Trojan.Zaccess keeps being detected by MBAM

[smmaher1]

MBAM keeps detecting trojan.zaccess even though it says it has successfully deleted. Please help to remove this.

 

Farbar Results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013

Ran by Linda (administrator) on LINDA-PC on 08-09-2013 12:44:47

Running from C:\Users\Linda\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffinegyService.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe

() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe

(ParentsOnPatrol) c:\McGruffSafeGuard\driver\wuaudt .exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncclipboard.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - -

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

Winlogon\Notify\AutorunsDisabled: 

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-07] (Google Inc.)

HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)

HKCU\...\Run: [Google Update*] -  <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Event Agent] - c:\McGruffSafeGuard\bin\smss .exe [742400 2011-12-05] ()

HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()

HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2796576 2012-11-09] (Fitbit, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [CCLite] - c:\McGruffSafeGuard\ea.exe [61040 2011-09-06] (ms)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()

Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: 127.0.0.1:9666

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage

URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKCU - {62BF0546-F880-44F7-A74F-8DB2F8C7CD41} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll (Symantec Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 C:\Windows\system32\eventagentpc.dll File Not found ()

Winsock: Catalog9 02 C:\Windows\system32\eventagentpc.dll File Not found ()

Winsock: Catalog9 03 C:\Windows\system32\eventagentpc.dll File Not found ()

Winsock: Catalog9 04 C:\Windows\system32\eventagentpc.dll File Not found ()

Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 14 C:\Windows\system32\eventagentpc.dll File Not found ()

Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9-x64 01 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)

Winsock: Catalog9-x64 02 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)

Winsock: Catalog9-x64 03 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)

Winsock: Catalog9-x64 04 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)

Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 12 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 13 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 14 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9-x64 15 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}

CHR DefaultSuggestURL: (McAfee) -       "suggest_url": ""

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Unity Player) - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()

CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1

CHR Extension: (Chrome In-App Payments service) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

 

==================== Services (Whitelisted) =================

 

R2 AffinegyService; C:\Program Files (x86)\Bresnan\DigiDo\AffinegyService.exe [586608 2011-02-21] (Affinegy, Inc.)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1200160 2012-11-09] (Fitbit, Inc.)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)

S2 System Event Agent; c:\McGruffSafeGuard\bin\spoolsv .exe [372336 2011-07-11] ()

R3 System Event Audit; c:\McGruffSafeGuard\driver\wuaudt .exe [3386992 2011-09-06] (ParentsOnPatrol)

R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\   \...\???\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-10-03] (support.com, Inc)

U3 mfeavfk01; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-08 12:43 - 2013-09-08 12:43 - 01948988 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe

2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Program Files\RealVNC

2013-09-08 11:26 - 2013-03-04 12:55 - 00037704 _____ (RealVNC Ltd) C:\Windows\system32\VNCpm.dll

2013-09-08 11:26 - 2013-03-04 12:55 - 00026112 _____ (RealVNC Ltd.) C:\Windows\system32\vncmirror.dll

2013-09-08 11:26 - 2013-03-04 12:55 - 00004608 _____ (RealVNC Ltd.) C:\Windows\system32\Drivers\vncmirror.sys

2013-09-08 11:24 - 2013-09-08 11:25 - 07189288 _____ (RealVNC Ltd                                                 ) C:\Users\Linda\Downloads\VNC-5.0.5-Windows.exe

2013-09-08 08:52 - 2013-09-08 08:52 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-08 08:52 - 2013-09-08 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-08 08:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-09-08 08:50 - 2013-09-08 08:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-20 12:04 - 2013-08-20 12:04 - 01194600 _____ C:\Windows\Minidump\082013-12604-01.dmp

2013-08-18 13:22 - 2013-08-18 13:22 - 01215688 _____ C:\Windows\Minidump\081813-12480-01.dmp

2013-08-15 19:53 - 2013-08-20 12:04 - 540653039 _____ C:\Windows\MEMORY.DMP

2013-08-15 19:53 - 2013-08-20 12:04 - 00000000 ____D C:\Windows\Minidump

2013-08-15 19:53 - 2013-08-15 19:53 - 01229792 _____ C:\Windows\Minidump\081513-15256-01.dmp

