Jump to content

Help - I Have Some Sort of Malware - Sendori Possibly

Leila

By Leila
in Resolved Malware Removal Logs

 Share

Recommended Posts

Leila

Leila

Posted
Posted

Yesterday, I downloaded a program titled YouTube Downloader.  Shortly after downloading it I found I couldn't post a reply to my forum - a Yuku forum. I kept getting a message that stated FORBIDDEN - You don't have permission to access /forum/postreply/on this server.

 

I checked my programs to see if something was downloaded along with the YouTube Downloader that could be blocking me from posting a reply in my forum.  I found a program called "Sendori."   I uninstalled it, and also uninstalled the downloader program just in case that was blocking me from posting a reply. 

 

When I still could not post a reply to my forum, I contacted the Yuku Help Desk.  They had me try to type and post the word "test" to my forum. When I couldn't even post the word "test" to reply to a topic, the help desk suggested I might have malware called "Sendori" and said to download Malwarebytes and do a scan.

 

I downloaded Malwarebytes and ran a scan.  I had a number of found objects.  I checked off each item and clicked remove.  I was told to re-boot to removed the objects, which I did.  But, I still cannot post a reply to my forum.  I'm the forum administrator and haven't been able to post a topic or reply to my forum for the past 24 hours.

Link to post
Share on other sites
  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello Leila,

 

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Linda at 21:53:03 on 2013-10-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3568 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\splwow64.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Linda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\Users\Linda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02CE28E7-3D9C-4EC7-87EC-12F15B746C00} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [uMonit] C:\windows\SysWOW64\UMonit.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL -
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-5-19 57952]
R0 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-5-13 74560]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-2-19 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-2-19 343568]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-5-19 20832]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-5-19 13408]
R1 MOBK400Filter;MOBK400Filter;C:\windows\System32\drivers\MOBK400.sys [2013-5-13 66040]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-30 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-13 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-10 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-10 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-5-13 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-5-13 182752]
R2 MOBK400backup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [2010-6-1 231224]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-18 2655768]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-5-13 70112]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-5-19 57856]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-10-30 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-5-13 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-5-13 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-19 947304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-10-15 197704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 ssmirrdr;ssmirrdr;C:\windows\System32\drivers\ssmirrdr.sys [2011-6-10 10112]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-7 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-10-30 19:41:17    --------    d-----w-    C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 19:40:59    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-30 19:40:56    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-10-30 19:40:56    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 19:40:20    --------    d-----w-    C:\Users\Linda\AppData\Local\Programs
2013-10-30 04:39:17    --------    d-----w-    C:\ProgramData\Oracle
2013-10-30 04:38:53    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 20:56:51    --------    d--h--w-    C:\ProgramData\Common Files
2013-10-22 01:10:41    --------    d-----w-    C:\Program Files\McAfee Security Scan
2013-10-16 03:02:08    197704    ----a-w-    C:\windows\System32\drivers\HipShieldK.sys
2013-10-10 23:58:09    --------    d-----w-    C:\Users\Linda\AppData\Local\McAfee File Lock
2013-10-10 10:05:59    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-10-10 03:49:04    633856    ----a-w-    C:\windows\System32\comctl32.dll
2013-10-10 03:49:04    530432    ----a-w-    C:\windows\SysWow64\comctl32.dll
2013-10-10 03:49:01    109824    ----a-w-    C:\windows\System32\drivers\USBAUDIO.sys
2013-10-10 03:49:01    100864    ----a-w-    C:\windows\System32\drivers\usbcir.sys
2013-10-01 06:31:27    91544    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
.
==================== Find3M  ====================
.
2013-10-09 02:59:53    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 02:59:53    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-25 03:29:46    70112    ----a-w-    C:\windows\System32\drivers\cfwids.sys
2013-09-25 03:25:40    343568    ----a-w-    C:\windows\System32\drivers\mfewfpk.sys
2013-09-25 03:25:24    182752    ----a-w-    C:\windows\System32\mfevtps.exe
2013-09-25 03:22:48    781312    ----a-w-    C:\windows\System32\drivers\mfehidk.sys
2013-09-25 03:21:32    519192    ----a-w-    C:\windows\System32\drivers\mfefirek.sys
2013-09-25 03:20:28    310224    ----a-w-    C:\windows\System32\drivers\mfeavfk.sys
2013-09-25 03:19:56    179664    ----a-w-    C:\windows\System32\drivers\mfeapfk.sys
2013-09-22 23:28:06    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:39:47    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-20 16:38:30    10856    ----a-w-    C:\windows\System32\drivers\mfeclnrk.sys
2013-09-20 16:38:14    95984    ----a-w-    C:\windows\System32\drivers\mfencrk.sys
2013-09-20 16:37:56    390552    ----a-w-    C:\windows\System32\drivers\mfencbdc.sys
2013-09-14 01:10:19    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2013-09-09 18:11:58    74560    ----a-w-    C:\windows\System32\drivers\McPvDrv.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\windows\System32\drivers\ataport.sys
.
============= FINISH: 21:53:30.04 ===============
 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2011 4:38:25 PM
System Uptime: 10/30/2013 4:32:59 PM (5 hours ago)
.
Motherboard: LENOVO |  | To be filled by O.E.M.
Processor: Intel® Core i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1372 GiB total, 1309.654 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Genesys USB Mass Storage Device
Google Chrome
Google Update Helper
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
Lenovo Driver and Application Installation
Lenovo Dynamic Brightness System
Lenovo EE Boot Optimizer
Lenovo Eye Distance System
Lenovo Rescue System
LVT
LXH-JME2207FN Hotkey Driver
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Shared C Run-time for x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Verizon Wireless Software Utility Application for Android - Samsung
.
==== Event Viewer Messages From Past Week ========
.
10/30/2013 9:28:54 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
10/30/2013 9:26:23 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
10/30/2013 9:06:40 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
10/30/2013 10:28:32 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
10/30/2013 10:28:32 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
10/30/2013 10:28:32 AM, Error: Service Control Manager [7000]  - The McAfee Proxy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/30/2013 10:28:32 AM, Error: Service Control Manager [7000]  - The McAfee Anti-Spam Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/30/2013 10:28:31 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
10/30/2013 10:28:31 AM, Error: Service Control Manager [7000]  - The McAfee Personal Firewall Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/30/2013 10:28:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.
10/30/2013 10:28:30 AM, Error: Service Control Manager [7000]  - The McAfee Home Network service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2013 6:18:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Service Sendori service, but this action failed with the following error:  An instance of the service is already running.
10/29/2013 5:58:03 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1200000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

