dcw182
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dcw182
-
-
Everything is deleted and so I guess I shall run a normal day tomorrow and see what happens. I can't thank you enough! Come to Costa Rica, Dominical, we have wonderful vacation properties and will give you a good deal for taking such good care of me! Can I post how you can contact me or our website?
-
I'm not sure what you mean by this, what files do you want to delete?? I have a lot of files that are not program files but are related to running the programs. Notebook and folders of misc. Can I delete all this and only keep my Malwarebytes?
You need an anti-virus (you have McAfee at the present time) and Malwarebytes Do I need two? And how good is McAfee?I am SO appreciative of all you have done for me and malwarebytes org I am happy to buy the Pro. Obviously you know your stuff. Do I need this? And if I do, then do I disable my McAfee?
-
I miss understood that part when I read it......that big word, "or"
Everything went smoothly and now I need to know how to delete the other programs. Just right click and delete or is there a better way?
I see these programs in my program file I am unsure of and have today's date on them as being installed, and I can uninstall. Should these been uninstalled?
Advanced Audio FX Engine
Realtek High Definition Audio Driver
Revo Uninstaler 1.95
And another question for you: Should I delete all the other files I have accumulated over all this repair process and just go with the Pro Malwarebytes to keep me secure?
I hope I am making sense here. Hard to convey what I mean in words sometimes.
deb
-
I was able to uninstall the Java 6 file.
Thank you for the info on WD, I will be installing Pro version of Malwarebytes.
Things were going too smoothly.....
I did use combofix and downloaded it to my desktop. It's in a zip file. Inside the zip file is the exe file that it will not allow me to rename it.
I do not show combofix in my windows uninstall list.
When I do the windows logo key + R I get the window that windows can't find it.
Now what?
-
Yep, it appears we are finally getting there! When I downloaded the Security Check, McAfee Security immediately quarantined a file called: Artemis!32F2448BF194 (Trojan) This stopped the SecurityCheck from downloading completely. I turned McAfee off and redownloaded.
Also it appears I have the McAfee Anti-Virus and Anti-Spyware AND the Windows Defender running. Is this not good to have two running at the same time? I'm not that thrilled, as I got a virus and I had McAfee. Recommendations?
Results of screen317's Security Check version 0.99.77Windows 7 Service Pack 1 x64 (UAC is enabled)Internet Explorer 11``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!McAfee Anti-Virus and Anti-SpywareWMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````Malwarebytes Anti-Malware version 1.75.0.1300Java 6 Update 31Java 7 Update 45Adobe Flash Player 11.9.900.152Adobe Reader XI````````Process Check: objlist.exe by Laurent````````mcafee VIRUSS~1 mcvsmap.exemcafee VIRUSS~1 mcvsshld.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 1%````````````````````End of Log`````````````````````` -
# AdwCleaner v3.014 - Report created 10/12/2013 at 10:51:15# Updated 01/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Debbie - DEBBIE-DELL# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v[ File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\prefs.js ]-\\ Google Chrome v[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [36566 octets] - [03/12/2013 11:29:08]AdwCleaner[R1].txt - [1002 octets] - [03/12/2013 15:11:03]AdwCleaner[R2].txt - [1403 octets] - [05/12/2013 22:57:13]AdwCleaner[R3].txt - [1241 octets] - [10/12/2013 10:45:26]AdwCleaner[s0].txt - [35657 octets] - [03/12/2013 11:50:46]AdwCleaner[s1].txt - [1063 octets] - [03/12/2013 15:12:27]AdwCleaner[s2].txt - [1435 octets] - [05/12/2013 23:04:10]AdwCleaner[s3].txt - [1163 octets] - [10/12/2013 10:51:15]########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1223 octets] ##########Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.10.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428Debbie :: DEBBIE-DELL [administrator]12/10/13 11:09:57 AMMBAM-log-2013-12-10 (12-59-02).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 465340Time elapsed: 1 hour(s), 37 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> No action taken.C:\AdwCleaner\Quarantine\C\Windows\System32\ljkb\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> No action taken.(end)Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.10.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428Debbie :: DEBBIE-DELL [administrator]12/10/13 11:09:57 AMmbam-log-2013-12-10 (11-09-57).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 465340Time elapsed: 1 hour(s), 37 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> Quarantined and deleted successfully.C:\AdwCleaner\Quarantine\C\Windows\System32\ljkb\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.(end)
-
It worked!
ComboFix 13-12-08.01 - Debbie 12/09/13 22:02:44.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1981 [GMT -6:00]Running from: c:\users\Debbie\AppData\Local\Temp\Temp1_ComboFix.zip\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\CRRedist2008_x86.exec:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpackc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\bootstrap.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\defaults\preferences\prefs.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\page-mod.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\private-browsing.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\request.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\windows.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon\runner.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\api-utils.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\base64.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\byte-streams.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\collection.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-proxy.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-worker.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\loader.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\symbiont.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\worker.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\cortex.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\cuddlefish.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\deprecate.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom\events.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\environment.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\errors.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\core.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\target.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events\assembler.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\file.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\functional.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\globals.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\heritage.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\hidden-frame.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\core.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\html.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\loader.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\locale.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\prefs.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\light-traits.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\list.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\loader.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\match-pattern.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\memory.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\namespace.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\observer-service.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\plain-text-console.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\preferences-service.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing\utils.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\promise.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\querystring.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\runtime.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\sandbox.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\self.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system\events.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\events.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\observer.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\tab.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\utils.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\text-streams.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\timer.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traceback.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits\core.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\unload.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\url.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\data.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\object.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\registry.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\thumbnail.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\uuid.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window-utils.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window\utils.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\dom.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\loader.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\observer.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\tabs.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xhr.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xpcom.jsc:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xul-app.jsc:\windows\PFRO.log..((((((((((((((((((((((((( Files Created from 2013-11-10 to 2013-12-10 )))))))))))))))))))))))))))))))..2013-12-10 04:13 . 2013-12-10 04:13 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-10 04:09 . 2013-12-10 04:09 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3091C3C-2D9B-47B5-BDF5-CBF7D08BA74B}\offreg.dll2013-12-09 00:22 . 2013-11-18 07:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3091C3C-2D9B-47B5-BDF5-CBF7D08BA74B}\mpengine.dll2013-12-07 04:34 . 2013-12-10 01:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-12-07 04:34 . 2013-12-10 01:17 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2013-12-07 04:31 . 2013-12-10 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-06 18:05 . 2013-12-10 01:04 -------- d-----w- C:\FRST2013-12-03 20:26 . 2013-12-03 20:26 -------- d-----w- C:\_OTM2013-12-03 18:32 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-03 18:32 . 2013-12-03 18:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-03 17:28 . 2013-12-06 05:04 -------- d-----w- C:\AdwCleaner2013-12-03 17:07 . 2013-12-03 17:07 -------- d-----w- c:\program files (x86)\VS Revo Group2013-12-03 16:19 . 2013-09-23 19:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys2013-12-03 16:17 . 2013-12-03 16:17 -------- d-----w- c:\program files\McAfee.com2013-12-03 16:17 . 2013-12-06 07:37 -------- d-----w- c:\program files (x86)\McAfee2013-12-03 15:36 . 2013-11-04 22:46 182752 ----a-w- c:\windows\system32\mfevtps.exe2013-11-29 14:16 . 2013-11-29 14:16 -------- d-----w- c:\windows\Migration2013-11-29 06:25 . 2013-11-29 06:25 -------- d-----w- c:\users\Debbie\AppData\Roaming\Malwarebytes2013-11-29 06:25 . 2013-11-29 06:25 -------- d-----w- c:\programdata\Malwarebytes2013-11-29 06:23 . 2013-11-29 06:23 -------- d-----w- c:\users\Debbie\AppData\Local\Programs2013-11-29 05:22 . 2013-11-29 05:22 -------- d-----w- c:\users\Debbie\AppData\Roaming\McAFee TechCheck2013-11-29 05:20 . 2000-05-22 07:00 244416 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx2013-11-29 05:20 . 2000-05-22 07:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX2013-11-29 05:20 . 2013-11-29 05:24 -------- d-----w- c:\users\Debbie\AppData\Roaming\TechCheck2013-11-28 15:50 . 2013-12-03 16:18 -------- d-----w- c:\program files\Common Files\McAfee2013-11-28 15:24 . 2013-11-28 15:31 -------- d-----w- c:\program files\stinger2013-11-28 03:51 . 2013-11-28 03:51 -------- d-----w- c:\program files\iPod2013-11-28 03:51 . 2013-11-28 03:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-28 03:51 . 2013-11-28 03:52 -------- d-----w- c:\program files\iTunes2013-11-28 03:51 . 2013-11-28 03:52 -------- d-----w- c:\program files (x86)\iTunes2013-11-28 02:10 . 2013-10-16 16:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll2013-11-27 23:04 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-11-27 22:52 . 2013-11-27 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-27 22:52 . 2013-11-27 22:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-15 19:51 . 2013-11-15 19:58 -------- d-----w- C:\bbc32f117dc597ff11b76deb2013-11-15 02:49 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-15 02:49 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-15 02:49 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-15 02:49 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-15 02:49 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-15 02:49 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-15 02:49 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-15 02:49 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-15 02:49 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-10 02:21 . 2013-10-29 03:27 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2013-11-27 22:44 . 