2013-08-14 18:12 - 2013-07-25 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 18:12 - 2013-07-25 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 18:12 - 2013-07-25 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 18:12 - 2013-07-25 23:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 18:12 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 18:12 - 2013-07-25 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 18:12 - 2013-07-25 21:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 18:12 - 2013-07-25 21:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 18:12 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 18:12 - 2013-07-25 21:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 18:12 - 2013-07-25 21:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 18:12 - 2013-07-25 20:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 18:12 - 2013-07-25 20:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 18:12 - 2013-07-25 19:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 18:07 - 2013-08-14 18:09 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 17:30 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 17:30 - 2013-07-08 23:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 17:30 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 17:30 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 17:30 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 17:30 - 2013-07-08 22:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 17:30 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 17:30 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 17:25 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 17:25 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 17:25 - 2013-07-18 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 17:25 - 2013-07-18 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 17:25 - 2013-07-09 00:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 17:25 - 2013-07-08 23:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 17:25 - 2013-07-08 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 17:25 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 17:25 - 2013-07-08 23:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 17:25 - 2013-07-08 23:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 17:25 - 2013-07-08 22:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 17:25 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 17:25 - 2013-07-08 22:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 17:25 - 2013-07-08 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 17:25 - 2013-07-08 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 17:25 - 2013-07-08 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 17:25 - 2013-07-08 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 17:25 - 2013-07-06 00:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 17:25 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-09 22:13 - 2013-08-09 22:13 - 00000000 ____D C:\Users\Linda\AppData\Local\{1FCB3537-729E-4801-A379-63C357C55CB2}

 

==================== One Month Modified Files and Folders =======

 

2013-09-08 12:44 - 2013-09-08 12:44 - 00000000 ____D C:\FRST

2013-09-08 12:43 - 2013-09-08 12:43 - 01948988 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe

2013-09-08 12:43 - 2012-02-28 21:09 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-09-08 12:02 - 2011-09-07 21:00 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-08 11:55 - 2012-04-07 11:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-08 11:27 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-08 11:27 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Program Files\RealVNC

2013-09-08 11:25 - 2013-09-08 11:24 - 07189288 _____ (RealVNC Ltd                                                 ) C:\Users\Linda\Downloads\VNC-5.0.5-Windows.exe

2013-09-08 11:25 - 2013-03-08 00:10 - 00001790 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk

2013-09-08 11:21 - 2011-09-07 21:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-08 11:21 - 2011-07-23 08:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-09-08 11:21 - 2011-07-23 08:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-09-08 11:21 - 2011-07-23 08:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-09-08 11:20 - 2012-12-01 19:29 - 00027274 _____ C:\Windows\setupact.log

2013-09-08 11:20 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-08 09:52 - 2013-03-08 00:08 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-09-08 09:52 - 2012-12-13 15:51 - 00119442 _____ C:\Windows\PFRO.log

2013-09-08 08:52 - 2013-09-08 08:52 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-08 08:52 - 2013-09-08 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-08 08:51 - 2013-09-08 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-08 08:49 - 2011-07-23 08:20 - 00000000 ____D C:\ProgramData\Sonic

2013-09-02 20:04 - 2013-03-08 00:08 - 00000000 ____D C:\Program Files\McAfee

2013-09-02 20:02 - 2011-07-23 08:00 - 01238334 _____ C:\Windows\WindowsUpdate.log

2013-08-20 12:04 - 2013-08-20 12:04 - 01194600 _____ C:\Windows\Minidump\082013-12604-01.dmp

2013-08-20 12:04 - 2013-08-15 19:53 - 540653039 _____ C:\Windows\MEMORY.DMP

2013-08-20 12:04 - 2013-08-15 19:53 - 00000000 ____D C:\Windows\Minidump

2013-08-18 13:22 - 2013-08-18 13:22 - 01215688 _____ C:\Windows\Minidump\081813-12480-01.dmp

2013-08-15 19:53 - 2013-08-15 19:53 - 01229792 _____ C:\Windows\Minidump\081513-15256-01.dmp

2013-08-15 17:56 - 2011-09-07 21:00 - 00000000 ____D C:\Users\Linda\AppData\Local\Google