I've copied and pasted the two  logs - DDS.txt and Attach.txt in the two posts above.

 

I'm not sure if I did this right as when I clicked on here to start a new topic, I found my topic was already here.  I failed to click on the "follow this topic" to check the receive notification box.

 

I have a very important question:  I have followed the directions and have enabled viewing of hidden files in Windows 7.  Is it safe to use my email in this situation with the hidden files enabled?   I ask because I'm expecting an important email on Thursday involving bank documents.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well you need to double check and make sure your computer is safe otherwise I would not be using this computer for any type of banking documents until we know for sure it's not running some type of rootkit or trojan that can capture your email.

 

Showing your hidden files and extensions is not a security issue.  Really not sure why Microsoft sets them that way except to possibly prevent new users from trying to delete system files.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

Hi,

I followed instructions in Step 03 - Malwarebytes Anti-Root kit and ran the scan twice.  It didn't produce a log either time.  Instead I got a message that there was no malware found.

 

I wondered if I was to do Step 03 next, as I hadn't done Step 0 - RKill, Step 01 - Backup the Registry, and Step 02 - RogueKiller.  What should I do next?

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

Hi,

Please bear with me.  Because of the bank transaction that had to be taken care of today, and not trusting to do it by the computer, we ended up driving 140 miles round trip to the bank to do the transaction in person.  We've had a couple of appointments that had to be taken care of too, and I've got one errand to do and then I can get back online and work on the next steps.  Thanks for your patience.

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

Here is the JRT.exe scan....................

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Linda on Thu 10/31/2013 at 18:42:57.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files

Successfully deleted: [File] "C:\Users\Linda\AppData\Local\Temp\searchqu.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\locallow\searchquband"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Emptied folder: C:\Users\Linda\AppData\Roaming\mozilla\firefox\profiles\oxji2wdd.default-1353194462899\minidumps [170 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Linda\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/31/2013 at 18:49:35.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

I have McAfee Total Protection and I followed the instructions for disabling it.............it was located in my tray at the bottom of the page, and after running the JRT.exe scan, I went back to enable the McAfee Total Protection and the tray icon is now missing.

 

In my program icons on the Windows screen I do have McAfee Security and it says everything in on.