2012-04-10 05:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-11-27 22:44 . 2012-03-14 21:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-21 12:52 . 2013-10-22 05:15 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-11-19 09:33 . 2010-09-03 06:14 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-18 18:07 . 2013-08-08 03:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2013-11-07 22:00 . 2010-09-05 00:05 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-04 22:51 . 2013-09-25 02:29 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-11-04 22:46 . 2013-09-25 02:25 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2013-11-04 22:43 . 2013-09-25 02:22 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-11-04 22:41 . 2013-09-25 02:21 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-11-04 22:40 . 2013-09-25 02:20 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-11-04 22:39 . 2013-09-25 02:19 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-10-20 15:31 . 2013-10-20 15:31 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-09-25 02:25 . 2013-10-09 05:42 182752 ----a-w- c:\windows\system32\mfevtps.exe.82a7.deleteme2013-09-20 15:38 . 2013-09-20 15:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys2013-09-20 15:38 . 2013-09-20 15:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys2013-09-20 15:37 . 2013-09-20 15:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys2013-09-17 15:29 . 2013-09-21 04:39 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys2013-09-12 03:21 . 2013-09-12 03:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll2013-09-12 03:21 . 2013-09-12 03:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll2013-09-12 03:21 . 2013-09-12 03:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll2013-09-12 03:21 . 2013-09-12 03:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll2013-09-12 01:39 . 2013-09-12 01:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll2013-09-12 01:39 . 2013-09-12 01:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll2013-09-12 01:39 . 2013-09-12 01:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll2013-09-12 01:39 . 2013-09-12 01:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll2012-01-06 19:41 . 2012-01-06 19:41 14848 ----a-w- c:\program files (x86)\EDDI7.vshost.exe2012-01-06 19:40 . 2012-01-06 19:40 10718208 ----a-w- c:\program files (x86)\EDDI7.exe2012-01-06 19:40 . 2012-01-06 19:40 71168 ----a-w- c:\program files (x86)\TRIBUTA_LN.DLL2012-01-06 19:40 . 2012-01-06 19:40 281600 ----a-w- c:\program files (x86)\TRIBUTA_EN.DLL2012-01-06 19:40 . 2012-01-06 19:40 17408 ----a-w- c:\program files (x86)\TRIBUTA_AD.DLL2011-08-25 15:58 . 2011-08-25 15:58 17920 ----a-w- c:\program files (x86)\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll2011-02-19 03:54 . 2011-02-19 03:54 3518464 ----a-w- c:\program files (x86)\itextsharp.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616].c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe /t [2010-9-4 157088].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x]R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]R4 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe;c:\program files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [x]R4 sbupdate;AOL Update Service (sbupdate);c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe;c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [x]R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]R4 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]R4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]S2 EntryProtect;DataMask by AOL;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe [x]S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys;c:\windows\SYSNATIVE\drivers\epfilter.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH8000.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - epinject.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:44].2013-12-10 c:\windows\Tasks\DriverUpdate Startup.job- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 21:26].2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 06:52].2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 06:52].2013-09-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13].2013-12-10 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-27 04:57].2013-12-10 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-27 04:57].2014-09-26 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 10.0.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk - c:\users\Debbie\AppData\Local\Temp\_uninst_05648578.batc:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrunHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file)WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)AddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files (x86)\AGI\core\4.2.0.10753\InstallerGUI.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-09 22:18:39ComboFix-quarantined-files.txt 2013-12-10 04:18.Pre-Run: 156,617,891,840 bytes freePost-Run: 156,508,192,768 bytes free.- - End Of File - - 9C919F3D0CB787CFE140D2F107E58C6F -
I downloaded ComboFix.exe and right at the end of the download my McAfee program said it quarantined a Trojan. I have disabled my firewall on McAfee before running this. And when I went to open the ComboFix.exe file it says "Safari can't show the file because it has moved since you downloaded it."
now what?
-
without screwing up this time? I will try!
-
By George I think we got it!!
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Debbie [Admin rights]Mode : Scan -- Date : 12/09/2013 20:49:36| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 10 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 1 ¤¤¤[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++--- User ---[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12092013_204936.txt >> -
Touché! I deserved that. And speaking of restoring and bringing back in the virus......does this mean my passport, external backup, is virused too? I disconnected it about two weeks ago, suspecting trouble and have not used it since. Do I dare plug it in and try to recapture files off of it?
I followed your directions above and the reports are below. In my first scan of mbar.exe, it showed I had no malware and no cleanup was necessary. So I skipped the second scan.
At the end of all this my internet is working fine, my updates are current and my McAfee firewall is on.
=======================================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2013
Ran by Debbie at 2013-12-09 19:04:26 Run:2
Running from C:\Users\Debbie\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
==== End of Fixlog ====
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.09.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Debbie :: DEBBIE-DELL [administrator]
12/09/13 7:17:48 PM
mbar-log-2013-12-09 (19-17-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 258187
Time elapsed: 33 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16428
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081606656, free: 1941450752
Downloaded database version: v2013.12.09.08
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/09/2013 19:17:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\ElRawDsk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\??\C:\Windows\system32\drivers\epfilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\bcmvwl64.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\SaiH8000.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\ACFSDK64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\ACFXAU64.sys
\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\btusbflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c66060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800493e050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c66060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004ada9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c66060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800493e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7188B833
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30926848 Numsec = 594213552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
-
This is crazy. How am I getting infected? I am not a surfer, nor do I open up attachments unless I confirm from the sender they are good. Or is this a past one still lurking? Thanks so much for your patience! I Already had the Farbar Recovery on my computer, so I ran another scan from that.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013Ran by Debbie (administrator) on DEBBIE-DELL on 09-12-2013 13:03:36Running from C:\Users\Debbie\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal==================== Processes (Whitelisted) =================(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe(AOL) C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)MountPoints2: E - E:\LaunchU3.exe -aMountPoints2: H - H:\LaunchU3.exe -aMountPoints2: {056b6265-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exeMountPoints2: {056b6270-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exeMountPoints2: {056b627d-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exeMountPoints2: {097a27df-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exeMountPoints2: {097a2803-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exeMountPoints2: {2e3ae15a-f82f-11e0-9a34-c44619fd34a2} - "E:\WD SmartWare.exe" autoplay=trueMountPoints2: {3a03f7dd-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exeMountPoints2: {3a03f7e9-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exeMountPoints2: {4c86b20b-ea9e-11df-aca7-00038a000015} - "E:\WD SmartWare.exe" autoplay=trueMountPoints2: {a6b050e8-3bac-11e1-9810-c44619fd34a2} - H:\LaunchU3.exe -aHKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnkShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnkShortcutTarget: _uninst_05648578.lnk -> C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat (No File)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)BootExecute: autocheck autochk /p \??\F:autocheck autochk *==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x760B2275FDECCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKCU - {907C29F0-1F7C-41DE-B59B-CF7830BD034C} URL =BHO: DataMask by AOL - {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll (AOL)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: DataMask by AOL - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll (AOL)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} - No FileToolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No FileDPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cabHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)FireFox:========FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.defaultFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @update.sentrybay.com/SentryBay Update;version=8 - C:\Program Files (x86)\SentryBay\Update\1.0.0.7621\npSentryBayOneClick8.dll (AOL)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: No Name - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpackFF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffextFF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffextFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKLM-x32\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffextFF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffextFF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3Chrome:=======CHR HKLM-x32\...\Chrome\Extension: [bjaehcnihbogidpfieaepehilfecnodk] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crxCHR HKLM-x32\...\Chrome\Extension: [kochbcmingebnmbcpbbpfpmipakoipge] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx==================== Services (Whitelisted) =================R2 EntryProtect; C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [45896 2013-04-30] (AOL)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S4 sbupdate; C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [129904 2012-05-26] (AOL)S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC)R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )S4 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU64.exe [410624 2007-05-09] (Conexant Systems, Inc.)S4 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]==================== Drivers (Whitelisted) ====================S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [121856 2007-04-26] (Conexant Systems Inc.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [35200 2007-05-09] (Conexant Systems, Inc.)