2013-08-15 12:12 - 2011-09-07 20:59 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-15 11:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-08-14 18:11 - 2009-07-13 23:13 - 00798186 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 18:09 - 2013-08-14 18:07 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 18:07 - 2011-09-12 16:52 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-09 22:17 - 2013-07-22 12:29 - 00000000 ____D C:\Users\Linda\Desktop\mission pics

2013-08-09 22:13 - 2013-08-09 22:13 - 00000000 ____D C:\Users\Linda\AppData\Local\{1FCB3537-729E-4801-A379-63C357C55CB2}

2013-08-09 22:08 - 2013-07-30 09:03 - 00000000 ____D C:\Users\Linda\Desktop\Linda's mission pix

2013-08-09 21:54 - 2013-04-13 15:00 - 00000000 ____D C:\Users\Linda\Desktop\Jones service

 

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

 

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

 

Files to move or delete:

====================

ZeroAccess:

C:\Users\Linda\AppData\Local\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-09-08 11:15

 

==================== End Of Log ============================

 

 

 

Addition.txt results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2013

Ran by Linda at 2013-09-08 12:45:30

Running from C:\Users\Linda\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

   

64 Bit HP CIO Components Installer (Version: 7.2.8)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)

Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)

Angry Birds (x32 Version: 3.0.0)

Angry Birds Seasons (x32 Version: 2.4.1)

Angry Birds Space (x32 Version: 1.4.1)

Apple Application Support (x32 Version: 2.3)

Apple Software Update (x32 Version: 2.1.3.127)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)

Bing Bar (x32 Version: 7.1.361.0)

Blackhawk Striker 2 (x32 Version: 2.2.0.95)

Bonjour (Version: 2.0.0.34)

Bounce Symphony (x32 Version: 2.2.0.95)

BufferChm (x32 Version: 140.0.212.000)

Build-a-lot 2 (x32 Version: 2.2.0.95)

C310 (x32 Version: 140.0.304.000)

Cake Mania (x32 Version: 2.2.0.95)

Chuzzle Deluxe (x32 Version: 2.2.0.95)

Conexant HD Audio (Version: 8.50.4.0)

Consumer In-Home Service Agreement (x32 Version: 2.0.0)

Coupon Printer for Windows (x32 Version: 5.0.0.0)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)

Dell DataSafe Local Backup (x32 Version: 9.4.60)

Dell DataSafe Online (x32 Version: 2.1.19634)

Dell Edoc Viewer (Version: 1.0.0)

Dell Getting Started Guide (x32 Version: 1.00.0000)

Dell Marketplace Webslice IE8 (x32 Version: 8.0)

Dell MusicStage (x32 Version: 1.5.201.0)

Dell PhotoStage (x32 Version: 1.5.0.65)

Dell Stage (x32 Version: 1.7.209.0)

Dell VideoStage  (x32 Version: 1.2.0.1712)

Destinations (x32 Version: 140.0.77.000)

DeviceDiscovery (x32 Version: 140.0.212.000)

DigiDo (x32)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)

DirectX 9 Runtime (x32 Version: 1.00.0000)

Dora's World Adventure (x32 Version: 2.2.0.95)

eaner (Version: 3.25)

eBay (x32 Version: 1.4.0)

EMET (x32 Version: 3.0.0)

Escape Whisper Valley (x32 Version: 2.2.0.95)

Farm Frenzy (x32 Version: 2.2.0.95)

Farm Frenzy (x32)

FATE (x32 Version: 2.2.0.95)

Final Drive Fury (x32 Version: 2.2.0.95)

Final Drive Nitro (x32 Version: 2.2.0.95)

Fitbit Connect (x32 Version: 1.0.0.2292)

Google Chrome (x32 Version: 29.0.1547.66)

Google Earth Plug-in (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)

Google Update Helper (x32 Version: 1.3.21.153)

GoToAssist 8.0.0.514 (x32)

GoToMeeting 4.8.0.723 (HKCU Version: 4.8.0.723)

GPBaseService2 (x32 Version: 140.0.211.000)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP Photo Creations (x32 Version: 1.0.0.11352)

HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)

HP Product Detection (x32 Version: 11.14.0001)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (x32 Version: 5.005.000.002)

HPAppStudio (x32 Version: 140.0.95.000)