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

Here's the log from AdwCleaner..........................

 

# AdwCleaner v3.010 - Report created 31/10/2013 at 20:13:25
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-PC
# Running from : C:\Users\Linda\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : DefaultTabSearch
Service Found : DefaultTabUpdate
Service Found : lssvc

***** [ Files / Folders ] *****

File Found : C:\Users\Linda\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Linda\Desktop\Optimizer Pro.lnk
Folder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found C:\Program Files (x86)\DefaultTab
Folder Found C:\Program Files (x86)\Linksicle
Folder Found C:\Program Files (x86)\optimizer pro
Folder Found C:\Program Files\Linksicle
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found C:\Users\Linda\AppData\Roaming\DefaultTab
Folder Found C:\Users\Linda\AppData\Roaming\optimizer pro
Folder Found C:\Users\Linda\Documents\optimizer pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4527 octets] - [31/10/2013 20:13:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4587 octets] ##########
 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

This is the log file of the ESET Scan - 11 threats found............................

 

C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe    a variant of Win32/Toolbar.DefaultTab.B application
C:\Users\Linda\AppData\Local\Temp\0JN6nlHe.exe.part    a variant of Win32/AdWare.iBryte.I.gen application
C:\Users\Linda\AppData\Local\Temp\hukotlJf.exe.part    a variant of Win32/InstallCore.CH application
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll    a variant of Win32/Toolbar.DefaultTab.B application
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe    a variant of Win32/Toolbar.DefaultTab.B application
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll    a variant of Win32/Toolbar.DefaultTab.B application
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe    Win32/Toolbar.DefaultTab.A application
C:\Users\Linda\Downloads\Setup(1).exe    a variant of Win32/AdWare.iBryte.I.gen application
C:\Users\Linda\Downloads\Setup.exe    a variant of Win32/AdWare.iBryte.I.gen application
C:\Users\Linda\Downloads\youtube_downloader_hd_setup.exe    Win32/OpenCandy application
Operating memory    a variant of Win32/Toolbar.DefaultTab.B application
 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

I re-ran the AdwCleaner and this time clicked on "clean" and removed all items checked.  Here's the log...............

 

# AdwCleaner v3.010 - Report created 31/10/2013 at 21:59:01
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-PC
# Running from : C:\Users\Linda\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
Service Deleted : lssvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Linksicle
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Users\Linda\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Linda\Documents\optimizer pro
Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Users\Linda\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4711 octets] - [31/10/2013 20:13:25]
AdwCleaner[R1].txt - [4540 octets] - [31/10/2013 21:58:07]
AdwCleaner[s0].txt - [4454 octets] - [31/10/2013 21:59:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4514 octets] ##########
 

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

This is the Farbar Recovery Scan..............................

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Linda (administrator) on LINDA-PC on 31-10-2013 22:21:15
Running from C:\Users\Linda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\windows\Installer\MSI3ACE.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
(BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Samsung Electronics Co. Ltd.) C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [uMonit] - C:\Windows\SysWOW64\UMonit.exe [28672 2010-11-30] ()
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-19] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [573952 2013-10-29] (BrowserSafeguard)
MountPoints2: {587167d3-0f55-11e2-8814-1078d2ed4b54} - F:\ToolLauncher-Bootstrap.exe
HKLM-x32\...\Run: [jmekey] - C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [Lenovo Eye Distance System] - C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] - C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs:       [0 ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49162;https=127.0.0.1:49162
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6EC4F8206609CA01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {DB6FAE01-B9EF-4892-86B1-89BE26831E34} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: ScorpionSaver - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\Extensions\ScorpionSaver@jetpack
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Linksicle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0
CHR Extension: (Scorpion Saver) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [gohhkpbcblcpnaghfmnkfangnkkagacg] - C:\Program Files (x86)\Linksicle\Chrome\gohhkpbcblcpnaghfmnkfangnkkagacg.crx