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-17] (EldoS Corporation)R3 epfilter; C:\Windows\system32\drivers\epfilter.sys [21312 2013-08-12] (SentryBay)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-09] ()R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2007-05-09] (Conexant Systems, Inc.)U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-12-08 23:45 - 2013-12-08 23:46 - 00000000 ____D C:\Users\Debbie\Desktop\HOA Acctg2013-12-08 21:21 - 2013-12-08 23:40 - 00000000 ____D C:\Users\Debbie\Desktop\RK reports2013-12-08 18:30 - 2013-12-08 18:30 - 04166144 _____ C:\Users\Debbie\Downloads\RogueKillerX64.exe2013-12-06 22:34 - 2013-12-08 08:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-06 22:34 - 2013-12-06 23:27 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-12-06 22:31 - 2013-12-06 23:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-06 22:30 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\mbar2013-12-06 22:29 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\Malwarbytes Anti-Rootkit2013-12-06 22:28 - 2013-12-06 22:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Debbie\Downloads\mbar-1.07.0.1007.exe2013-12-06 12:06 - 2013-12-06 12:17 - 00033569 _____ C:\Users\Debbie\Downloads\Addition.txt2013-12-06 12:05 - 2013-12-09 13:03 - 00018152 _____ C:\Users\Debbie\Downloads\FRST.txt2013-12-06 12:05 - 2013-12-08 08:21 - 00000000 ____D C:\FRST2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe2013-12-06 01:37 - 2013-12-09 07:33 - 00000448 _____ C:\Windows\setupact.log2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log2013-12-05 23:02 - 2013-12-08 08:21 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe2013-12-03 21:35 - 2013-12-03 21:37 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe2013-12-03 17:59 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip2013-12-03 16:14 - 2013-12-03 16:19 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe2013-12-03 12:32 - 2013-12-03 12:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-12-03 12:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-12-03 12:29 - 2013-12-03 12:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe2013-12-03 11:28 - 2013-12-05 23:04 - 00000000 ____D C:\AdwCleaner2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-12-03 10:19 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com2013-12-03 10:17 - 2013-12-06 01:37 - 00000000 ____D C:\Program Files (x86)\McAfee2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com2013-12-03 09:36 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe2013-12-03 09:26 - 2013-12-03 09:36 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes2013-11-29 00:22 - 2013-11-29 00:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck2013-11-28 23:20 - 2013-11-28 23:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck2013-11-28 23:20 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx2013-11-28 23:20 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX2013-11-28 09:50 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\Common Files\McAfee2013-11-28 09:24 - 2013-11-28 09:31 - 00000000 ____D C:\Program Files\stinger2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk2013-11-27 21:51 - 2013-11-27 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files\iTunes2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod2013-11-27 20:10 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll2013-11-27 17:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2013-11-27 16:58 - 2013-11-27 17:04 - 00007514 _____ C:\Windows\IE11_main.log2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store2013-11-19 16:35 - 2013-11-27 08:02 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk2013-11-15 13:51 - 2013-11-15 13:58 - 00000000 ____D C:\bbc32f117dc597ff11b76deb2013-11-14 20:49 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-11-14 20:49 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-11-14 20:49 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll2013-11-14 20:49 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll2013-11-14 20:49 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2013-11-14 20:49 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll2013-11-14 20:49 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-11-14 20:49 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll2013-11-14 20:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2013-11-14 20:48 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll2013-11-14 20:48 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-11-14 20:48 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-11-14 20:48 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll2013-11-14 20:48 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL2013-11-14 20:48 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-11-14 20:48 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2013-11-14 20:48 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2013-11-14 20:48 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2013-11-14 20:48 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2013-11-14 20:48 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2013-11-14 20:48 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2013-11-14 20:48 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2013-11-14 20:48 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2013-11-14 20:48 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2013-11-14 20:48 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2013-11-14 20:48 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2013-11-14 20:48 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2013-11-14 20:48 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2013-11-14 20:48 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2013-11-14 20:48 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys==================== One Month Modified Files and Folders =======2014-09-26 09:28 - 2011-03-26 10:05 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher2014-09-26 09:12 - 2011-03-26 10:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job2014-09-26 09:07 - 2011-03-26 10:05 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest2014-09-26 08:57 - 2011-03-26 10:05 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask2013-12-09 13:04 - 2013-12-06 12:05 - 00018152 _____ C:\Users\Debbie\Downloads\FRST.txt2013-12-09 13:02 - 2012-05-26 22:57 - 00000892 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job2013-12-09 12:39 - 2011-10-02 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-12-09 12:31 - 2012-04-09 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-12-09 08:38 - 2011-10-02 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-12-09 08:32 - 2009-07-13 23:10 - 01076493 _____ C:\Windows\WindowsUpdate.log2013-12-09 07:45 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-12-09 07:45 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-12-09 07:36 - 2013-10-28 21:27 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup2013-12-09 07:36 - 2013-10-28 21:27 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job2013-12-09 07:34 - 2013-10-28 21:27 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys2013-12-09 07:34 - 2012-05-26 22:57 - 00000888 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job2013-12-09 07:34 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\SoftThinks2013-12-09 07:34 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-12-09 07:34 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-12-09 07:34 - 2010-07-12 18:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-12-09 07:33 - 2013-12-06 01:37 - 00000448 _____ C:\Windows\setupact.log2013-12-09 07:33 - 2011-04-23 15:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl2013-12-09 07:33 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-12-09 07:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing2013-12-09 00:02 - 2011-10-03 02:09 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox2013-12-08 23:59 - 2011-10-03 02:13 - 00000000 ___RD C:\Users\Debbie\Dropbox2013-12-08 23:46 - 2013-12-08 23:45 - 00000000 ____D C:\Users\Debbie\Desktop\HOA Acctg2013-12-08 23:40 - 2013-12-08 21:21 - 00000000 ____D C:\Users\Debbie\Desktop\RK reports2013-12-08 21:38 - 2009-07-13 23:13 - 00852936 _____ C:\Windows\system32\PerfStringBackup.INI2013-12-08 18:30 - 2013-12-08 18:30 - 04166144 _____ C:\Users\Debbie\Downloads\RogueKillerX64.exe2013-12-08 10:13 - 2012-04-19 12:37 - 00000000 ____D C:\Users\Debbie\AppData\Local\BCE66ED4-FCC7-4397-B8C3-53BA4963CEE9.aplzod2013-12-08 08:33 - 2011-10-02 00:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-12-08 08:33 - 2011-10-02 00:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-12-08 08:27 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie2013-12-08 08:21 - 2013-12-06 22:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-08 08:21 - 2013-12-06 22:30 - 00000000 ____D C:\Users\Debbie\Desktop\mbar2013-12-08 08:21 - 2013-12-06 22:29 - 00000000 ____D C:\Users\Debbie\Desktop\Malwarbytes Anti-Rootkit2013-12-08 08:21 - 2013-12-06 12:05 - 00000000 ____D C:\FRST2013-12-08 08:21 - 2013-12-05 23:02 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports2013-12-08 08:21 - 2013-09-18 01:20 - 00000000 ____D C:\Users\Debbie\Desktop\CDSP Troy Mac servers2013-12-08 08:21 - 2013-02-12 13:58 - 00000000 ____D C:\Users\Debbie\Desktop\Labels2013-12-08 08:21 - 2010-09-04 04:25 - 00000000 ___SD C:\Users\Debbie\Documents\My ScanSnap2013-12-08 08:21 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV2013-12-08 08:21 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration2013-12-08 08:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat2013-12-07 03:33 - 2013-10-17 12:26 - 00000000 ____D C:\Users\Debbie\Desktop\Photos to file into folders2013-12-06 23:27 - 2013-12-06 22:34 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-12-06 23:26 - 2013-12-06 22:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-06 23:18 - 2010-07-12 20:00 - 00362322 _____ C:\Windows\PFRO.log2013-12-06 23:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Speech2013-12-06 22:29 - 2013-12-06 22:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Debbie\Downloads\mbar-1.07.0.1007.exe2013-12-06 12:17 - 2013-12-06 12:06 - 00033569 _____ C:\Users\Debbie\Downloads\Addition.txt2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log2013-12-06 01:37 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files (x86)\McAfee2013-12-05 23:04 - 2013-12-03 11:28 - 00000000 ____D C:\AdwCleaner2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe2013-12-03 21:37 - 2013-12-03 21:35 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe2013-12-03 18:49 - 2013-12-03 17:59 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip2013-12-03 16:19 - 2013-12-03 16:14 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt2013-12-03 15:34 - 2012-08-21 13:52 - 00000000 ____D C:\ProgramData\McAfee2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe2013-12-03 12:50 - 2011-02-12 00:07 - 00000000 ____D C:\Program Files (x86)\Safari2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe2013-12-03 12:33 - 2013-12-03 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-12-03 12:30 - 2013-12-03 12:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-12-03 10:19 - 2013-10-08 23:57 - 00000000 ____D C:\Program Files\McAfee2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com2013-12-03 10:18 - 2013-11-28 09:50 - 00000000 ____D C:\Program Files\Common Files\McAfee2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com2013-12-03 09:36 - 2013-12-03 09:26 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe2013-11-29 16:54 - 2013-09-29 21:28 - 00000000 ____D C:\Users\Debbie\Desktop\Rental Statements2013-11-29 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2013-11-29 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-11-29 08:19 - 2010-09-04 16:48 - 00842006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-11-29 00:32 - 2013-10-22 00:17 - 00000095 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG2013-11-29 00:32 - 2009-08-20 00:17 - 00000006 _____ C:\Users\Debbie\AppData\Roaming\WBPU-TTL.DAT2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes2013-11-29 00:23 - 2013-11-29 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe2013-11-28 23:24 - 2013-11-28 23:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck2013-11-28 09:31 - 2013-11-28 09:24 - 00000000 ____D C:\Program Files\stinger2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk2013-11-27 21:53 - 2013-11-27 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iTunes2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod2013-11-27 21:35 - 2010-09-02 22:31 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-11-27 19:03 - 2010-09-02 22:37 - 00001415 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-11-27 17:04 - 2013-11-27 16:58 - 00007514 _____ C:\Windows\IE11_main.log2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-11-27 16:52 - 2012-03-14 12:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-11-27 16:52 - 2012-03-14 12:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-11-27 16:52 - 2010-07-12 18:08 - 00000000 ____D C:\Program Files (x86)\Java2013-11-27 16:49 - 2010-09-03 00:50 - 00000000 ____D C:\ProgramData\Skype2013-11-27 16:44 - 2012-04-09 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-11-27 16:44 - 2012-04-09 23:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-11-27 16:44 - 2012-03-14 15:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-11-27 08:02 - 2013-11-19 16:35 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store2013-11-21 06:52 - 2013-10-21 23:15 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2013-11-19 13:50 - 2009-07-13 22:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest2013-11-19 13:50 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries2013-11-19 03:33 - 2010-09-03 00:14 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2013-11-18 13:41 - 2009-07-13 20:34 - 00000608 _____ C:\Windows\win.ini2013-11-18 12:08 - 2013-08-07 21:53 - 00007545 _____ C:\Windows\LkmdfCoInst.log2013-11-18 12:07 - 2013-08-07 21:53 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys2013-11-15 14:32 - 2010-09-03 11:16 - 00000000 ____D C:\Users\Debbie\AppData\Local\Adobe2013-11-15 14:00 - 2010-09-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft Help2013-11-15 13:58 - 2013-11-15 13:51 - 00000000 ____D C:\bbc32f117dc597ff11b76deb2013-11-15 13:58 - 2013-07-31 05:01 - 00000000 ____D C:\Windows\system32\MRTSome content of TEMP:====================C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dllC:\Users\Debbie\AppData\Local\Temp\ntdll_dump.dllC:\Users\Debbie\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-11-30 07:56==================== End Of Log ============================ -
MrC,
I hope you won't shoot me! I screwed up and had to restore my computer back until yesterday, so I had to rerun the RogueKiller. Here is the new report. i deleted the files as you had previously told me. And my computer is running extremely slow!