HPDiagnosticAlert (x32 Version: 1.00.0000)

HPPhotoGadget (x32 Version: 140.0.524.000)

HPProductAssistant (x32 Version: 140.0.212.000)

HPSSupply (x32 Version: 140.0.211.000)

Intel® Processor Graphics (x32 Version: 9.17.10.2932)

Internet Explorer (x32 Version: 8)

Java Auto Updater (x32 Version: 2.0.6.1)

Java 6 Update 24 (64-bit) (Version: 6.0.240)

Java 6 Update 30 (x32 Version: 6.0.300)

Jewel Quest (x32 Version: 2.2.0.95)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)

JumpStart Artist (x32)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Luxor (x32 Version: 2.2.0.95)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 140.0.212.000)

Math Missions Grades K-2 (x32)

McAfee SecurityCenter (x32 Version: 11.6.511)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 - English (x32 Version: 14.0.5139.5005)

Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)

Network64 (Version: 140.0.215.000)

Network64 (Version: 140.0.221.000)

Norton Safe Web Lite (x32 Version: 1.2.0.7)

OverDrive Media Console (x32 Version: 3.2.20)

Penguins! (x32 Version: 2.2.0.95)

PhotoShowExpress (x32 Version: 2.0.063)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)

Poker Superstars III (x32 Version: 2.2.0.95)

Polar Bowler (x32 Version: 2.2.0.95)

Polar Golfer (x32 Version: 2.2.0.95)

PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000)

QuickTime (x32 Version: 7.73.80.64)

QuickTransfer (x32 Version: 140.0.98.000)

RBVirtualFolder64Inst (Version: 1.00.0000)

Reading Blaster Ages 4-6 (x32)

Roxio Activation Module (x32 Version: 1.0)

Roxio BackOnTrack (x32 Version: 1.3.3)

Roxio Burn (x32 Version: 1.8)

Roxio Creator Starter (x32 Version: 1.0.439)

Roxio Creator Starter (x32 Version: 12.1.77.0)

Roxio Creator Starter (x32 Version: 5.0.0)

Roxio Express Labeler 3 (x32 Version: 3.2.2)

Roxio File Backup (Version: 1.3.2)

Samantha Swift (x32 Version: 2.2.0.95)

Scan (x32 Version: 140.0.80.000)

Schooltown Launcher (x32 Version: 1.00.08.07.22)

Shared C Run-time for x64 (Version: 10.0.0)

Shockwave (x32)

Shop for HP Supplies (Version: 14.0)

Skype Toolbars (x32 Version: 1.0.4051)

Skype™ 5.10 (x32 Version: 5.10.116)

SmartWebPrinting (x32 Version: 140.0.186.000)

SolutionCenter (x32 Version: 140.0.214.000)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)

Status (x32 Version: 140.0.256.000)

swMSM (x32 Version: 12.0.0.1)

Toolbox (x32 Version: 140.0.428.000)

TrayApp (x32 Version: 140.0.212.000)

TrustedID (x32 Version: 5.0)

Typing Quick & Easy (x32 Version: 17.0)

Unity Web Player (x32 Version: 2.1.0f5_16147)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update Installer for WildTangent Games App (x32)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)

VNC Mirror Driver 1.8.0 (Version: 1.8.0)

VNC Printer Driver 1.8.0 (Version: 1.8.0)

VNC Server 5.0.5 (Version: 5.0.5)

WebReg (x32 Version: 140.0.212.017)

Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)

WildTangent Games (x32 Version: 1.0.2.5)

WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Zuma Deluxe (x32 Version: 2.2.0.95)

 

==================== Restore Points  =========================

 

19-07-2013 12:43:17 Scheduled Checkpoint

27-07-2013 01:20:46 Scheduled Checkpoint

03-08-2013 12:55:00 Scheduled Checkpoint

10-08-2013 18:16:43 Scheduled Checkpoint

15-08-2013 00:06:57 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started

Task: {16ED777F-4B62-4C42-82D8-D545A5807BA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated)

Task: {2EC8D4CC-4A28-4B92-9C47-2C384E2061A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)

Task: {33ACF680-1D3F-4433-ABCC-3F83699AC709} - System32\Tasks\WPD\SqmUpload_S-1-5-21-919036067-3736366667-2788334649-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)