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Level Quality Watcher; C:\windows\Installer\MSI3ACE.tmp [507912 2013-10-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [57856 2010-12-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-06-10] (support.com, Inc)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWow64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 22:21 - 2013-10-31 22:21 - 00000000 ____D C:\FRST
2013-10-31 22:20 - 2013-10-31 22:20 - 01957098 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2013-10-31 21:57 - 2013-10-31 21:57 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner(2).exe
2013-10-31 21:52 - 2013-10-31 21:52 - 00001125 _____ C:\Users\Linda\Desktop\eset scan.txt
2013-10-31 21:51 - 2013-10-31 21:51 - 00001125 _____ C:\Users\Linda\Documents\eset scan.txt
2013-10-31 21:00 - 2013-10-31 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-31 20:12 - 2013-10-31 21:59 - 00000000 ____D C:\AdwCleaner
2013-10-31 20:12 - 2013-10-31 20:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe
2013-10-31 20:12 - 2013-10-31 20:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner(1).exe
2013-10-31 19:28 - 2013-10-31 19:28 - 00003858 _____ C:\windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-31 19:28 - 2013-10-31 19:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-31 19:27 - 2013-10-31 19:27 - 00000000 ____D C:\ProgramData\Real
2013-10-31 19:24 - 2013-10-31 19:24 - 01969448 _____ (Express Install       ) C:\Users\Linda\Downloads\Setup(1).exe
2013-10-31 19:21 - 2013-10-31 19:21 - 01969448 _____ (Express Install       ) C:\Users\Linda\Downloads\Setup.exe
2013-10-31 18:42 - 2013-10-31 18:42 - 00000000 ____D C:\windows\ERUNT
2013-10-31 18:41 - 2013-10-31 18:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe
2013-10-31 18:41 - 2013-10-31 18:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe
2013-10-31 18:21 - 2013-10-31 18:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2013-10-30 23:38 - 2013-10-30 23:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe
2013-10-30 23:23 - 2013-10-30 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-30 23:23 - 2013-10-30 23:40 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-30 23:18 - 2013-10-30 23:51 - 00000000 ____D C:\Users\Linda\Desktop\mbar
2013-10-30 23:18 - 2013-10-30 23:39 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-30 23:18 - 2013-10-30 23:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe
2013-10-30 21:52 - 2013-10-30 21:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com
2013-10-30 21:51 - 2013-10-30 21:50 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com
2013-10-30 21:47 - 2013-10-30 21:46 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com
2013-10-30 21:43 - 2013-10-30 21:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr
2013-10-30 21:09 - 2013-10-30 21:32 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3
2013-10-30 12:41 - 2013-10-30 12:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-30 12:41 - 2013-10-30 12:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 12:40 - 2013-10-30 12:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 12:40 - 2013-10-30 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 12:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-30 12:38 - 2013-10-30 12:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe
2013-10-30 12:37 - 2013-10-30 12:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-10-30 12:37 - 2013-10-30 12:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 12:34 - 2013-10-30 12:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 21:39 - 2013-10-29 21:39 - 00000000 _ ____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 21:38 - 2013-10-29 21:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 13:59 - 2013-10-29 14:01 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4
2013-10-21 18:10 - 2013-10-21 18:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-15 20:02 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2013-10-10 16:58 - 2013-10-10 16:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock
2013-10-10 03:06 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-10 03:06 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-10 03:06 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-10 03:06 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-10 03:06 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-10 03:06 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-10 03:06 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-10 03:06 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-10 03:06 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-10 03:06 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-10 03:06 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 03:05 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-10 03:05 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-10 03:05 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-10 03:05 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-10 03:05 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-10 03:05 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-10 03:05 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 20:49 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 20:49 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-09 20:49 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 20:49 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 20:48 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 20:48 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 20:48 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 20:48 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 20:48 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 20:48 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 20:48 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 20:48 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 20:48 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 20:48 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 20:48 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 20:48 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 20:48 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 20:48 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 20:48 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 20:48 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 20:48 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 20:48 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 20:48 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 20:48 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 20:48 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 20:48 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 20:48 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 20:48 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 20:48 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 20:48 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 20:48 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 20:48 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 20:48 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 20:48 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-09 20:48 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 20:48 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 20:48 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 20:48 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 20:48 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 20:48 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 20:48 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 20:48 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 20:48 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 20:48 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 20:48 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 20:48 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 20:48 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-02 14:14 - 2013-10-02 14:14 - 00058192 _____ (Linksicle) C:\windows\system32\Drivers\lsnfd.sys

