Jump to content

Xena2014

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by Xena2014

  1. Hi, I finally got the free version working but when I installed the Premium version and tried to update it I got the same error again! Should I repeat the instructions from your last email? Would there be any difference for the Premium version?
  2. YES!!! Thank you AdvancedSetup The.bat file worked. MBAM updated and i ran a scan with the following results: PS I quarantined the PUP. Please let me know if I need to take any further steps. I think I will get MBAM premium for real-time protection., do you have any other recommendations? Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/29/2014Scan Time: 1:04:05 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.29.05Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Al Rodgers Scan Type: Threat ScanResult: CompletedObjects Scanned: 325370Time Elapsed: 9 min, 36 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.BrowserGuardian.A, HKLM\SOFTWARE\WOW6432NODE\Browser Guardian, Quarantined, [9cad6a3ba1da88aec052b616966c4cb4], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  3. aswmbr.txt: aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-07-22 12:31:16-----------------------------12:31:16.734 OS Version: Windows x64 6.1.7601 Service Pack 112:31:16.734 Number of processors: 4 586 0x2A0712:31:16.734 ComputerName: ALBERT UserName: 12:31:20.119 Initialize success12:31:20.150 VM: initialized successfully12:31:20.166 VM: Intel CPU supported 12:31:27.255 VM: supported disk I/O iaStor.sys12:40:10.753 AVAST engine defs: 1407220012:41:59.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-112:41:59.626 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 312:41:59.751 VM: Disk 0 MBR read successfully12:41:59.751 Disk 0 MBR scan12:41:59.767 Disk 0 Windows 7 default MBR code12:41:59.782 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 204812:41:59.798 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 20684812:41:59.814 Disk 0 Boot: NTFS code=112:41:59.845 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595378 MB offset 3092684812:41:59.892 Disk 0 scanning C:\windows\system32\drivers12:42:13.932 Service scanning12:42:52.808 Modules scanning12:42:52.823 Disk 0 trace - called modules:12:42:52.855 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 12:42:52.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800601a060]12:42:52.886 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8005d16230]12:42:52.901 5 ACPI.sys[fffff88000f0c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d1c050]12:42:54.820 AVAST engine scan C:\windows12:42:58.517 AVAST engine scan C:\windows\system3212:46:37.342 AVAST engine scan C:\windows\system32\drivers12:46:54.611 AVAST engine scan C:\Users\Al Rodgers12:48:45.684 Disk 0 MBR has been saved successfully to "C:\Users\Al Rodgers\Desktop\MBR.dat"12:48:45.700 The log file has been saved successfully to "C:\Users\Al Rodgers\Desktop\aswMBR.txt"
  4. Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014 Ran by Al Rodgers at 2014-07-21 10:47:24 Run:1 Running from C:\Users\Al Rodgers\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** BootExecute: autocheck autochk * sdnclean64.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) S3 MFE_RR; \??\C:\Users\ALRODG~1\AppData\Local\Temp\mfe_rr.sys C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe Task: {0739170C-965D-4A3E-9326-3ACC06C3811B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.) Task: {4D76C645-7683-446C-A840-6B83FF336387} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION Task: {69CDAC07-B290-476A-BFF3-A9A03DAF6D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.) Task: {7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {ABA796EC-CD1C-40A9-9356-CEDA2A285A63} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000 Task: {D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F} - \Digital Sites No Task File <==== ATTENTION Task: {E6549044-D47B-4D18-A895-42A745F637B0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.) Task: {E91C0ED4-6749-4BC1-B5C7-C1C0EA557740} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Temp:82C232FB ***************** HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1' => Key deleted successfully. C:\windows\SysWOW64\npDeployJava1.dll => Moved successfully. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2' => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully. MFE_RR => Service deleted successfully. C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0739170C-965D-4A3E-9326-3ACC06C3811B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0739170C-965D-4A3E-9326-3ACC06C3811B}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D76C645-7683-446C-A840-6B83FF336387}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D76C645-7683-446C-A840-6B83FF336387}' => Key deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69CDAC07-B290-476A-BFF3-A9A03DAF6D0A}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69CDAC07-B290-476A-BFF3-A9A03DAF6D0A}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007}' => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABA796EC-CD1C-40A9-9356-CEDA2A285A63}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA796EC-CD1C-40A9-9356-CEDA2A285A63}' => Key deleted successfully. C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6549044-D47B-4D18-A895-42A745F637B0}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6549044-D47B-4D18-A895-42A745F637B0}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cf89d3c6004081' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E91C0ED4-6749-4BC1-B5C7-C1C0EA557740}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91C0ED4-6749-4BC1-B5C7-C1C0EA557740}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA' => Key deleted successfully. C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => Moved successfully. C:\ProgramData\Temp => ":82C232FB" ADS removed successfully. ==== End of Fixlog ====