Task: {510EB980-20BD-46F1-9EB1-A768B8A3EF0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {78D1EAB0-9A67-487E-A4D3-72DB6D983EC5} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-03] ()

Task: {AED4B2AD-6C25-4B8C-B0A8-CDFD68238C7E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {AEE0C2A0-50FE-45AF-B178-D1C139417B29} - System32\Tasks\User_Feed_Synchronization-{6DCB4E77-A9FA-4C6E-A99E-BB94184238E0} => C:\Windows\system32\msfeedssync.exe [2013-02-26] (Microsoft Corporation)

Task: {C9DD2EB8-BCFA-444F-8FA8-63FEED73E3AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D6D6E35D-4974-484D-903A-BCD97C9260F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)

Task: {F312BA45-F19C-4716-8A09-7AF83C9FFD02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)

Task: {F80FFA99-3681-4A4B-8060-428CF61468D6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-07-03 19:02 - 2013-07-03 19:02 - 00261744 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00661448 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCP110.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00828872 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCR110.dll

2012-12-14 03:42 - 2012-12-14 03:42 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc

2011-07-23 09:34 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-05-09 14:25 - 2012-05-09 14:25 - 01815552 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.XtraBars.v10.1.dll

2012-05-09 14:25 - 2012-05-09 14:25 - 02921984 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.Utils.v10.1.dll

2012-05-09 14:25 - 2012-05-09 14:25 - 02460160 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.Data.v10.1.dll

2012-02-24 11:09 - 2011-09-06 10:53 - 00429168 _____ (ParentsOnPatrol) C:\Windows\system32\eventagentpc64.dll

2011-12-06 18:25 - 2011-02-21 14:35 - 00393584 _____ (Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffIpHelper.dll

2011-12-06 18:25 - 2011-02-21 14:35 - 00139632 _____ (Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffCrypto.dll

2009-11-18 05:16 - 2009-11-18 05:16 - 00137344 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll

2009-11-18 05:16 - 2009-11-18 05:16 - 00217728 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll

2009-11-18 05:16 - 2009-11-18 05:16 - 00253568 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll

2010-11-20 21:24 - 2010-11-20 21:24 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV

2011-11-16 20:08 - 2010-11-23 20:34 - 00675704 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccL100U.dll

2011-11-16 20:08 - 2010-11-23 20:21 - 00085880 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccVrTrst.dll

2011-11-16 20:08 - 2010-11-23 20:21 - 00140152 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvc.dll

2011-11-16 20:08 - 2010-11-23 20:21 - 00158584 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccIPC.dll

2011-11-16 20:08 - 2010-12-02 20:38 - 00262584 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\DIMASTER.DLL

2011-11-16 20:08 - 2010-11-23 20:21 - 00268664 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSet.dll

2011-11-16 20:08 - 2010-12-16 19:28 - 00273336 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\COSVCNST.DLL

2011-11-16 20:08 - 2010-11-23 20:21 - 00291704 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\CCGEVT.DLL

2011-11-16 20:08 - 2010-11-23 20:21 - 00199544 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccGLog.dll

2011-11-16 20:08 - 2010-11-23 20:21 - 00386936 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\CCJOBMGR.DLL

2011-11-16 20:08 - 2010-12-02 20:38 - 00293304 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\diStRptr.dll

2012-02-01 12:44 - 2012-02-01 12:44 - 18858496 _____ (Unlimited Realities) C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll

2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll

2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00222832 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00534480 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCP110.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00862664 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCR110.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00543856 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\Telemetry.dll

2013-07-03 19:02 - 2013-07-03 19:02 - 00039536 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\logging.dll

2011-09-06 10:53 - 2011-09-06 10:53 - 00151152 _____ (ParentsOnPatrol) c:\McGruffSafeGuard\driver\EventDLL.dll

2011-09-06 10:53 - 2011-09-06 10:53 - 00302704 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libnspr4.dll

2011-09-06 10:54 - 2011-09-06 10:54 - 00859248 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\nss3.dll

2011-09-06 10:54 - 2011-09-06 10:54 - 00126064 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\nssutil3.dll

2011-09-06 10:54 - 2011-09-06 10:54 - 00056432 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libplc4.dll