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Debbie [Admin rights]Mode : Scan -- Date : 12/08/2013 22:39:21| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 12 ¤¤¤[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\?��?��?��\?��?��?��\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" >) -> FOUND[RUN][ZeroAccess] HKUS\S-1-5-21-859821945-3822535395-818512663-1000\[...]\Run : Google Update ("C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\?��?��?��\?��?��?��\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" >) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 1 ¤¤¤[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++--- User ---[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12082013_223919.txt >>RKreport[0]_D_12082013_213107.txt;RKreport[0]_S_12082013_213039.txt -
I'm unable to work on my computer this morning. I will be on later this afternoon.
-
I found it! (I was being overly cautious) and deleted the one file. I rebooted, rescanned and here is the report. --- appears the file is gone. Again, thanks for being there. Do you want me to continue with your earlier directions starting with the ComboFix?
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Debbie [Admin rights]Mode : Scan -- Date : 12/07/2013 22:09:16| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 10 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 1 ¤¤¤[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++--- User ---[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12072013_220916.txt >> -
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Debbie [Admin rights]Mode : Scan -- Date : 12/07/2013 21:24:53| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 11 ¤¤¤[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 1 ¤¤¤[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++--- User ---[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12072013_212453.txt >>
-
Mr C,
Thank you for your quick response and for working so late.
I am not sure what exactly I am to do here. I ran the RogueKiller again, did the scan, and under the registry tab I had 12 files that were all checked.
I'm not sure what you want checked and unchecked, nor did I understand the quote you have here. I have no files of the 12 found that start with [service][ZeroAccess] HKLM\.....
deb
-
I got it!!! Thanks for your baby instructions for me.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013
Ran by Debbie at 2013-12-07 19:28:11 Run:1Running from C:\Users\Debbie\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Windows\system32\AdpeakProxy64.dllToolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} - No FileToolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No FileHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileFF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpackC:\Users\Debbie\AppData\Local\Google\Desktop\InstallC:\Program Files (x86)\Google\Desktop\InstallC:\Users\Debbie\AppData\Local\Temp\dhddur7u.dllC:\Users\Debbie\AppData\Local\Temp\Quarantine.exeDeleteJunctionsIndirectory: C:\Program Files\Windows Defender*****************HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => Key deleted successfully.*etadpug => Service deleted successfully.C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8413196D-E290-4418-B5C6-A3B1379A909C} => Value deleted successfully.HKCR\CLSID\{8413196D-E290-4418-B5C6-A3B1379A909C} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.HKCR\PROTOCOLS\Handler\cozi => Key deleted successfully.HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F} => Key not found.HKCR\Wow6432Node\PROTOCOLS\Handler\gopher => Key deleted successfully.HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => Key not found.C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack => Moved successfully.C:\Users\Debbie\AppData\Local\Google\Desktop\Install => Moved successfully.C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll => Moved successfully.C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe => Moved successfully."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.==== End of Fixlog ====RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Debbie [Admin rights]Mode : Scan -- Date : 12/07/2013 19:44:11| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 11 ¤¤¤[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < [x]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 1 ¤¤¤[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++--- User ---[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12072013_194411.txt >> -
Mr C, I am SO sorry, I have goofed up. So now I need to be very sure I understand what you are asking, as I did the fixlist wrong. I sent you all of the report, so I goofed up. You asked me to:
Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.I am sorry to be so dense, but how do I download this file to the same folder as FRST? I have a notepad FRST but no folder. And I could not find the FRST.exe file in my downloads. Is it too late to redo this step?
I will do nothing more until I hear back from you.
I hope I didn't mess everything up.
Debbie
-
Oh my gosh! But it all works, you are amazing. Thank you so much. I did the important changes to my security, of passwords, etc. And then I proceeded to clean the computer. Here are my reports. At the end of this cleanup, my windows firewall is being managed by vendor application McAfee Personal Firewall, my internet is working fine, window updates were current and my windows Defender is back and wanting to do a scan.
Fixlog.txt log:
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\system32\AdpeakProxy64.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
FF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack
C:\Users\Debbie\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
===========================================================
Mbar-log (I had two files)
FIRST ONE:
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.12.07.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Debbie :: DEBBIE-DELL [administrator]
12/06/13 10:34:13 PM
mbar-log-2013-12-06 (22-34-13).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 258472
Time elapsed: 32 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^❤ (Trojan.Zaccess) -> Data: -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 14
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\l (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\u (Trojan.0Access) -> Delete on reboot.
C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} (Trojan.0Access) -> Delete on reboot.
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
===========================================
SECOND ONE:
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.10.02.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Debbie :: DEBBIE-DELL [administrator]
12/06/13 11:27:07 PM
mbar-log-2013-12-06 (23-27-07).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 249175
Time elapsed: 26 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
=======================================
SYSTEM-LOG:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16428
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081606656, free: 2150969344
Downloaded database version: v2013.12.07.02
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/06/2013 22:34:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\ElRawDsk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\??\C:\Windows\system32\drivers\epfilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\bcmvwl64.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\SaiH8000.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\ACFSDK64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\ACFXAU64.sys
\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\btusbflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c54060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800498d050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004afa9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800498d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7188B833
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30926848 Numsec = 594213552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^❤ --> [Trojan.Zaccess]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> [Trojan.0Access]
Infected: C:\Users\Debbie\AppData\Local\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\ﯹ๛\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16428
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081606656, free: 2496331776
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16428
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081606656, free: 1494990848
=======================================
Initializing...