  5. Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014Ran by Al Rodgers at 2014-07-11 09:32:37Running from C:\Users\Al Rodgers\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)AMD APP SDK Runtime (Version: 2.4.595.1 - Advanced Micro Devices Inc.) HiddenApple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{57CC96D5-EC41-6CFA-9BBE-2F004C839318}) (Version: 3.0.820.0 - ATI Technologies, Inc.)BACKTRACK D-TOUR (HKLM-x32\...\com.bushnell.BacktrackDtour) (Version: 1.7.1 - Registria Inc.)BACKTRACK D-TOUR (x32 Version: 1.7.1 - Registria Inc.) HiddenBest Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.523.2 - Best Buy)Best Buy pc app (Version: 3.1.0.0 - Best Buy) HiddenBest Buy pc app (x32 Version: 3.1.0.0 - Best Buy) HiddenBonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)CLEAR™ WiMAX Tutorial (HKLM-x32\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.0.10 - Intel Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.3 - Dell Inc.)Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) HiddenDell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) HiddenIntel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) HiddenIntel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) HiddenIntel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) HiddenMicrosoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)Nmap 5.51 (HKLM-x32\...\Nmap) (Version: - )Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) HiddenPC Auto Backup (HKLM-x32\...\InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}) (Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.)PC Auto Backup (x32 Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.) HiddenPhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) HiddenPrice Check by AOL (HKLM-x32\...\Price Check by AOL) (Version: 1.11.2.1 - AOL Inc.)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) HiddenRoxio Activation Module (x32 Version: 1.0 - Roxio) HiddenRoxio BackOnTrack (x32 Version: 1.3.3 - Roxio) HiddenRoxio Burn (x32 Version: 1.8 - Roxio) HiddenRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) HiddenRoxio Creator Starter (x32 Version: 5.0.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) HiddenRoxio File Backup (Version: 1.3.2 - Roxio) HiddenSamsung i-Launcher 1.0.1.54 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.54 - Samsung Electronics Co., Ltd.)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenThe Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-07-10 11:02 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0739170C-965D-4A3E-9326-3ACC06C3811B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)Task: {09E8BE9F-4E1A-4655-BC1F-3445A94BC11E} - System32\Tasks\{E6DC3341-EDFC-48E8-903D-AA1974AD4AB2} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {0E48BE66-A882-4543-84BA-6A8C0F1DDD1E} - System32\Tasks\RealCreateProcessScheduledTask99926003S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {12F52790-448C-490A-9712-175C4F1767C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)Task: {1546FBF4-50B4-4151-BEF7-2B69A61E6416} - System32\Tasks\RealCreateProcessScheduledTask75294366S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {1F95C70E-8BA9-42DB-BC89-966A06E9CCCB} - System32\Tasks\RealCreateProcessScheduledTask95719187S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {25289BA2-66A7-475E-8F6B-A2597DE9A361} - System32\Tasks\RealCreateProcessScheduledTask166040490S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {343F0B87-5869-41AC-A93A-0C01DAB71588} - System32\Tasks\RealCreateProcessScheduledTask26163551S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {3715B373-B29B-470E-B742-55577D62FAB5} - System32\Tasks\RealCreateProcessScheduledTask1405709S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {37D96F55-FBB6-4251-8F89-B1D85650D4FA} - System32\Tasks\RealCreateProcessScheduledTask35097697S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {3B0B170C-9C81-439C-9997-C45C24F7DF4A} - System32\Tasks\RealCreateProcessScheduledTask25189793S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {40D1DC4B-CEA7-4D2E-96A7-F542F29CC30A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)Task: {426019C6-2FFA-492D-A0BA-E190312A341D} - System32\Tasks\RealCreateProcessScheduledTask101337921S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {4D76C645-7683-446C-A840-6B83FF336387} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTIONTask: {5042A714-B57C-468C-88A5-FADF6BD957B3} - System32\Tasks\RealCreateProcessScheduledTask13693814S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {55446EBC-9287-42C5-9485-FCF6D4A476C8} - System32\Tasks\RealCreateProcessScheduledTask272705176S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {5578D98B-194E-492A-A436-E260040EE644} - System32\Tasks\RealCreateProcessScheduledTask117624S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {59189666-DCC1-41D3-8F38-796BDF565509} - System32\Tasks\RealCreateProcessScheduledTask182502465S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {66EE6D8C-74C1-4ED3-9087-216686AA9CD3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {69CDAC07-B290-476A-BFF3-A9A03DAF6D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)Task: {7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {81F7CF66-51B4-44B3-8F00-32389AD2ACDD} - System32\Tasks\{0202BA65-9187-461D-8173-680EBA9FD10C} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {8F74DA1A-75EE-4380-BA1A-77F7FCB3383A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)Task: {90AE9A88-0911-421C-8958-E032B2D486E6} - System32\Tasks\{D98A7AE1-8D84-40E4-AE3F-EBE9732EE6FD} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {927FD2DC-3019-4926-BAE7-1FEF33D355EF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)Task: {9399247D-D8A0-46D3-BDB2-3FF41B775358} - System32\Tasks\{9A8EFA79-9583-4734-8B35-CA763F9C77DB} => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exeTask: {9F3A1B5F-3116-4318-8E3F-A3F6884B01CA} - System32\Tasks\RealCreateProcessScheduledTask4359588S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {ABA796EC-CD1C-40A9-9356-CEDA2A285A63} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000Task: {B3B6730A-2905-4D72-A223-623D314B3C60} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)Task: {B7054C15-42B4-4E1A-B73D-81EDD28FAEF3} - System32\Tasks\RealCreateProcessScheduledTask7747602S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {C267AB2F-8BB8-4253-B26D-0E32CAF7AD15} - System32\Tasks\RealCreateProcessScheduledTask196124S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {CE8249B0-C3EA-4D94-9718-D577B8195751} - System32\Tasks\{0F151CAD-F8F4-456C-A9CC-0CE6AAF7CFDA} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {CF3276C8-85B3-49B5-8BFB-CB06806F1089} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {D2B04EB0-F0C4-4D66-AE8E-9A7C438D1863} - System32\Tasks\{4AF2580A-BB1F-4497-8F7D-0336057405E0} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F} - \Digital Sites No Task File <==== ATTENTIONTask: {D730BE0C-3832-442B-874F-42C8F4268D28} - System32\Tasks\RealCreateProcessScheduledTask243236S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {DA5829FE-1ED5-4E02-A42C-8986438507A6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {DB05E88C-918B-4AAF-A691-63DD4BDF8229} - System32\Tasks\{7319BC69-D998-4161-A188-66C4A48ABC23} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeTask: {DCA10CD6-656A-4677-B742-68414F671858} - System32\Tasks\RealCreateProcessScheduledTask63204787S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {E6549044-D47B-4D18-A895-42A745F637B0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)Task: {E91C0ED4-6749-4BC1-B5C7-C1C0EA557740} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)Task: {E9240DB0-B020-45CA-A670-B1BFBEECCC49} - System32\Tasks\RealCreateProcessScheduledTask112757475S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {E95CC8E7-CD31-4B1E-B9DA-416D9FE063AB} - System32\Tasks\RealCreateProcessScheduledTask254749S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: {F5E6A805-F98F-4C6B-93A0-A88A9F9B9437} - System32\Tasks\RealCreateProcessScheduledTask10249390S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-21 16:13 - 2014-06-21 16:13 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2011-06-13 19:59 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe2014-03-18 21:49 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2011-06-13 21:56 - 2011-03-25 21:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe2010-09-03 13:11 - 2010-09-03 13:11 - 00520295 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-04-30 14:02 - 2010-04-30 14:02 - 00057344 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\lang.dll2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll2014-02-13 14:17 - 2014-02-13 14:17 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll2011-06-13 19:24 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-06-11 08:44 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-11 08:44 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-11 08:44 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-11 08:44 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-11 08:44 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:82C232FB ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file E:\HitmanPro_x64.exe for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program HitmanPro 3.7 because of this error. Program: HitmanPro 3.7File: E:\HitmanPro_x64.exe The error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and- It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted.- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance. Additional DataError value: C0000428Disk type: 2 Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.212, time stamp: 0x52e62ab4Faulting module name: HitmanPro_x64.exe, version: 3.7.9.212, time stamp: 0x52e62ab4Exception code: 0xc0000006Fault offset: 0x0000000000276ee0Faulting process id: 0x1accFaulting application start time: 0xHitmanPro_x64.exe0Faulting application path: HitmanPro_x64.exe1Faulting module path: HitmanPro_x64.exe2Report Id: HitmanPro_x64.exe3 Error: (07/11/2014 09:15:07 AM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.Invalid Xml syntax. Error: (07/11/2014 09:07:02 AM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.Invalid Xml syntax. Error: (07/11/2014 09:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1310Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/11/2014 09:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xfc8Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/11/2014 08:46:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xd1cFaulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3 Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error: (07/11/2014 08:44:18 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. System errors:=============Error: (07/10/2014 09:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MEMSWEEP2 service failed to start due to the following error: %%1275 Error: (07/10/2014 09:00:41 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MEMSWEEP2 service failed to start due to the following error: %%1275 Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MEMSWEEP2 service failed to start due to the following error: %%1275 Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MEMSWEEP2 service failed to start due to the following error: %%1275 Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/10/2014 08:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The MEMSWEEP2 service failed to start due to the following error: %%1275 Error: (07/10/2014 08:08:41 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Microsoft Office Sessions:=========================Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1005) (User: )Description: E:\HitmanPro_x64.exeHitmanPro 3.7C00004282 Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: HitmanPro_x64.exe3.7.9.21252e62ab4HitmanPro_x64.exe3.7.9.21252e62ab4c00000060000000000276ee01acc01cf9d0a2cdcaf24E:\HitmanPro_x64.exeE:\HitmanPro_x64.exe6b050193-08fd-11e4-85f2-bc7737a35240 Error: (07/11/2014 09:15:07 AM) (Source: SideBySide) (EventID: 59) (User: )Description: E:\Kickstarter.exeE:\Kickstarter.exe0 Error: (07/11/2014 09:07:02 AM) (Source: SideBySide) (EventID: 59) (User: )Description: E:\Kickstarter.exeE:\Kickstarter.exe0 Error: (07/11/2014 09:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd131001cf9d08c12483ebC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3cc70e00-08fc-11e4-85f2-bc7737a35240 Error: (07/11/2014 09:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfc801cf9d08a2b7ed6bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle242ece2-08fb-11e4-85f2-bc7737a35240 Error: (07/11/2014 08:46:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd1c01cf9d061a8db31aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5dc290bd-08f9-11e4-8919-bc7737a35240 Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error: (07/11/2014 08:44:18 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. CodeIntegrity Errors:=================================== Date: 2014-07-10 21:10:04.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\HitmanPro.exe because the set of per-page image hashes could not be found on the system. Date: 2014-07-10 21:00:41.264 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:41.108 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:40.952 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:40.796 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:40.406 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:40.250 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:40.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 21:00:39.938 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 20:08:41.567 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 38%Total physical RAM: 6051.18 MBAvailable physical RAM: 3733.43 MBTotal Pagefile: 12100.53 MBAvailable Pagefile: 9531.86 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:522.9 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 16693EDB)Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by Al Rodgers (administrator) on ALBERT on 16-07-2014 20:34:14Running from C:\Users\Al Rodgers\DesktopPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Samsung) C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe(Samsung) C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe() C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe(Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [3926528 2010-08-23] (Dell, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-03] (RealNetworks, Inc.)