==================== One Month Modified Files and Folders =======

2013-10-31 22:21 - 2013-10-31 22:21 - 00000000 ____D C:\FRST
2013-10-31 22:20 - 2013-10-31 22:20 - 01957098 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2013-10-31 22:08 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 22:08 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 22:05 - 2013-05-13 16:31 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-10-31 22:05 - 2009-07-13 22:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-31 22:04 - 2011-05-18 20:57 - 02022619 _____ C:\windows\WindowsUpdate.log
2013-10-31 22:03 - 2011-07-07 17:05 - 00000000 __RSD C:\Users\Linda\Documents\McAfee Vaults
2013-10-31 22:01 - 2012-10-07 19:18 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-10-31 22:01 - 2011-05-19 09:29 - 00106727 _____ C:\windows\system32\fastboot.set
2013-10-31 22:00 - 2011-05-19 09:28 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 22:00 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-31 22:00 - 2009-07-13 21:51 - 00059549 _____ C:\windows\setupact.log
2013-10-31 21:59 - 2013-10-31 20:12 - 00000000 ____D C:\AdwCleaner
2013-10-31 21:59 - 2012-06-12 00:16 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 21:59 - 2011-05-19 09:28 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 21:57 - 2013-10-31 21:57 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner(2).exe
2013-10-31 21:52 - 2013-10-31 21:52 - 00001125 _____ C:\Users\Linda\Desktop\eset scan.txt
2013-10-31 21:51 - 2013-10-31 21:51 - 00001125 _____ C:\Users\Linda\Documents\eset scan.txt
2013-10-31 21:00 - 2013-10-31 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-31 20:12 - 2013-10-31 20:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe
2013-10-31 20:12 - 2013-10-31 20:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner(1).exe
2013-10-31 19:28 - 2013-10-31 19:28 - 00003858 _____ C:\windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-31 19:28 - 2013-10-31 19:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-31 19:28 - 2013-10-31 19:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-31 19:28 - 2013-09-30 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-31 19:28 - 2011-07-08 16:38 - 00000000 ____D C:\Users\Linda
2013-10-31 19:28 - 2009-07-13 20:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2013-10-31 19:28 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2013-10-31 19:27 - 2013-10-31 19:27 - 00000000 ____D C:\ProgramData\Real
2013-10-31 19:24 - 2013-10-31 19:24 - 01969448 _____ (Express Install       ) C:\Users\Linda\Downloads\Setup(1).exe
2013-10-31 19:21 - 2013-10-31 19:21 - 01969448 _____ (Express Install       ) C:\Users\Linda\Downloads\Setup.exe
2013-10-31 19:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-10-31 18:42 - 2013-10-31 18:42 - 00000000 ____D C:\windows\ERUNT
2013-10-31 18:41 - 2013-10-31 18:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe
2013-10-31 18:41 - 2013-10-31 18:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe
2013-10-31 18:21 - 2013-10-31 18:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2013-10-30 23:51 - 2013-10-30 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-30 23:51 - 2013-10-30 23:18 - 00000000 ____D C:\Users\Linda\Desktop\mbar
2013-10-30 23:40 - 2013-10-30 23:23 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-30 23:39 - 2013-10-30 23:18 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-30 23:38 - 2013-10-30 23:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe
2013-10-30 23:18 - 2013-10-30 23:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe
2013-10-30 21:52 - 2013-10-30 21:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com
2013-10-30 21:50 - 2013-10-30 21:51 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com
2013-10-30 21:46 - 2013-10-30 21:47 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com
2013-10-30 21:43 - 2013-10-30 21:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr
2013-10-30 21:32 - 2013-10-30 21:09 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3
2013-10-30 15:27 - 2010-11-20 20:47 - 00087354 _____ C:\windows\PFRO.log
2013-10-30 15:02 - 2013-05-13 16:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-30 12:41 - 2013-10-30 12:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-30 12:41 - 2013-10-30 12:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 12:41 - 2013-10-30 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 12:40 - 2013-10-30 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 12:38 - 2013-10-30 12:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe
2013-10-30 12:37 - 2013-10-30 12:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-10-30 12:37 - 2013-10-30 12:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 12:19 - 2013-10-30 12:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 21:39 - 2013-10-29 21:39 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 21:38 - 2013-10-29 21:38 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-29 21:38 - 2013-10-29 21:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 21:38 - 2013-10-29 21:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 14:01 - 2013-10-29 13:59 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4
2013-10-24 18:04 - 2008-12-09 00:02 - 00000000 ____D C:\Users\Linda\Documents\Thomas Blaine Simpson
2013-10-24 18:04 - 2005-09-12 23:17 - 00000000 ____D C:\Users\Linda\Documents\Telephone Numbers & Addresses
2013-10-24 18:03 - 2010-01-31 13:31 - 00000000 ____D C:\Users\Linda\Documents\Tom Simpson
2013-10-21 18:10 - 2013-10-21 18:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-21 18:10 - 2012-08-27 15:59 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-18 10:02 - 2011-05-19 09:28 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-10-15 19:56 - 2011-07-07 17:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-10-11 11:30 - 2011-05-19 09:26 - 00000000 ____D C:\ProgramData\McAfee
2013-10-10 16:58 - 2013-10-10 16:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock
2013-10-10 14:41 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-10-10 03:24 - 2012-04-26 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-10 03:24 - 2009-07-13 21:45 - 00428512 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-10 03:03 - 2013-08-15 03:00 - 00000000 ____D C:\windows\system32\MRT
2013-10-10 03:02 - 2011-07-07 17:34 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-08 19:59 - 2012-06-12 00:16 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:59 - 2012-04-12 03:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 19:59 - 2011-07-08 17:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 17:54 - 2011-05-19 09:28 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 17:54 - 2011-05-19 09:28 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 12:49 - 2012-11-03 16:03 - 00000000 ____D C:\Users\Linda\AppData\Local\HP
2013-10-02 14:14 - 2013-10-02 14:14 - 00058192 _____ (Linksicle) C:\windows\system32\Drivers\lsnfd.sys
2013-10-01 23:36 - 2011-07-08 17:16 - 00000000 ____D C:\Users\Linda\AppData\Local\Mozilla