------------ Kernel report ------------
12/06/2013 23:27:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\ElRawDsk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\??\C:\Windows\system32\drivers\epfilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\bcmvwl64.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\SaiH8000.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\ACFSDK64.sys
\SystemRoot\system32\drivers\btusbflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\ACFXAU64.sys
\??\C:\Program Files (x86)\AOL\DataMask by AOL\epinject64.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c6a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004940050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004aef9e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004940050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7188B833
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30926848 Numsec = 594213552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
===============================================
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2013
Ran by Debbie at 2013-12-06 12:06:54
Running from C:\Users\Debbie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
4500_G510gm_Help (x32 Version: 000.0.439.000)
4500_G510nz_Help (x32 Version: 000.0.439.000)
4500G510gm (x32 Version: 000.0.423.000)
4500G510gm_Software_Min (x32 Version: 000.0.423.000)
4500G510nz (x32 Version: 000.0.439.000)
4500G510nz_Software_Min (x32 Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
ABBYY FineReader for ScanSnap 4.0 (x32 Version: 8.00.245.56422)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Advanced Audio FX Engine (x32 Version: 1.12.05)
AirPort (x32 Version: 5.6.1.2)
AOL Uninstaller (Choose which Products to Remove) (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Banctec Service Agreement (x32 Version: 2.0.0)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
BufferChm (x32 Version: 130.0.331.000)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)
CameraHelperMsi (x32 Version: 13.25.1010.0)
CardMinder (x32 Version: V4.0L11)
CardMinder V4.0 (x32 Version: 4.0.11.1)
Conexant USB D400 V.92 Modem (Version: 2.0.12.50)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
Cozi (x32 Version: 1.0.4323.24051)
Crystal Reports Basic Runtime for Visual Studio 2008 (x32 Version: 10.5.2.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Data Lifeguard Diagnostic for Windows (x32 Version: 1.13)
DataMask by AOL (x32 Version: 5.6.0.8734)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Version: 3.0.5744.02)
Dell Webcam Central (x32 Version: 1.40.05)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 13.0.0.0)
Documents To Go Desktop for iPhone (x32 Version: 2.0000.006)
DriverUpdate (x32 Version: 2.2.30452)
Dropbox (HKCU Version: 2.0.22)
DW WLAN Card (Version: 5.60.48.35)
EDDI-7 (x32 Version: 1.2.0)
eReg (x32 Version: 1.20.138.34)
Fax (x32 Version: 130.0.418.000)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
hp deskjet 5550 series (Remove only) (x32)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
hp print screen utility (x32)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 4.000.011.006)
HPProductAssistant (x32 Version: 130.0.371.000)
iCloud (Version: 2.1.1.3)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2097)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
iPhone Configuration Utility (x32 Version: 3.6.2.300)
IrfanView (remove only) (x32 Version: 4.27)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 6 Update 31 (x32 Version: 6.0.310)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Logitech SetPoint 6.61 (Version: 6.61.15)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Logitech Vid HD (x32 Version: 7.2 (7248))
Logitech Webcam Software (x32 Version: 2.0)
LoJack Factory Installer (x32 Version: 1.0.0)
LWS Facebook (x32 Version: 13.20.1166.0)
LWS Gallery (x32 Version: 13.20.1166.0)
LWS Help_main (x32 Version: 13.25.1016.0)
LWS Launcher (x32 Version: 13.20.1166.0)
LWS Motion Detection (x32 Version: 13.20.1176.0)
LWS Pictures And Video (x32 Version: 13.25.1010.0)
LWS Twitter (x32 Version: 13.20.1166.0)
LWS Video Mask Maker (x32 Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (x32 Version: 13.20.1168.0)
LWS WLM Plugin (x32 Version: 1.20.1166.0)
LWS YouTube Plugin (x32 Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
McAfee SecurityCenter (x32 Version: 12.8.856)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Office 2000 Professional (x32 Version: 9.00.2720)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Accounting 2008 (x32 Version: 3.0.8627.1)
Microsoft Office Accounting 2008 Equifax Addin (x32 Version: 3.0.8231.0)
Microsoft Office Accounting 2008 Fixed Asset Manager (x32 Version: 3.0.8231.0)
Microsoft Office Accounting 2008 PayPal Addin (x32 Version: 3.0.8231.0)
Microsoft Office Accounting ADP Payroll Addin (x32 Version: 0.0.0.0)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.201)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mobile Partner (x32 Version: 11.302.09.05.540)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PowerDVD DX (x32 Version: 8.3.6029)
Quickset64 (Version: 10.5.1)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0)
Roxio Burn (x32 Version: 1.01)
RTC Client API v1.2 (x32 Version: 1.2.0000)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 13.0.0.0)
Scan to Microsoft SharePoint (x32 Version: 3.3.4)
ScanSnap (x32 Version: 5.0.12.4)
ScanSnap (x32 Version: 5.1.41.1)
ScanSnap Manager (x32 Version: V5.1L41)
SentryBay Update Helper (x32 Version: 1.0.0.7621)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.3 (x32 Version: 6.3.105)
SmartWebPrinting (x32 Version: 130.0.373.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 14.0.15.0)
System Checkup 3.4 (x32 Version: 3.4.0.47)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Uninstall AOL Emergency Connect Utility 1.0 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
WD Anywhere Backup (x32)
WD Drive Manager (x64) (Version: 2.107)
WD SmartWare (Version: 1.2.0.8)
WD SmartWare (Version: 1.5.1)
WebReg (x32 Version: 130.0.132.017)
Webshots Desktop (x32 Version: 3.1.5.7619)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Migration Assistant (x32 Version: 1.0.1.3)
Yahoo! Messenger (x32)
Zip Extractor Packages (HKCU)
==================== Restore Points =========================
27-11-2013 22:38:36 McAfee Vulnerability Scanner
27-11-2013 22:57:37 Windows Update
28-11-2013 03:45:03 Installed iTunes
29-11-2013 12:17:55 Removed ScorpionSaver Services
29-11-2013 14:14:47 Windows Update
29-11-2013 15:55:45 Installed Microsoft Fix it 50123
03-12-2013 17:14:15 Revo Uninstaller's restore point - ScorpionSaver
03-12-2013 17:14:57 Removed ScorpionSaver
03-12-2013 17:19:02 Revo Uninstaller's restore point - ScorpionSaver
04-12-2013 05:17:06 Revo Uninstaller's restore point - RegCure Pro
==================== Hosts content: ==========================
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2161D5C8-6CA9-4ADD-8150-763C11992774} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {2527672F-FEB4-4073-A047-781C8A544017} - System32\Tasks\{8A7F67A0-535A-4BC4-870D-FFE13D0748DC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {525791B2-85E9-4366-8094-C1F906EFEA94} - System32\Tasks\SentryBayUpdateTaskMachineUA => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-26] (AOL)
Task: {63860A29-97EE-4AB6-AC7E-02C828E64A18} - System32\Tasks\SentryBayUpdateTaskMachineCore => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-26] (AOL)
Task: {6AB51355-9681-4926-BEC4-2C9CEA1918D6} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {6DC3EF15-1FAA-4F71-9F95-3769662369B9} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {759191FC-F8DB-48C4-BBA1-F5D48DD0DCE7} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {7F874E8C-AD73-485B-BF3B-45029D96E2D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-27] (Adobe Systems Incorporated)
Task: {8005C2E5-84F9-475E-9109-0F050F486B0E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {ABC33AA9-793D-4BBF-83B5-0C8E2F7D93FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {D9ACB393-BE20-460D-B92F-C398899A3E93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA1312CA-80BE-4498-8CA6-723E420194E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {F47BC2A3-BF27-43B6-9BDE-5E4AA083732E} - \DigitalSite No Task File
Task: {FB647A03-4195-4866-A6C7-C6122CCE812A} - \BackgroundContainer Startup Task No Task File
Task: {FD16B632-4075-4DAB-88BF-7540AAC53D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-16 17:49 - 2011-06-16 17:49 - 00503296 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxml2.dll
2013-04-30 16:31 - 2013-04-30 16:31 - 00293376 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxmlsec.dll
2013-04-30 16:31 - 2013-04-30 16:31 - 00167936 _____ () C:\Program Files (x86)\AOL\DataMask by AOL\libxmlsec-mscrypto.dll
2010-07-12 18:34 - 2011-08-01 11:55 - 00132416 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-07-12 18:34 - 2011-08-01 11:54 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-07-12 18:34 - 2011-08-01 11:55 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-03 10:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Debbie\Desktop\Screen Shot 2013-10-31 at 8.34.57 PM.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/06/2013 11:55:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/06/2013 11:55:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/06/2013 11:36:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/06/2013 06:35:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: DriverUpdate.exe, version: 2.2.30452.7890, time stamp: 0x51c6045c
Faulting module name: DriverUpdate.exe, version: 2.2.30452.7890, time stamp: 0x51c6045c
Exception code: 0xc0000005
Fault offset: 0x00021ad8
Faulting process id: 0xde0
Faulting application start time: 0xDriverUpdate.exe0
Faulting application path: DriverUpdate.exe1
Faulting module path: DriverUpdate.exe2
Report Id: DriverUpdate.exe3
Error: (12/04/2013 07:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24864922
Error: (12/04/2013 07:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24864922
Error: (12/04/2013 07:41:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/04/2013 03:19:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/03/2013 09:04:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/03/2013 09:04:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (12/06/2013 11:17:07 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/06/2013 11:16:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
Error: (12/06/2013 11:16:56 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:
%%1066
Error: (12/06/2013 11:14:16 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (12/06/2013 11:12:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (12/06/2013 11:11:57 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.3 service failed to start due to the following error:
%%2
Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:
%%1066
Error: (12/06/2013 11:11:52 AM) (Source: Service Control Manager) (User: )
Description: The iolo System Service service failed to start due to the following error:
%%2
Error: (12/06/2013 11:11:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
Microsoft Office Sessions:
=========================
Error: (09/26/2014 08:56:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160994504 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/11/2013 00:52:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 183650 seconds with 2700 seconds of active time. This session ended with a crash.
Error: (03/17/2013 10:49:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27777 seconds with 540 seconds of active time. This session ended with a crash.
Error: (09/10/2012 02:05:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/05/2012 10:11:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 477076 seconds with 11340 seconds of active time. This session ended with a crash.
Error: (04/19/2012 10:59:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 51799 seconds with 12960 seconds of active time. This session ended with a crash.
Error: (03/14/2012 03:20:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 147764 seconds with 1440 seconds of active time. This session ended with a crash.
Error: (01/12/2012 04:24:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54734 seconds with 1620 seconds of active time. This session ended with a crash.
Error: (01/02/2012 11:27:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 837 seconds with 600 seconds of active time. This session ended with a crash.
Error: (10/23/2011 03:25:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 3892.52 MB
Available physical RAM: 1325.38 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 5029.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:115.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7188B833)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
Thanks! I'm learning so much and this forum is a wonderful tool.
I went to uninstall from add/remove programs and it was not there (I had done this earlier)
I ran AdwCleaner.exe and followed your directions. My computer went into a checkdisk mode and took hours to reboot, which may be what it was supposed to do. Now my computer is running very slowly!