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-16] (Dell)HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnkShortcutTarget: PC Auto Backup.lnk -> C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe (Samsung)ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileBootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/searchSearchScopes: HKCU - {36052362-5BE9-47F7-95E8-FC2005FBF6C5} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US370&p={SearchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No FileToolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No FileFF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Al Rodgers\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Al Rodgers\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-07]FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-03] Chrome: =======CHR HomePage: CHR StartupUrls: "hxxp://www.google.com/"CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-11-03]CHR Extension: (Google Wallet) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-07-02]CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-03]CHR StartMenuInternet: Google Chrome - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed]R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]R2 WiselinkPro; C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe [7274561 2013-02-18] (Samsung) [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-16] (Malwarebytes Corporation)S3 MEMSWEEP2; C:\windows\system32\F0F4.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)S3 MFE_RR; \??\C:\Users\ALRODG~1\AppData\Local\Temp\mfe_rr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 20:33 - 2014-07-16 20:33 - 02086912 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe2014-07-16 20:30 - 2014-07-16 20:30 - 00001054 _____ () C:\Users\Al Rodgers\Desktop\ESET.txt2014-07-16 19:28 - 2014-07-16 19:28 - 02347384 _____ (ESET) C:\Users\Al Rodgers\Desktop\esetsmartinstaller_enu.exe2014-07-16 19:28 - 2014-07-16 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-16 19:21 - 2014-07-16 19:23 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\CrashDumps2014-07-16 19:08 - 2014-07-16 19:08 - 01348263 _____ () C:\Users\Al Rodgers\Desktop\AdwCleaner.exe2014-07-16 19:07 - 2014-07-16 19:07 - 00008961 _____ () C:\Users\Al Rodgers\Desktop\JRT.txt2014-07-16 19:00 - 2014-07-16 19:00 - 00000000 ____D () C:\windows\ERUNT2014-07-16 18:59 - 2014-07-16 18:59 - 01016261 _____ (Thisisu) C:\Users\Al Rodgers\Desktop\JRT.exe2014-07-15 19:14 - 2014-07-15 19:17 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\extensions.sqlite2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\addons.sqlite2014-07-15 19:13 - 2014-07-15 19:13 - 05336664 _____ () C:\Users\Al Rodgers\Desktop\RogueKillerX64.exe2014-07-14 09:47 - 2014-07-16 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-14 09:47 - 2014-07-14 09:47 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 09:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-14 09:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-07-14 09:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-07-14 09:43 - 2014-07-14 09:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Desktop\mbam-setup-2.0.2.1012.exe2014-07-14 09:35 - 2014-07-14 09:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Desktop\mbam-clean-2.1.1.1001 (1).exe2014-07-14 09:32 - 2014-07-14 09:32 - 00000890 _____ () C:\Users\Al Rodgers\Desktop\NTREGOPT.lnk2014-07-14 09:32 - 2014-07-14 09:32 - 00000871 _____ () C:\Users\Al Rodgers\Desktop\ERUNT.lnk2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-14 09:31 - 2014-07-14 09:31 - 00791393 _____ (Lars Hederer ) C:\Users\Al Rodgers\Downloads\erunt-setup.exe2014-07-14 09:30 - 2014-07-14 09:31 - 00002440 _____ () C:\Users\Al Rodgers\Desktop\Rkill.txt2014-07-14 09:30 - 2014-07-14 09:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Al Rodgers\Desktop\rkill.exe2014-07-11 09:32 - 2014-07-16 20:34 - 00023981 _____ () C:\Users\Al Rodgers\Desktop\FRST.txt2014-07-11 09:32 - 2014-07-11 09:33 - 00044238 _____ () C:\Users\Al Rodgers\Desktop\Addition.txt2014-07-11 09:31 - 2014-07-16 20:34 - 00000000 ____D () C:\FRST2014-07-11 09:31 - 2014-07-11 09:31 - 02084864 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64.exe2014-07-11 09:23 - 2014-07-11 09:23 - 00070204 _____ () C:\Users\Al Rodgers\Desktop\Extras.Txt2014-07-11 09:22 - 2014-07-11 09:22 - 00132016 _____ () C:\Users\Al Rodgers\Desktop\OTL.Txt2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-11 08:58 - 2014-07-11 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Downloads\mbam-setup-consumer-2.0.2.1012.exe2014-07-11 08:49 - 2014-07-11 08:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Downloads\mbam-clean-2.1.1.1001.exe2014-07-10 20:08 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\F0F4.tmp2014-07-10 20:04 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\FF44.tmp2014-07-10 19:59 - 2014-07-10 20:00 - 00281200 _____ () C:\windows\Minidump\071014-89138-01.dmp2014-07-10 19:54 - 2014-07-10 19:54 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-07-10 19:54 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\658D.tmp2014-07-10 12:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-07-10 12:00 - 2014-07-16 19:17 - 00000000 ____D () C:\AdwCleaner2014-07-10 08:56 - 2014-07-14 09:33 - 00000000 ____D () C:\windows\erdnt2014-07-09 16:40 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll2014-07-09 16:40 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll2014-07-09 12:46 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-07-09 12:46 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-07-09 12:46 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-07-09 12:46 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-07-09 12:46 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-07-09 12:46 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-07-09 12:46 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-07-09 12:46 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-07-09 12:46 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-07-09 12:46 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2014-07-09 12:37 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-07-09 12:37 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-07-09 12:37 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-07-09 12:37 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-07-09 12:37 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-07-09 12:37 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-07-09 12:37 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-07-09 12:37 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-07-09 12:37 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-07-09 12:37 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-07-09 