2011-09-06 10:54 - 2011-09-06 10:54 - 00053872 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libplds4.dll

2011-09-06 10:54 - 2011-09-06 10:54 - 00142960 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\smime3.dll

2013-09-08 08:52 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

2013-09-08 08:52 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

 

==================== Alternate Data Streams (whitelisted) ==========

 

AlternateDataStreams: C:\Users\Linda\Desktop\Thumbs.db:encryptable

AlternateDataStreams: C:\Users\Linda\Documents\Thumbs.db:encryptable

 

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart Prem C310 series

Description: Photosmart Prem C310 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/08/2013 11:30:51 AM) (Source: CVHSVC) (User: )

Description: Information only.

Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

 

Error: (09/08/2013 11:30:20 AM) (Source: VNC Server) (User: )

Description: SDisplay: VNC Mirror Driver missing or unsupported on this platform

 

Error: (09/08/2013 11:29:43 AM) (Source: VNC Server) (User: )

Description: SDisplay: VNC Mirror Driver missing or unsupported on this platform

 

Error: (09/08/2013 11:28:57 AM) (Source: VNC Server) (User: )

Description: SConnection: AuthFailureException: Either the username was not recognised, or the password was incorrect

 

Error: (09/08/2013 11:26:56 AM) (Source: VNC Server) (User: )

Description: VncServerLicenseManager: No license installed

 

Error: (09/08/2013 11:26:56 AM) (Source: VNC Server) (User: )

Description: VncServerLicenseManager: No license installed

 

Error: (09/08/2013 11:22:15 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 10:03:00 AM) (Source: CVHSVC) (User: )

Description: Information only.

Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

 

Error: (09/08/2013 09:54:26 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 09:10:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (09/08/2013 11:22:59 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

 

Error: (09/08/2013 11:22:59 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

 

Error: (09/08/2013 11:22:51 AM) (Source: Service Control Manager) (User: )

Description: The System Event Agent service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/08/2013 11:22:42 AM) (Source: Service Control Manager) (User: )

Description: The System Event Audit service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/08/2013 11:21:37 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/08/2013 11:20:35 AM) (Source: Service Control Manager) (User: )

Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

 

Error: (09/08/2013 11:20:34 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

 

Error: (09/08/2013 11:20:34 AM) (Source: Service Control Manager) (User: )

Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

 

Error: (09/08/2013 11:20:32 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service terminated with the following error: 

%%1060

 

Error: (09/08/2013 09:55:07 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

 

 

Microsoft Office Sessions:

=========================

Error: (09/08/2013 11:30:51 AM) (Source: CVHSVC)(User: )

Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

 

Error: (09/08/2013 11:30:20 AM) (Source: VNC Server)(User: )

Description: SDisplayVNC Mirror Driver missing or unsupported on this platform

 

Error: (09/08/2013 11:29:43 AM) (Source: VNC Server)(User: )

Description: SDisplayVNC Mirror Driver missing or unsupported on this platform

 

Error: (09/08/2013 11:28:57 AM) (Source: VNC Server)(User: )

Description: SConnectionAuthFailureException: Either the username was not recognised, or the password was incorrect

 

Error: (09/08/2013 11:26:56 AM) (Source: VNC Server)(User: )

Description: VncServerLicenseManagerNo license installed

 

Error: (09/08/2013 11:26:56 AM) (Source: VNC Server)(User: )

Description: VncServerLicenseManagerNo license installed

 

Error: (09/08/2013 11:22:15 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 10:03:00 AM) (Source: CVHSVC)(User: )

Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

 

Error: (09/08/2013 09:54:26 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 09:10:11 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-09-08 11:27:00.359

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 11:27:00.356

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 11:27:00.355

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:58:36.034

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:58:36.034

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:58:36.034

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:11:57.466

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:11:57.466

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-08 09:11:57.466

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 31%

Total physical RAM: 6056.63 MB

Available physical RAM: 4135.14 MB

Total Pagefile: 12111.44 MB

Available Pagefile: 9865.04 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:854.86 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B76748FB)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

[smmaher1]

Duplicate post. please delete.

[MrCharlie]

Being helped here:

http://forums.malwarebytes.org/index.php?showtopic=132893&p=727177

MrC

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.