Here is the logfile report:
# AdwCleaner v3.014 - Report created 05/12/2013 at 23:04:10
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Debbie - DEBBIE-DELL
# Running from : C:\Users\Debbie\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Debbie\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Debbie\AppData\Roaming\ParetoLogic
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v
[ File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [36566 octets] - [03/12/2013 11:29:08]
AdwCleaner[R1].txt - [1002 octets] - [03/12/2013 15:11:03]
AdwCleaner[R2].txt - [1403 octets] - [05/12/2013 22:57:13]
AdwCleaner[s0].txt - [35657 octets] - [03/12/2013 11:50:46]
AdwCleaner[s1].txt - [1063 octets] - [03/12/2013 15:12:27]
AdwCleaner[s2].txt - [1295 octets] - [05/12/2013 23:04:10]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1355 octets] ##########
==========================
WOW, it 3 hours and 20 minutes to do the QUICK scan. My computer is SO slow and is a mess right now. Here is the report :
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.06.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Debbie :: DEBBIE-DELL [administrator]
12/06/13 7:15:54 AM
mbam-log-2013-12-06 (07-15-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217021
Time elapsed: 3 hour(s), 21 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\System32\AdpeakProxy.dll (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\AdpeakProxy.dll (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
(end)
=============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013
Ran by Debbie (administrator) on DEBBIE-DELL on 06-12-2013 12:05:09
Running from C:\Users\Debbie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(AOL) C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe
(AOL) C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: H - H:\LaunchU3.exe -a
MountPoints2: {056b6265-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {056b6270-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {056b627d-78ff-11e0-be3b-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {097a27df-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {097a2803-6baf-11e0-b9c1-c44619fd34a2} - E:\AutoRun.exe
MountPoints2: {2e3ae15a-f82f-11e0-9a34-c44619fd34a2} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {3a03f7dd-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe
MountPoints2: {3a03f7e9-6df0-11e0-9c28-00038a000015} - E:\AutoRun.exe
MountPoints2: {4c86b20b-ea9e-11df-aca7-00038a000015} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {a6b050e8-3bac-11e1-9810-c44619fd34a2} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk
ShortcutTarget: _uninst_05648578.lnk -> C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
BootExecute: autocheck autochk /p \??\F:autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x760B2275FDECCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {907C29F0-1F7C-41DE-B59B-CF7830BD034C} URL =
BHO: DataMask by AOL - {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll (AOL)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: DataMask by AOL - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll (AOL)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.sentrybay.com/SentryBay Update;version=8 - C:\Program Files (x86)\SentryBay\Update\1.0.0.7621\npSentryBayOneClick8.dll (AOL)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ScorpionSaver - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\Extensions\ScorpionSaver@jetpack
FF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF Extension: DataMask by AOL - C:\Program Files (x86)\AOL\DataMask by AOL\ffext
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bjaehcnihbogidpfieaepehilfecnodk] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx
CHR HKLM-x32\...\Chrome\Extension: [kochbcmingebnmbcpbbpfpmipakoipge] - C:\Program Files (x86)\AOL\DataMask by AOL\phishlock.crx
==================== Services (Whitelisted) =================
R2 EntryProtect; C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [45896 2013-04-30] (AOL)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 sbupdate; C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [129904 2012-05-26] (AOL)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
S4 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU64.exe [410624 2007-05-09] (Conexant Systems, Inc.)
S4 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\ \...\???\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [121856 2007-04-26] (Conexant Systems Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [35200 2007-05-09] (Conexant Systems, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-17] (EldoS Corporation)
R3 epfilter; C:\Windows\system32\drivers\epfilter.sys [21312 2013-08-12] (SentryBay)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-06] ()
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2007-05-09] (Conexant Systems, Inc.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-06 12:05 - 2013-12-06 12:06 - 00018654 _____ C:\Users\Debbie\Downloads\FRST.txt
2013-12-06 12:05 - 2013-12-06 12:05 - 00000000 ____D C:\FRST
2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe
2013-12-06 01:37 - 2013-12-06 11:11 - 00000112 _____ C:\Windows\setupact.log
2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 01:36 - 2013-12-06 01:36 - 00003544 ____N C:\bootsqm.dat
2013-12-05 23:02 - 2013-12-06 06:15 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports
2013-12-05 08:25 - 2013-12-05 08:25 - 00024210 _____ C:\Users\Debbie\Desktop\DDS -- from dds.scr download 2nd page.txt
2013-12-05 08:21 - 2013-12-05 08:21 - 00014403 _____ C:\Users\Debbie\Desktop\Attach - from dds.scr download.txt
2013-12-05 08:18 - 2013-12-05 08:18 - 00014403 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr
2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe
2013-12-03 21:35 - 2013-12-03 21:37 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 17:59 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst
2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip
2013-12-03 16:14 - 2013-12-03 16:19 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM
2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe
2013-12-03 13:53 - 2013-12-06 06:47 - 00000000 ____D C:\Users\Debbie\Desktop\Virus instructions
2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe
2013-12-03 12:32 - 2013-12-03 12:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 12:29 - 2013-12-03 12:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe
2013-12-03 11:28 - 2013-12-05 23:04 - 00000000 ____D C:\AdwCleaner
2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-03 10:19 - 2013-12-06 11:19 - 00001846 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-12-03 10:19 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-03 10:17 - 2013-12-06 01:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-03 09:36 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-12-03 09:26 - 2013-12-03 09:36 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe
2013-12-02 20:39 - 2013-12-02 20:44 - 00023235 _____ C:\Users\Debbie\Desktop\Oct - Dec 2014 BCR stmt.xlsx
2013-12-01 21:47 - 2013-12-02 12:56 - 00000000 ____D C:\Users\Debbie\Desktop\Eye
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-29 00:22 - 2013-11-29 00:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-28 23:20 - 2013-11-28 23:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck
2013-11-28 23:20 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx
2013-11-28 23:20 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-11-28 15:53 - 2013-12-02 18:36 - 00022825 _____ C:\Users\Debbie\Desktop\Monthly Payment Schedule 11-28-13.xlsx
2013-11-28 09:50 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-28 09:24 - 2013-11-28 09:31 - 00000000 ____D C:\Program Files\stinger
2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk
2013-11-27 21:51 - 2013-11-27 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 21:51 - 2013-11-27 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod
2013-11-27 20:10 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 17:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 16:58 - 2013-11-27 17:04 - 00007514 _____ C:\Windows\IE11_main.log
2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store
2013-11-19 16:35 - 2013-11-27 08:02 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk
2013-11-15 13:51 - 2013-11-15 13:58 - 00000000 ____D C:\bbc32f117dc597ff11b76deb
2013-11-14 20:49 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 20:49 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 20:49 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 20:49 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 20:49 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 20:49 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 20:49 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 20:49 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 20:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 20:48 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 20:48 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 20:48 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 20:48 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 20:48 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 20:48 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 20:48 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 20:48 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 20:48 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 20:48 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 20:48 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 20:48 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 20:48 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 20:48 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 20:48 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 20:48 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 20:48 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 20:48 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 20:48 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 20:48 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 20:48 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2014-09-26 09:28 - 2011-03-26 10:05 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-26 09:12 - 2011-03-26 10:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-26 09:07 - 2011-03-26 10:05 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-26 08:57 - 2011-03-26 10:05 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-06 12:06 - 2013-12-06 12:05 - 00018654 _____ C:\Users\Debbie\Downloads\FRST.txt
2013-12-06 12:05 - 2013-12-06 12:05 - 00000000 ____D C:\FRST
2013-12-06 12:04 - 2013-12-06 12:04 - 01925820 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe
2013-12-06 12:02 - 2012-05-26 22:57 - 00000892 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job