12:37 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-07-09 12:37 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-07-09 12:37 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-07-09 12:37 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-07-09 12:37 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-07-09 12:37 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-07-09 12:37 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-07-09 12:37 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-07-09 12:37 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-07-09 12:37 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-07-09 12:37 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-07-09 12:37 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-07-09 12:37 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-07-09 12:37 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-07-09 12:37 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-07-09 12:37 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-07-09 12:37 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-07-09 12:37 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-07-09 12:37 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-07-09 12:37 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-07-09 12:37 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-07-09 12:37 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-07-09 12:37 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-07-09 12:37 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-07-09 12:37 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-07-09 12:37 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-07-09 12:37 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-07-09 12:37 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-07-09 12:37 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-07-09 12:37 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-07-09 12:37 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 12:37 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-07-09 12:37 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-07-09 12:37 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-07-09 12:37 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-07-09 12:37 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-07-09 12:37 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-07-09 12:37 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-07-09 12:37 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-07-09 12:37 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-07-09 12:37 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-07-09 12:37 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-07-09 12:37 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-07-09 12:37 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-07-09 12:37 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-07-09 12:37 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-07-09 12:28 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-07-09 12:28 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-07-09 12:28 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-07-07 16:26 - 2014-07-07 16:26 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BITCC72.tmp2014-07-07 16:19 - 2014-07-07 16:19 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{EB9529ED-619E-46A9-86C1-53AB23FE2006}2014-07-04 09:29 - 2014-07-04 09:29 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BIT88ED.tmp2014-07-04 09:25 - 2014-07-04 09:25 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{859209E8-D6F0-466E-9DDB-E9B6D81968E7}2014-06-30 07:40 - 2014-06-30 07:40 - 00005151 _____ () C:\Users\Al Rodgers\Downloads\sunsetan.mid2014-06-25 09:22 - 2014-07-09 16:19 - 00000003 _____ () C:\Users\Al Rodgers\AppData\Local\proxy.log2014-06-16 22:28 - 2014-07-16 20:33 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job2014-06-16 22:28 - 2014-06-16 22:28 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 ==================== One Month Modified Files and Folders ======= 2014-07-16 20:34 - 2014-07-11 09:32 - 00023981 _____ () C:\Users\Al Rodgers\Desktop\FRST.txt2014-07-16 20:34 - 2014-07-11 09:31 - 00000000 ____D () C:\FRST2014-07-16 20:33 - 2014-07-16 20:33 - 02086912 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe2014-07-16 20:33 - 2014-06-16 22:28 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job2014-07-16 20:30 - 2014-07-16 20:30 - 00001054 _____ () C:\Users\Al Rodgers\Desktop\ESET.txt2014-07-16 19:58 - 2011-08-18 15:12 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job2014-07-16 19:54 - 2011-09-07 19:00 - 01957058 _____ () C:\windows\WindowsUpdate.log2014-07-16 19:47 - 2012-08-16 16:29 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-16 19:28 - 2014-07-16 19:28 - 02347384 _____ (ESET) C:\Users\Al Rodgers\Desktop\esetsmartinstaller_enu.exe2014-07-16 19:28 - 2014-07-16 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-16 19:26 - 2009-07-14 00:45 - 00013872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-16 19:26 - 2009-07-14 00:45 - 00013872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-16 19:23 - 2014-07-16 19:21 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\CrashDumps2014-07-16 19:23 - 2014-07-14 09:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 19:23 - 2012-08-07 11:04 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-07-16 19:19 - 2011-06-13 19:59 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2014-07-16 19:18 - 2014-06-13 20:25 - 00003222 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3970501574-1576805769-1175336529-10002014-07-16 19:18 - 2014-06-13 14:41 - 00003346 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3970501574-1576805769-1175336529-10002014-07-16 19:18 - 2014-05-08 12:29 - 00005434 _____ () C:\windows\setupact.log2014-07-16 19:18 - 2014-05-08 12:28 - 00170156 _____ () C:\windows\PFRO.log2014-07-16 19:18 - 2011-09-07 18:55 - 2050150400 ___SH () C:\pagefile.s2014-07-16 19:18 - 2011-08-19 14:30 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-16 19:18 - 2011-06-13 20:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2014-07-16 19:18 - 2011-06-13 20:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2014-07-16 19:18 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-16 19:17 - 2014-07-10 12:00 - 00000000 ____D () C:\AdwCleaner2014-07-16 19:08 - 2014-07-16 19:08 - 01348263 _____ () C:\Users\Al Rodgers\Desktop\AdwCleaner.exe2014-07-16 19:07 - 2014-07-16 19:07 - 00008961 _____ () C:\Users\Al Rodgers\Desktop\JRT.txt2014-07-16 19:00 - 2014-07-16 19:00 - 00000000 ____D () C:\windows\ERUNT2014-07-16 18:59 - 2014-07-16 18:59 - 01016261 _____ (Thisisu) C:\Users\Al Rodgers\Desktop\JRT.exe2014-07-16 18:55 - 2013-05-22 11:07 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask2014-07-16 