.Access. Redirects went away but the computer is now running very slowly. Couldn't download dds.scr, but had it on my computer from last year: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.6.2 Run by Leslie at 0:36:56 on 2013-11-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1773 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\dinotify.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Google Update] mRun: [<NO NAME>] mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DhcpNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll Notify: PCANotify - PCANotify.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\bgknw8eh.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\leslie\appdata\local\citrix\plugins\104\npappdetector.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-3 81920] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-25 195400] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2013-3-11 1248256] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-3 167936] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 117144] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-13 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400] S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2010-10-4 486176] . =============== Created Last 30 ================ . 2013-11-01 03:48:41 -------- d-----w- c:\windows\Logs 2013-11-01 03:46:34 0 ----a-w- c:\windows\system32\drivers\OLD7DF6.tmp 2013-11-01 03:46:34 0 ----a-w- c:\windows\system32\drivers\OLD7CEE.tmp 2013-11-01 03:28:11 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-11-01 03:23:42 -------- d-----w- c:\programdata\gpngVpn3 2013-11-01 03:23:39 -------- d-----w- c:\users\leslie\appdata\local\Google 2013-10-23 19:23:08 0 ----a-w- c:\windows\system32\drivers\OLD6FD3.tmp 2013-10-23 19:23:07 0 ----a-w- c:\windows\system32\drivers\OLD6E00.tmp 2013-10-23 18:39:14 0 ----a-w- c:\windows\system32\drivers\OLD9186.tmp 2013-10-23 18:39:13 0 ----a-w- c:\windows\system32\drivers\OLD8E1D.tmp 2013-10-23 18:37:35 46928 ----a-r- c:\windows\system32\AdobePDF.dll 2013-10-23 18:37:35 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-10-07 14:38:06 -------- d-----w- c:\users\leslie\appdata\local\Deployment 2013-10-07 04:02:52 0 ----a-w- c:\windows\system32\drivers\OLDC4F4.tmp 2013-10-07 04:02:52 0 ----a-w- c:\windows\system32\drivers\OLDC340.tmp 2013-10-07 03:58:45 -------- d-----w- c:\program files\iPod 2013-10-07 03:58:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-07 03:58:44 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2013-10-23 19:18:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-23 19:18:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-11 20:55:42 0 ----a-w- c:\windows\system32\drivers\OLD7A00.tmp 2013-08-11 20:55:42 0 ----a-w- c:\windows\system32\drivers\OLD77DF.tmp . ============= FINISH: 0:37:56.87 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/16/2010 4:24:46 PM System Uptime: 10/31/2013 11:43:52 PM (1 hours ago) . Motherboard: Dell Inc. | | 0CKCXH Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 293.946 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C7200 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP239: 9/2/2013 11:29:50 AM - Scheduled Checkpoint RP240: 9/9/2013 2:54:48 PM - Scheduled Checkpoint RP241: 9/17/2013 9:33:11 AM - Scheduled Checkpoint RP242: 9/25/2013 1:00:16 AM - Scheduled Checkpoint RP243: 10/2/2013 9:46:21 AM - Scheduled Checkpoint RP244: 10/6/2013 11:55:20 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers RP245: 10/6/2013 11:56:18 PM - Device Driver Package Install: Apple Network adapters RP246: 10/14/2013 1:44:20 AM - Scheduled Checkpoint RP247: 10/21/2013 10:11:14 AM - Scheduled Checkpoint RP248: 10/28/2013 12:28:35 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Acrobat 9.2.0 - CPSID_50026 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 AIO_Scan Aleks 3.15 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm C7200 C7200_Help Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon Personal Printing Guide Canon PowerShot SX120 IS Camera User Guide Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC 8 Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Citrix Online Launcher Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Copy Dell Backup and Recovery Manager Dell Edoc Viewer Destinations DeviceDiscovery DocProc Dropbox Fax GoToMeeting 5.7.0.1172 GPBaseService2 HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. 2 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPProductAssistant Intel® Graphics Media Accelerator Driver Intel® TV Wizard Intel® Matrix Storage Manager Internet Explorer (Enable DEP) iTunes iVideo Converter Java 7 Update 6 Java Auto Updater Junk Mail filter update LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Maxtor Backup Maxtor OneTouch III Memeo Instant Backup MFCLOC Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Basic 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NETGEAR Genie Network OCR Software by I.R.I.S. 13.0 PowerDVD DX PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_Min QuickBooks QuickBooks Pro 2013 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scan Seagate Dashboard Skype Toolbars Skype™ 4.2 SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status Symantec pcAnywhere System Requirements Lab for Intel Toolbox TrayApp UnloadSupport ViewChoice Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) WebReg Where in the World Is Carmen Sandiego? Treasures of Knowledge Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 10/31/2013 11:46:45 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 10/31/2013 11:46:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 10/29/2013 7:20:48 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. . ==== End Of File ===========================

Thank you very much for all of your help!

One other question. I only ran tdsskiller in safe mode. Should I run it in normal mode?

I also have tdsskiller on my desktop. Should I uninstall that?

I think that worked. My first copy is gone. Now should I just delete the desktop icons for the other two copies?

When I type ComboFix /uninstall I get a message saying Windows cannot find 'ComboFix3.exe' ComboFix3 is what I named my third copy of ComboFix. If I try ComboFix3 /uninstall I get 0 items in the search results.

<h3> <strong><span style="font-size: 12px">Here are the results. Did I do it right?</span></strong></h3> <p>File already analysed</p> <div class="modal-body"> <p>This file was already analysed by VirusTotal on <strong><span id="last-analysis-date">2012-02-19 00:04:33</span></strong>.</p> <p>Detection ratio: <strong><span id="detection-ratio">0/41</span></strong></p> <p>You can take a look at the last analysis or analyse it again now.</p> </div> <div class="modal-footer"> </div>