2013-12-06 11:31 - 2012-04-09 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 11:24 - 2011-10-02 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-06 11:22 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 11:22 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 11:19 - 2013-12-03 10:19 - 00001846 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-12-06 11:19 - 2009-07-13 23:10 - 02020452 _____ C:\Windows\WindowsUpdate.log
2013-12-06 11:16 - 2013-10-28 21:27 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup
2013-12-06 11:16 - 2013-10-28 21:27 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2013-12-06 11:14 - 2013-10-28 21:27 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-12-06 11:14 - 2011-10-02 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 11:14 - 2010-09-02 22:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\SoftThinks
2013-12-06 11:14 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-12-06 11:14 - 2010-07-12 18:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-12-06 11:14 - 2010-07-12 18:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-06 11:13 - 2012-05-26 22:57 - 00000888 _____ C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job
2013-12-06 11:11 - 2013-12-06 01:37 - 00000112 _____ C:\Windows\setupact.log
2013-12-06 11:11 - 2011-04-23 15:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-06 11:11 - 2010-07-12 20:00 - 00357066 _____ C:\Windows\PFRO.log
2013-12-06 11:11 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 06:47 - 2013-12-03 13:53 - 00000000 ____D C:\Users\Debbie\Desktop\Virus instructions
2013-12-06 06:15 - 2013-12-05 23:02 - 00000000 ____D C:\Users\Debbie\Desktop\Scorpion Forum clean up reports
2013-12-06 01:37 - 2013-12-06 01:37 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 01:37 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-06 01:36 - 2013-12-06 01:36 - 00003544 ____N C:\bootsqm.dat
2013-12-05 23:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2013-12-05 23:04 - 2013-12-03 11:28 - 00000000 ____D C:\AdwCleaner
2013-12-05 22:52 - 2012-04-19 12:37 - 00000000 ____D C:\Users\Debbie\AppData\Local\BCE66ED4-FCC7-4397-B8C3-53BA4963CEE9.aplzod
2013-12-05 08:25 - 2013-12-05 08:25 - 00024210 _____ C:\Users\Debbie\Desktop\DDS -- from dds.scr download 2nd page.txt
2013-12-05 08:21 - 2013-12-05 08:21 - 00014403 _____ C:\Users\Debbie\Desktop\Attach - from dds.scr download.txt
2013-12-05 08:18 - 2013-12-05 08:18 - 00014403 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-05 08:15 - 2013-12-05 08:15 - 00688992 ____R (Swearware) C:\Users\Debbie\Downloads\dds.scr
2013-12-05 07:40 - 2013-07-05 08:09 - 00000000 ____D C:\Users\Debbie\Desktop\Photos
2013-12-04 09:40 - 2009-07-13 23:13 - 00852936 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 22:59 - 2013-12-03 22:59 - 00002722 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2013-12-03 22:55 - 2013-12-03 22:55 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\Debbie\Downloads\Repair-tool.exe
2013-12-03 21:55 - 2011-05-12 15:48 - 00018527 _____ C:\Users\Debbie\Desktop\To buy-bring to CR.xlsx
2013-12-03 21:37 - 2013-12-03 21:35 - 22791896 _____ (Microsoft Corporation) C:\Users\Debbie\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 21:24 - 2011-10-03 02:13 - 00000000 ___RD C:\Users\Debbie\Dropbox
2013-12-03 21:24 - 2011-10-03 02:09 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox
2013-12-03 18:49 - 2013-12-03 17:59 - 00000000 ____D C:\Users\Debbie\Downloads\myuninst
2013-12-03 17:58 - 2013-12-03 17:58 - 00046124 _____ C:\Users\Debbie\Downloads\myuninst.zip
2013-12-03 16:19 - 2013-12-03 16:14 - 00015066 _____ C:\Users\Debbie\Downloads\SystemLook.txt
2013-12-03 15:34 - 2012-08-21 13:52 - 00000000 ____D C:\ProgramData\McAfee
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\_OTM
2013-12-03 14:11 - 2013-12-03 14:11 - 00522240 _____ (OldTimer Tools) C:\Users\Debbie\Downloads\OTM.exe
2013-12-03 12:50 - 2011-02-12 00:07 - 00000000 ____D C:\Program Files (x86)\Safari
2013-12-03 12:42 - 2013-12-03 12:42 - 00165376 _____ C:\Users\Debbie\Downloads\SystemLook_x64.exe
2013-12-03 12:33 - 2013-12-03 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:30 - 2013-12-03 12:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1-1.75.0.1300.exe
2013-12-03 11:27 - 2013-12-03 11:27 - 01110034 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2013-12-03 11:07 - 2013-12-03 11:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-03 10:19 - 2013-10-08 23:57 - 00000000 ____D C:\Program Files\McAfee
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-03 10:18 - 2013-11-28 09:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-03 10:17 - 2013-12-03 10:17 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-03 09:36 - 2013-12-03 09:26 - 05131824 _____ (McAfee, Inc.) C:\Users\Debbie\Downloads\McAfeeSetup-Serial.exe
2013-12-02 22:23 - 2010-09-04 04:25 - 00000000 ___SD C:\Users\Debbie\Documents\My ScanSnap
2013-12-02 20:44 - 2013-12-02 20:39 - 00023235 _____ C:\Users\Debbie\Desktop\Oct - Dec 2014 BCR stmt.xlsx
2013-12-02 19:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-02 18:36 - 2013-11-28 15:53 - 00022825 _____ C:\Users\Debbie\Desktop\Monthly Payment Schedule 11-28-13.xlsx
2013-12-02 18:36 - 2013-10-10 14:10 - 00012174 _____ C:\Users\Debbie\Desktop\Jolani - Kathy & Greg Rental.xlsx
2013-12-02 12:56 - 2013-12-01 21:47 - 00000000 ____D C:\Users\Debbie\Desktop\Eye
2013-11-29 22:43 - 2009-08-20 03:09 - 00052224 _____ C:\Users\Debbie\Desktop\Nov. 25 - Dec. 1 , 2013 weekly schedule.xls
2013-11-29 16:54 - 2013-09-29 21:28 - 00000000 ____D C:\Users\Debbie\Desktop\Rental Statements
2013-11-29 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-29 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-29 08:19 - 2010-09-04 16:48 - 00842006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-29 00:32 - 2013-10-22 00:17 - 00000095 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG
2013-11-29 00:32 - 2009-08-20 00:17 - 00000006 _____ C:\Users\Debbie\AppData\Roaming\WBPU-TTL.DAT
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 00:25 - 2013-11-29 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-29 00:23 - 2013-11-29 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 23:24 - 2013-11-28 23:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\TechCheck
2013-11-28 23:22 - 2013-11-28 23:22 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-28 09:31 - 2013-11-28 09:24 - 00000000 ____D C:\Program Files\stinger
2013-11-28 06:27 - 2013-11-28 06:27 - 00002004 _____ C:\Users\Debbie\Desktop\Workout List 8-7-13 - Shortcut.lnk
2013-11-27 21:53 - 2013-11-27 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iTunes
2013-11-27 21:52 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-27 21:51 - 2013-11-27 21:51 - 00000000 ____D C:\Program Files\iPod
2013-11-27 21:35 - 2010-09-02 22:31 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 19:03 - 2010-09-02 22:37 - 00001415 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 17:04 - 2013-11-27 16:58 - 00007514 _____ C:\Windows\IE11_main.log
2013-11-27 17:01 - 2013-11-27 17:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 17:01 - 2013-11-27 17:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 17:01 - 2013-11-27 17:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 17:01 - 2013-11-27 17:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 17:01 - 2013-11-27 17:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 17:01 - 2013-11-27 17:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 17:01 - 2013-11-27 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 17:01 - 2013-11-27 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 16:52 - 2013-11-27 16:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-27 16:52 - 2013-11-27 16:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-27 16:52 - 2012-03-14 12:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-27 16:52 - 2012-03-14 12:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-27 16:52 - 2010-07-12 18:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-27 16:49 - 2010-09-03 00:50 - 00000000 ____D C:\ProgramData\Skype
2013-11-27 16:44 - 2012-04-09 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-27 16:44 - 2012-04-09 23:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-27 16:44 - 2012-03-14 15:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-27 14:38 - 2013-05-02 23:28 - 00000000 ____D C:\Users\Debbie\Desktop\Airline Tickets used - refunded
2013-11-27 08:02 - 2013-11-19 16:35 - 00002429 _____ C:\Users\Debbie\Desktop\Scott's Weight - Shortcut.lnk
2013-11-25 22:20 - 2013-11-25 22:20 - 00006148 ____H C:\Users\Public\.DS_Store
2013-11-21 06:52 - 2013-10-21 23:15 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-19 21:25 - 2013-09-18 01:20 - 00000000 ____D C:\Users\Debbie\Desktop\CDSP Troy Mac servers
2013-11-19 19:21 - 2013-05-28 21:09 - 00013184 _____ C:\Users\Debbie\Desktop\Apple shortcuts.xlsx
2013-11-19 13:50 - 2009-07-13 22:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2013-11-19 13:50 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-18 13:41 - 2009-07-13 20:34 - 00000608 _____ C:\Windows\win.ini
2013-11-18 12:08 - 2013-08-07 21:53 - 00007545 _____ C:\Windows\LkmdfCoInst.log
2013-11-18 12:07 - 2013-08-07 21:53 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-15 14:32 - 2010-09-03 11:16 - 00000000 ____D C:\Users\Debbie\AppData\Local\Adobe
2013-11-15 14:00 - 2010-09-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 13:58 - 2013-11-15 13:51 - 00000000 ____D C:\bbc32f117dc597ff11b76deb
2013-11-15 13:58 - 2013-07-31 05:01 - 00000000 ____D C:\Windows\system32\MRT
2013-11-07 16:00 - 2010-09-04 18:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
ZeroAccess:
C:\Users\Debbie\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\dhddur7u.dll
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-11-30 07:56
==================== End Of Log ============================
-
Boy oh boy do I need help --- it appears I have the scorpion virus on my computer. I have never had a virus infection before, so this is throwing me for a loop. I've read your instructions, (after I goofed and wrote on another forum --- sorry!), and have downloaded the dds.scr file and below are the results.
I did follow an earlier forum and did what Kevin was advising them to do and it seemed to work, but I suspect the virus is still 'lurking' in the background. So I want to be sure to clean it up completely.
I appreciate any help you can give me.
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09/02/10 10:31:28 PM
System Uptime: 12/04/13 10:43:57 AM (22 hours ago)
.
Motherboard: Dell Inc. | | 021CN3
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 112.176 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 465 GiB total, 374.368 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\9&18CAD2E3&0&041E641B27DF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\9&18CAD2E3&0&041E641B27DF_C00000000
Service:
.
==== System Restore Points ===================
.