18:55 - 2011-07-29 20:19 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\Apps\2.02014-07-15 19:25 - 2011-08-18 15:12 - 00000876 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job2014-07-15 19:17 - 2014-07-15 19:14 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\extensions.sqlite2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\addons.sqlite2014-07-15 19:14 - 2011-07-29 20:35 - 00000000 ____D () C:\Users\Al\My Backup Files2014-07-15 19:14 - 2009-07-14 01:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-15 19:13 - 2014-07-15 19:13 - 05336664 _____ () C:\Users\Al Rodgers\Desktop\RogueKillerX64.exe2014-07-14 09:47 - 2014-07-14 09:47 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 09:45 - 2014-07-14 09:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Desktop\mbam-setup-2.0.2.1012.exe2014-07-14 09:35 - 2014-07-14 09:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Desktop\mbam-clean-2.1.1.1001 (1).exe2014-07-14 09:33 - 2014-07-10 08:56 - 00000000 ____D () C:\windows\erdnt2014-07-14 09:32 - 2014-07-14 09:32 - 00000890 _____ () C:\Users\Al Rodgers\Desktop\NTREGOPT.lnk2014-07-14 09:32 - 2014-07-14 09:32 - 00000871 _____ () C:\Users\Al Rodgers\Desktop\ERUNT.lnk2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-14 09:31 - 2014-07-14 09:31 - 00791393 _____ (Lars Hederer ) C:\Users\Al Rodgers\Downloads\erunt-setup.exe2014-07-14 09:31 - 2014-07-14 09:30 - 00002440 _____ () C:\Users\Al Rodgers\Desktop\Rkill.txt2014-07-14 09:30 - 2014-07-14 09:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Al Rodgers\Desktop\rkill.exe2014-07-11 09:33 - 2014-07-11 09:32 - 00044238 _____ () C:\Users\Al Rodgers\Desktop\Addition.txt2014-07-11 09:31 - 2014-07-11 09:31 - 02084864 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64.exe2014-07-11 09:23 - 2014-07-11 09:23 - 00070204 _____ () C:\Users\Al Rodgers\Desktop\Extras.Txt2014-07-11 09:22 - 2014-07-11 09:22 - 00132016 _____ () C:\Users\Al Rodgers\Desktop\OTL.Txt2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-11 09:00 - 2014-07-11 08:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Downloads\mbam-setup-consumer-2.0.2.1012.exe2014-07-11 08:51 - 2011-06-13 19:40 - 00000000 ____D () C:\ProgramData\Sonic2014-07-11 08:49 - 2014-07-11 08:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Downloads\mbam-clean-2.1.1.1001.exe2014-07-10 20:00 - 2014-07-10 19:59 - 00281200 _____ () C:\windows\Minidump\071014-89138-01.dmp2014-07-10 19:59 - 2014-06-07 12:53 - 752391153 _____ () C:\windows\MEMORY.DMP2014-07-10 19:59 - 2014-02-07 16:47 - 00000000 ____D () C:\windows\Minidump2014-07-10 19:54 - 2014-07-10 19:54 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-07-10 12:56 - 2009-07-14 01:08 - 00032652 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-07-10 11:24 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-07-10 11:02 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini2014-07-10 10:59 - 2009-07-13 22:34 - 97779712 _____ () C:\windows\system32\config\SOFTWARE.bak2014-07-10 10:59 - 2009-07-13 22:34 - 24641536 _____ () C:\windows\system32\config\SYSTEM.bak2014-07-10 10:59 - 2009-07-13 22:34 - 06029312 _____ () C:\windows\system32\config\DEFAULT.bak2014-07-10 10:59 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak2014-07-10 10:59 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak2014-07-09 16:30 - 2014-05-08 12:03 - 00000000 ____D () C:\temp2014-07-09 16:19 - 2014-06-25 09:22 - 00000003 _____ () C:\Users\Al Rodgers\AppData\Local\proxy.log2014-07-09 16:17 - 2009-07-14 00:45 - 00382360 _____ () C:\windows\system32\FNTCACHE.DAT2014-07-09 16:13 - 2014-05-07 18:02 - 00000000 ___SD () C:\windows\system32\CompatTel2014-07-09 16:13 - 2011-06-13 22:11 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-09 16:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-07-09 16:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism2014-07-09 16:11 - 2013-08-15 23:23 - 00000000 ____D () C:\windows\system32\MRT2014-07-09 16:09 - 2011-09-07 18:35 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-07-09 13:27 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\Performance2014-07-09 10:47 - 2012-08-16 16:29 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-09 10:47 - 2011-10-16 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-07 16:26 - 2014-07-07 16:26 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BITCC72.tmp2014-07-07 16:19 - 2014-07-07 16:19 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{EB9529ED-619E-46A9-86C1-53AB23FE2006}2014-07-04 09:29 - 2014-07-04 09:29 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BIT88ED.tmp2014-07-04 09:25 - 2014-07-04 09:25 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{859209E8-D6F0-466E-9DDB-E9B6D81968E7}2014-07-02 19:57 - 2011-09-07 18:08 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-07-02 15:00 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD2014-06-30 07:41 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-06-30 07:40 - 2014-06-30 07:40 - 00005151 _____ () C:\Users\Al Rodgers\Downloads\sunsetan.mid2014-06-29 22:09 - 2014-07-09 12:46 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-09 12:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-23 09:53 - 2011-08-18 15:12 - 00003912 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA2014-06-23 09:53 - 2011-08-18 15:12 - 00003516 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core2014-06-21 19:48 - 2014-01-31 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-06-20 16:14 - 2014-07-09 12:37 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-06-20 15:39 - 2014-07-09 12:37 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-06-18 21:39 - 2014-07-09 12:37 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-06-18 21:06 - 2014-07-09 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-06-18 21:06 - 2014-07-09 12:37 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-06-18 20:48 - 2014-07-09 12:37 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-06-18 20:42 - 2014-07-09 12:37 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-06-18 20:42 - 2014-07-09 12:37 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-06-18 20:41 - 2014-07-09 12:37 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-06-18 20:41 - 2014-07-09 12:37 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-06-18 20:32 - 2014-07-09 12:37 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-06-18 20:31 - 2014-07-09 12:37 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-06-18 20:26 - 2014-07-09 12:37 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-06-18 20:24 - 2014-07-09 12:37 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-06-18 20:24 - 2014-07-09 12:37 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-06-18 20:23 - 2014-07-09 12:37 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-06-18 