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Linda\medic6.exe


Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-5.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Linda\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Linda\AppData\Local\Temp\installhelper.dll
C:\Users\Linda\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\oi_{767A0EE2-48E6-4F70-954B-2DE0FF8DAA72}.exe
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Linda\AppData\Local\Temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 10:08

==================== End Of Log =======

 

 

 

This is the Addition,txt log for Farbar Recovery Scan............................

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Linda at 2013-10-31 22:22:21
Running from C:\Users\Linda\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Bing Bar (x32 Version: 7.0.826.0)
BrowserSafeguard (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
ESET Online Scanner v3 (x32)
Genesys USB Mass Storage Device (x32 Version: 4.0.1.1)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
HP Officejet 4620 series Basic Device Software (Version: 26.0.784.0)
HP Officejet 4620 series Help (x32 Version: 6.0.0)
HP Officejet 4620 series Product Improvement Study (Version: 26.0.784.0)
HP Photo Creations (x32 Version: 1.0.0.9572)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Network Connections Drivers (Version: 15.4)
Intel® Processor Graphics (x32 Version: 8.15.10.2246)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Lenovo Driver and Application Installation (x32 Version: 5.10.1809)
Lenovo Dynamic Brightness System (x32 Version: 4.0.00.22080)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo Eye Distance System (x32 Version: 4.0.00.21090)
Lenovo Rescue System (Version: 3.0.1409)
Lenovo Rescue System (x32 Version: 3.0.1409)
Level Quality Watcher (x32 Version: 1.0.0.0)
Linksicle (x32 Version: 1.8.2.0)
LVT (x32 Version: 4.1.2.0919)
LXH-JME2207FN Hotkey Driver (x32 Version: 5.1.0804)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.6.1)
McAfee Online Backup (x32)
McAfee Security Scan Plus (Version: 3.8.130.8)
McAfee Total Protection (x32 Version: 12.8.856)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6230)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0159)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2380.0)
ScorpionSaver (x32 Version: 1.0.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 1.11.0305)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.12.0807)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B8EE69B-2780-4F08-853B-56262BDC8C5C} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: {2E3BB9EA-B579-456D-A98C-7FD928104098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: {6D215FAA-78E1-4648-958C-23E5FFECB24A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-10-31] ()
Task: {78097CFD-8F62-47B9-81CF-AF8A5B57A044} - System32\Tasks\{5627D2B3-0C97-4887-91F1-F600F9131BBC} => Firefox.exe
Task: {7ACE343B-8A37-4624-BA8D-CFAA22F4E46D} - System32\Tasks\{D8B88626-3FC2-413C-AE85-051A7FC3BCCC} => Firefox.exe
Task: {7BA56D6C-20E8-44C7-BFCA-32C3E292A0D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: {CB476DAF-38EC-4678-92A3-590F591A4634} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {DFB432CD-66F8-418C-B6DA-7D52F3E38F60} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-19 03:22 - 2010-11-11 21:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-19 09:21 - 2009-07-16 09:20 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
2011-05-19 09:21 - 2007-12-31 10:27 - 00007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll
2011-05-19 09:28 - 2010-09-09 11:19 - 00210432 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
2011-05-19 09:28 - 2010-09-09 11:18 - 00211456 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
2011-05-19 09:28 - 2010-09-20 10:08 - 00210432 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
2011-05-19 09:28 - 2010-09-20 18:55 - 00182272 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\DDCHelperWraper.dll
2013-09-30 23:31 - 2013-09-30 23:31 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 19:59 - 2013-10-08 19:59 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Linda\Documents\Song of the South_(360p).avi:TOC.WMV
AlternateDataStreams: C:\Users\Linda\Documents\The Legend of Sleepy Hollow (1949) - Disney Masterpieces - Full Movie_(360p).avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2013 10:03:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7808009e-78d1-478a-82a1-2d019be5177a}