RP316: 11/27/13 4:38:36 PM - McAfee Vulnerability Scanner
RP317: 11/27/13 4:57:37 PM - Windows Update
RP318: 11/27/13 9:45:03 PM - Installed iTunes
RP319: 11/29/13 6:17:55 AM - Removed ScorpionSaver Services
RP320: 11/29/13 8:14:47 AM - Windows Update
RP321: 11/29/13 9:55:45 AM - Installed Microsoft Fix it 50123
RP322: 12/03/13 11:14:15 AM - Revo Uninstaller's restore point - ScorpionSaver
RP323: 12/03/13 11:14:57 AM - Removed ScorpionSaver
RP324: 12/03/13 11:19:02 AM - Revo Uninstaller's restore point - ScorpionSaver
RP325: 12/03/13 11:17:06 PM - Revo Uninstaller's restore point - RegCure Pro
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4500_G510gm_Help
4500_G510nz_Help
4500G510gm
4500G510gm_Software_Min
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
ABBYY FineReader for ScanSnap 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced Audio FX Engine
AirPort
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Bonjour Print Services
BufferChm
Business Contact Manager for Outlook 2007 SP2
CameraHelperMsi
CardMinder
CardMinder V4.0
Conexant USB D400 V.92 Modem
Consumer In-Home Service Agreement
Cozi
Crystal Reports Basic Runtime for Visual Studio 2008
D3DX10
Data Lifeguard Diagnostic for Windows
DataMask by AOL
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Webcam Central
Destinations
DeviceDiscovery
DocMgr
DocProc
Documents To Go Desktop for iPhone
DriverUpdate
Dropbox
DW WLAN Card
EDDI-7
eReg
Fax
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
hp deskjet 5550 series (Remove only)
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510g-m
HP Officejet 4500 G510n-z
hp print screen utility
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
iCloud
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 31
Junk Mail filter update
Logitech SetPoint 6.61
Logitech Unifying Software 2.10
Logitech Vid HD
Logitech Webcam Software
LoJack Factory Installer
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Partner
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
OCR Software by I.R.I.S. 13.0
PowerDVD DX
Quickset64
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Rosetta Stone Version 3
Roxio Burn
RTC Client API v1.2
Safari
Scan
Scan to Microsoft SharePoint
ScanSnap
ScanSnap Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SentryBay Update Helper
Shared C Run-time for x64
Skype™ 6.3
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
System Checkup 3.4
Toolbox
TrayApp
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WD Anywhere Backup
WD Drive Manager (x64)
WD SmartWare
WebReg
Webshots Desktop
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Migration Assistant
Yahoo! Messenger
Zip Extractor Packages
.
==== Event Viewer Messages From Past Week ========
.
12/05/13 7:05:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
12/05/13 7:05:18 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.
12/05/13 7:04:15 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
12/03/13 7:12:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
12/03/13 7:08:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/03/13 7:07:40 PM, Error: Service Control Manager [7000] - The vToolbarUpdater17.1.3 service failed to start due to the following error: The system cannot find the file specified.
12/03/13 7:07:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/03/13 7:07:35 PM, Error: Service Control Manager [7000] - The iolo System Service service failed to start due to the following error: The system cannot find the file specified.
12/03/13 4:50:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/03/13 3:36:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
12/03/13 3:36:08 PM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/03/13 3:36:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.
12/03/13 3:36:07 PM, Error: Service Control Manager [7000] - The McAfee Home Network service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/03/13 10:17:46 AM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
12/02/13 3:55:16 PM, Error: Service Control Manager [7034] - The vToolbarUpdater17.1.3 service terminated unexpectedly. It has done this 1 time(s).
11/29/13 10:42:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981).
11/29/13 10:42:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).
11/29/13 10:29:58 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/28/13 12:36:46 AM, Error: Service Control Manager [7031] - The McAfee Anti-Malware Core service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Debbie at 8:16:59 on 2013-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1914 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AOL\DataMask by AOL\ep.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\PROGRA~2\Webshots\315~1.761\webshots.scr
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Common Files\aol\1283495046\ee\aolsoftware.exe
C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Debbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe
StartupFolder: C:\Users\Debbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2456C6B696E6F5E4B2F5339393835343 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2456C6B696E6F5E4F575962756C6563737F5141413145473 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\2656C6B696E6E2639323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\3444350502255616C6543747164756 : DHCPNameServer = 172.16.42.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\54E636C6166756022456C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\56E636C6166756B656973747F6E656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DEF8C239-858D-49C5-BFDF-92BF434FE2C0}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EB3C3786-2687-48D1-A91F-6B79079133A9} : DHCPNameServer = 192.168.1.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - C:\Program Files (x86)\AOL\DataMask by AOL\epbho64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files (x86)\AOL\DataMask by AOL\plbho64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 782360]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-9-24 343696]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-12 55280]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-21 46368]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-9-20 30752]
R2 EntryProtect;DataMask by AOL;C:\Program Files (x86)\AOL\DataMask by AOL\epservice.exe [2013-4-30 45896]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-12-3 178048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-12 25824]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-12-3 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-12-3 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-12-3 182752]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-12 1692480]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-7-12 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-12 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-12 172704]
R3 epfilter;epfilter;C:\Windows\System32\drivers\epfilter.sys [2012-5-26 21312]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-12 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158720]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-7-12 74280]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-9-24 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-9-24 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
S2 0280411386215376mcinstcleanup;McAfee Application Installer Cleanup (0280411386215376);C:\Windows\TEMP\028041~1.EXE -cleanup -nolog --> C:\Windows\TEMP\028041~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ioloSystemService;iolo System Service;"C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" --> C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-3 328928]
S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]
S3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2010-10-6 121856]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-9-24 70112]
S3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2010-10-6 35200]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-12-3 197704]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-5-7 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-27 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-12 232992]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-10-28 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-31 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-12 98208]
S4 AGCoreService;AG Core Services;"C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" --> C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [?]
S4 sbupdate;AOL Update Service (sbupdate);C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-5-26 129904]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-7-24 118272]
S4 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
.
=============== Created Last 30 ================
.
2013-12-04 05:00:16 -------- d-----w- C:\Users\Debbie\AppData\Roaming\ParetoLogic
2013-12-04 05:00:16 -------- d-----w- C:\Users\Debbie\AppData\Roaming\DriverCure
2013-12-04 04:59:40 -------- d-----w- C:\ProgramData\ParetoLogic
2013-12-03 20:26:43 -------- d-----w- C:\_OTM
2013-12-03 18:32:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-03 18:32:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:28:23 -------- d-----w- C:\AdwCleaner
2013-12-03 17:07:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-12-03 16:19:41 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-12-03 16:18:07 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-12-03 16:17:29 -------- d-----w- C:\Program Files\McAfee.com
2013-12-03 16:17:26 -------- d-----w- C:\Program Files (x86)\McAfee
2013-12-03 15:36:38 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-11-29 14:16:36 -------- d-----w- C:\Windows\Migration
2013-11-29 06:25:45 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 06:25:13 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-29 06:23:13 -------- d-----w- C:\Users\Debbie\AppData\Local\Programs
2013-11-29 05:22:45 -------- d-----w- C:\Users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-29 05:20:24 244416 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx
2013-11-29 05:20:24 203976 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2013-11-29 05:20:19 -------- d-----w- C:\Users\Debbie\AppData\Roaming\TechCheck
2013-11-28 15:50:07 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-11-28 15:24:00 -------- d-----w- C:\Program Files\stinger
2013-11-28 03:51:01 -------- d-----w- C:\Program Files\iPod
2013-11-28 03:51:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 03:51:00 -------- d-----w- C:\Program Files\iTunes
2013-11-28 03:51:00 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-28 02:10:50 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-28 02:10:47 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-11-27 22:52:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-15 19:51:58 -------- d-----w- C:\bbc32f117dc597ff11b76deb
2013-11-15 02:49:39 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-15 02:49:38 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-15 02:49:22 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-15 02:49:16 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-15 02:49:15 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-15 02:49:15 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 02:49:15 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-15 02:49:14 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-15 02:49:14 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
.
==================== Find3M ====================
.
2013-12-04 01:12:32 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-11-27 22:44:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 22:44:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-21 12:52:33 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-18 18:07:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-04 22:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-11-04 22:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-11-04 22:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-11-04 22:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-11-04 22:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-11-04 22:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-10-20 15:31:16 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:25:24 182752 ----a-w- C:\Windows\System32\mfevtps.exe.82a7.deleteme
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-20 15:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 15:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 15:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-17 15:29:48 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2013-09-12 03:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 03:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 03:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 03:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 01:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 01:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 01:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 01:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-09-09 07:57:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-09-09 07:57:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-07 19:40:30 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2013-09-07 17:20:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-09-07 17:20:37 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-06 19:41:14 14848 ----a-w- C:\Program Files (x86)\EDDI7.vshost.exe
2012-01-06 19:40:06 10718208 ----a-w- C:\Program Files (x86)\EDDI7.exe
2012-01-06 19:40:04 71168 ----a-w- C:\Program Files (x86)\TRIBUTA_LN.DLL
2012-01-06 19:40:04 281600 ----a-w- C:\Program Files (x86)\TRIBUTA_EN.DLL
2012-01-06 19:40:04 17408 ----a-w- C:\Program Files (x86)\TRIBUTA_AD.DLL
2011-08-25 15:58:52 17920 ----a-w- C:\Program Files (x86)\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
2011-04-05 17:23:52 18702336 ----a-w- C:\Program Files (x86)\CRRedist2008_x86.exe
2011-02-19 03:54:14 3518464 ----a-w- C:\Program Files (x86)\itextsharp.DLL
.
============= FINISH: 8:18:10.62 ===============
-
Kevin, I am new to this, as this is my first virus. Is that last post for me or am I confusing things by writing on this forum? May I start a new forum with you? If so, how do I do that?
If you want me to also 'clean up' my computer, I have done so much downloading and stuff I've gotten confused. What is FRST? I'm not sure I used that program.
debbie
My computer is infected, appears to be the Scorpion virus
in Resolved Malware Removal Logs
Posted
check out our vacation rentals on our VRBO's at www.vrbo.com/167560 for our two-bedroom villa or
www.vrbo.com/84676 for our studio by the beach. I can be reached at deb@costadelsol-cr.net.
Comment you helped me with my computer virus and we will give you a deal.
Thanks so very much for putting up with me and my ignorance. You are awesome!
deb