20:16 - 2014-07-09 12:37 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-06-18 20:14 - 2014-07-09 12:37 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-06-18 20:09 - 2014-07-09 12:37 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-06-18 19:59 - 2014-07-09 12:37 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-06-18 19:56 - 2014-07-09 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-06-18 19:53 - 2014-07-09 12:37 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-06-18 19:51 - 2014-07-09 12:37 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-06-18 19:50 - 2014-07-09 12:37 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-06-18 19:48 - 2014-07-09 12:37 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-06-18 19:39 - 2014-07-09 12:37 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-06-18 19:38 - 2014-07-09 12:37 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-06-18 19:37 - 2014-07-09 12:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-06-18 19:36 - 2014-07-09 12:37 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-06-18 19:35 - 2014-07-09 12:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-06-18 19:33 - 2014-07-09 12:37 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-06-18 19:32 - 2014-07-09 12:37 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-06-18 19:28 - 2014-07-09 12:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-06-18 19:28 - 2014-07-09 12:37 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-06-18 19:27 - 2014-07-09 12:37 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-06-18 19:27 - 2014-07-09 12:37 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-06-18 19:25 - 2014-07-09 12:37 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-06-18 19:23 - 2014-07-09 12:37 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-06-18 19:22 - 2014-07-09 12:37 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-06-18 19:12 - 2014-07-09 12:37 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-06-18 19:06 - 2014-07-09 12:37 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-18 19:01 - 2014-07-09 12:37 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-06-18 18:59 - 2014-07-09 12:37 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-06-18 18:58 - 2014-07-09 12:37 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-06-18 18:58 - 2014-07-09 12:37 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-06-18 18:52 - 2014-07-09 12:37 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-06-18 18:51 - 2014-07-09 12:37 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-06-18 18:49 - 2014-07-09 12:37 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-06-18 18:46 - 2014-07-09 12:37 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-06-18 18:45 - 2014-07-09 12:37 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-06-18 18:35 - 2014-07-09 12:37 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-06-18 18:34 - 2014-07-09 12:37 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-06-18 18:15 - 2014-07-09 12:37 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-06-18 18:13 - 2014-07-09 12:37 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-06-18 18:09 - 2014-07-09 12:37 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-06-18 18:07 - 2014-07-09 12:37 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-06-17 22:18 - 2014-07-09 12:46 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-06-17 21:51 - 2014-07-09 12:46 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-06-17 21:10 - 2014-07-09 12:46 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-06-16 22:28 - 2014-06-16 22:28 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c60040812014-06-16 22:28 - 2011-08-19 14:30 - 00003650 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP:====================C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-09 09:49 ==================== End Of Log ============================
  7. ESET: C:\AdwCleaner\Quarantine\C\Program Files\pcreg\service.exe.vir Win32/Conduit.SearchProtect.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Al Rodgers\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Windows\Installer\MSIEC44.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe Win32/Conduit.SearchProtect.O potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe Win32/Conduit.SearchProtect.O potentially unwanted application
  8. I could not run the MBAM update without getting the same message as before. I checked the items in settings and got the same message (MBAM has stopped working...) when I tried to run a threat scan.
  9. Adw Cleaner post-reboot: # AdwCleaner v3.215 - Report created 16/07/2014 at 19:17:25# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Al Rodgers - ALBERT# Running from : C:\Users\Al Rodgers\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v [ File : C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4882 octets] - [10/07/2014 12:00:51]AdwCleaner[R1].txt - [881 octets] - [16/07/2014 19:10:31]AdwCleaner[s0].txt - [4927 octets] - [10/07/2014 12:02:37]AdwCleaner[s1].txt - [803 octets] - [16/07/2014 19:17:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [862 octets] ##########
  10. I did not see anythin here to uncheck but here is the Adwcleaner log for your review: # AdwCleaner v3.215 - Report created 16/07/2014 at 19:10:31# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Al Rodgers - ALBERT# Running from : C:\Users\Al Rodgers\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v [ File : C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4882 octets] - [10/07/2014 12:00:51]AdwCleaner[R1].txt - [683 octets] - [16/07/2014 19:10:31]AdwCleaner[s0].txt - [4927 octets] - [10/07/2014 12:02:37] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [802 octets] ##########