Error: (10/31/2013 10:02:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 10:01:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/31/2013 10:01:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/31/2013 08:25:19 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {650ac823-e970-497f-a786-623ec2298717}

Error: (10/31/2013 08:24:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 08:23:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/31/2013 08:23:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/31/2013 08:23:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Exception code: 0xc0000005
Fault offset: 0x00002c60
Faulting process id: 0x754
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3


System errors:
=============
Error: (10/31/2013 08:23:15 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/31/2013 07:42:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/31/2013 07:30:11 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:
%%1056

Error: (10/31/2013 07:28:44 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/31/2013 07:28:38 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/31/2013 07:28:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/31/2013 07:08:53 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================
Error: (10/31/2013 10:03:03 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7808009e-78d1-478a-82a1-2d019be5177a}

Error: (10/31/2013 10:02:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 10:01:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\MFC80U.DLL

Error: (10/31/2013 10:01:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Lenovo\Boot Optimizer\MFC80U.DLL

Error: (10/31/2013 08:25:19 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {650ac823-e970-497f-a786-623ec2298717}

Error: (10/31/2013 08:24:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 08:23:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\MFC80U.DLL

Error: (10/31/2013 08:23:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Lenovo\Boot Optimizer\MFC80U.DLL

Error: (10/31/2013 08:23:14 PM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.05252e730DefaultTabSearch.exe0.0.0.05252e730c000000500002c6075401ced6b1b047397dC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exef0d0ec32-42a4-11e3-8a83-1078d2ed4b54


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 5992.43 MB
Available physical RAM: 3535.83 MB
Total Pagefile: 11983.03 MB
Available Pagefile: 9476.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1372.09 GB) (Free:1309.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: D31A27F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-725749858304) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

==================== End Of Log ==============

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

I'm just getting home from a long day of activities and getting online.  Before I get started with this step, I need to ask a question. 

 

When I download something it doesn't usually go to my desktop.  It goes to a list of downloads, and I've clicked on downloads and then right clicked on the download and dragged it onto my desktop.  I've dragged the FRST64 to my desktop.

 

When I download the fixlist.txt and drag it to my desktop, do I place it right beside the FRST64 icon.  Will it work okay that way?