  11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Al Rodgers on Wed 07/16/2014 at 19:00:36.86 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CC9E94E3-B2C8-4188-A0F5-C26DB146CD2B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D25B97E9-62B2-40CE-BECF-E43A7B879072} ~~~ Files Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\best buy pc app" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{019631F8-C372-4188-8BE1-574E1BF3DAAE} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{02CA5123-DE48-47C1-8DB0-578226829B33} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{07D4A7F9-8414-4CE7-A315-CC5F60AFDFAA} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{0C29E7B0-6D2C-4EFE-B08C-AEA38212CBDE} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{107194F1-28B1-4B54-B144-A7E81282610E} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{15277799-81AC-49A9-8DB6-712F21C3F276} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{1694949C-DF98-46BD-A11F-96E09B0ADAF9} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{1D48D066-8CE4-42FA-A5EF-2378E2DD621F} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{21EB4F64-8375-4362-A5C8-5824DA18C1C6} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{295A0654-16BF-4808-B827-2E83785EF6B7} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2AD9AE5A-3CEB-4E9A-AE01-C901F7687349} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2BC99B40-6D0D-4A8A-8BF5-0B53AAAB6A5D} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2E0EF101-AD09-4529-925D-A1CE3D22A44F} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2F957D6C-9C9C-482A-9093-5B601154F914} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{321A5D16-5CC1-4338-BEE4-0FA3433B8DA6} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{3E5E5D0E-DF30-42F1-BC7C-C21CF2EBCD39} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{454E6697-D1A7-40D2-B73B-66B3761E75AB} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{48507EBF-048B-4D07-A4A1-43D4765D437E} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{52F0891D-0A77-4116-A1F5-1E467542F38A} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{55FDE7E2-F297-4FC7-999F-E1C555D0E982} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{5CE9185C-345B-48BF-8BE0-7B8C03EB7A8B} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{5FC09339-377F-4544-86E4-12DB54F6A9B6} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{633F4930-5D4D-45BE-801E-EBC190169202} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{6B0369CB-50EA-46D7-9D60-B14BDCA5BEC2} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{71A921C2-CC00-4735-BE16-187AF5D17146} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{7CE1B3F2-73F5-41D7-8224-3FEB07073AD4} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{7D164CB0-D7EC-4C98-B796-3339C59904C4} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{85BC6DCA-4F7C-4F03-998A-1C1CDF08E3D6} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{89F8F241-81E3-4A13-AFEA-95AF1A9D9367} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{8BECF1B2-A747-4C1A-A84E-690B4C2A1B7C} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{8F62A52A-4476-4C58-B68E-3122018B92A9} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{91FD9320-FD0C-46F7-9C62-DC128E76716E} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{92EBF094-ADF8-4066-ADCE-E92273FFA194} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{93458A23-BA26-496B-9398-7BD19FFA348F} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9783015C-646E-4079-9FAF-75B5806476DD} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9F2BC621-3139-4A64-BF92-E089034FD762} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9F45F4EC-6A93-4487-8D2B-956439776378} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{A39E7363-9AF1-434D-B498-1BE364471AA1} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{AA6EDD6C-E082-4012-84DC-F8DC4B12E885} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{B4279C43-54F5-4A93-BD5D-1811C705A92C} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{BB156047-C37C-496A-B4F0-43C41B71B169} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C4340F5A-4452-4E9F-BDB5-16888FCC1877} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C497D37F-B069-40BD-9D0E-E2EF75C8FCB2} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C7F59741-943E-456A-AD39-13EB5E20F187} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CA952959-36DC-4AF6-AF26-16D97BF27F9F} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CC0195AB-BB67-43F7-B08A-9DF5A36465BA} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CCAD35D9-85B8-4503-8014-242259D4927F} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CD75BEDD-6BA6-4AEE-9B80-E131686D9463} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CE856A99-66E5-4E01-AF3B-B177714D9CAA} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CF14ED0F-8B03-407A-ACB8-F1E09F9E3146} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D171AF25-5F15-4B66-BF9F-06594FE71BC8} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D55845DA-28F5-425A-97D1-EF9744945212} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D92FA146-B821-4A2D-806A-6DE306B45B61} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D953FE27-8401-49E6-9E7F-04970DA9CCDA} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E0C54A71-19BD-4DE8-B14B-0D764A334B87} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E245BA3B-1C5C-4DF0-80A3-7CFFCE2C6741} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E5AD3BA6-F884-4506-AB5B-5DCC126470C3} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{EBE968E2-6333-4B17-8070-A68CC104B3A4} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F13E2526-4A84-4916-B7A0-D4FDB9830128} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F32219A1-9DDA-4BD1-90BB-78AE1456F795} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F409A7AB-5298-4917-9CCF-F97E990CD6BB} Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F40EB366-056B-4835-9C4B-29B4DF19DA06} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/16/2014 at 19:07:04.39 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. Here is the RogueKiller report: FYI It launched a webpage following the scan that reported the removal process for a new variant of ZeroAccess called RTL which I did not do since I am working with you to solve this problem. Thanks again for your support. RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionto Started in : Normal modeUser : Al Rodgers [Admin rights]Mode : Scan -- Date : 07/15/2014 19:27:11 ¤¤¤ Bad processes : 1 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12] ¤¤¤ Registry Entries : 21 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR -> FOUND[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 38.183.109.7 38.183.109.20 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8D5FA694-3482-4919-A487-9DEF1E1E811D} | DhcpNameServer : 38.183.109.7 38.183.109.20 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND ¤¤¤ HOSTS File : 1 ¤¤¤[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD6400BPVT-75HXZT1 +++++--- User ---[MBR] ef53f465cc0be18113c6fa1d30d45ff9[bSP] b01383409f28337d3ddf5e4fbdf4eb89 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 595378 MBUser = LL1 ... OKUser = LL2 ... OK
  13. Hi, Thanks for helping. I am stuck at step 2 since I can't update MBAM, it stops and says MBAM has stopped working...as described in my original post. I can run a scan but the database is not up to date...please advise. Thanks.
  14. I have the free version of MBAM but I am considering the premium. I have run every cleaner known (I think) and I don't think the system is infected anymore but MBAM will not uupdate. It give the error that Malwarebytes has stopped working. Windows is checking for a solution....I have posted the requested Farbar logs. Thanks in advance for your help. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.