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

Here is the log from FRST - fixlist.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Linda at 2013-11-01 20:54:23 Run:1
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\Linda\AppData\Local\Temp\0JN6nlHe.exe.part
C:\Users\Linda\AppData\Local\Temp\hukotlJf.exe.part
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll
C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
C:\Users\Linda\Downloads\Setup(1).exe
C:\Users\Linda\Downloads\Setup.exe
C:\Users\Linda\Downloads\youtube_downloader_hd_setup.exe
C:\Program Files (x86)\DefaultTab
C:\Users\Linda\AppData\Roaming\defaulttab
MountPoints2: {587167d3-0f55-11e2-8814-1078d2ed4b54} - F:\ToolLauncher-Bootstrap.exe
HKLM-x32\...\Run: [] - [x]
ProxyServer: http=127.0.0.1:49162;https=127.0.0.1:49162
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co...=LEND&bmod=LEND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {DB6FAE01-B9EF-4892-86B1-89BE26831E34} URL = http://search.yahoo....ch?fr=mcafee&p={SearchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Extension: ScorpionSaver - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\Extensions\ScorpionSaver@jetpack
R2 Level Quality Watcher; C:\windows\Installer\MSI3ACE.tmp [507912 2013-10-31] ()
C:\ProgramData\flashax10.exe
C:\Users\Linda\medic6.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-5.exe
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Linda\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Linda\AppData\Local\Temp\installhelper.dll
C:\Users\Linda\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\oi_{767A0EE2-48E6-4F70-954B-2DE0FF8DAA72}.exe
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Linda\AppData\Local\Temp\System.Data.SQLite.dll
Task: {2B8EE69B-2780-4F08-853B-56262BDC8C5C} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: {2E3BB9EA-B579-456D-A98C-7FD928104098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: {6D215FAA-78E1-4648-958C-23E5FFECB24A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-10-31] ()
Task: {78097CFD-8F62-47B9-81CF-AF8A5B57A044} - System32\Tasks\{5627D2B3-0C97-4887-91F1-F600F9131BBC} => Firefox.exe
Task: {7ACE343B-8A37-4624-BA8D-CFAA22F4E46D} - System32\Tasks\{D8B88626-3FC2-413C-AE85-051A7FC3BCCC} => Firefox.exe
Task: {7BA56D6C-20E8-44C7-BFCA-32C3E292A0D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Linda\Documents\Song of the South_(360p).avi:TOC.WMV
AlternateDataStreams: C:\Users\Linda\Documents\The Legend of Sleepy Hollow (1949) - Disney Masterpieces - Full Movie_(360p).avi:TOC.WMV

*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe" => File/Directory not found.
C:\Users\Linda\AppData\Local\Temp\0JN6nlHe.exe.part => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\hukotlJf.exe.part => Moved successfully.
"C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll" => File/Directory not found.
"C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe" => File/Directory not found.
"C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll" => File/Directory not found.
"C:\Users\Linda\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" => File/Directory not found.
C:\Users\Linda\Downloads\Setup(1).exe => Moved successfully.
C:\Users\Linda\Downloads\Setup.exe => Moved successfully.
C:\Users\Linda\Downloads\youtube_downloader_hd_setup.exe => Moved successfully.
"C:\Program Files (x86)\DefaultTab" => File/Directory not found.
"C:\Users\Linda\AppData\Roaming\defaulttab" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{587167d3-0f55-11e2-8814-1078d2ed4b54} => Key deleted successfully.
HKCR\CLSID\{587167d3-0f55-11e2-8814-1078d2ed4b54} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB6FAE01-B9EF-4892-86B1-89BE26831E34} => Key deleted successfully.
HKCR\CLSID\{DB6FAE01-B9EF-4892-86B1-89BE26831E34} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\gopher => Key deleted successfully.
HKCR\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\oxji2wdd.default-1353194462899\Extensions\ScorpionSaver@jetpack => Moved successfully.
Level Quality Watcher => Service deleted successfully.
C:\ProgramData\flashax10.exe => Moved successfully.
C:\Users\Linda\medic6.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-1.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-2.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-3.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-4.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe-5.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\oi_{767A0EE2-48E6-4F70-954B-2DE0FF8DAA72}.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B8EE69B-2780-4F08-853B-56262BDC8C5C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8EE69B-2780-4F08-853B-56262BDC8C5C} => Key deleted successfully.
C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 4620 series => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet 4620 series => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E3BB9EA-B579-456D-A98C-7FD928104098} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E3BB9EA-B579-456D-A98C-7FD928104098} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D215FAA-78E1-4648-958C-23E5FFECB24A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D215FAA-78E1-4648-958C-23E5FFECB24A} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78097CFD-8F62-47B9-81CF-AF8A5B57A044} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78097CFD-8F62-47B9-81CF-AF8A5B57A044} => Key deleted successfully.
C:\Windows\System32\Tasks\{5627D2B3-0C97-4887-91F1-F600F9131BBC} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5627D2B3-0C97-4887-91F1-F600F9131BBC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ACE343B-8A37-4624-BA8D-CFAA22F4E46D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ACE343B-8A37-4624-BA8D-CFAA22F4E46D} => Key deleted successfully.
C:\Windows\System32\Tasks\{D8B88626-3FC2-413C-AE85-051A7FC3BCCC} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D8B88626-3FC2-413C-AE85-051A7FC3BCCC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA56D6C-20E8-44C7-BFCA-32C3E292A0D8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA56D6C-20E8-44C7-BFCA-32C3E292A0D8} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Users\Linda\Documents\Song of the South_(360p).avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Linda\Documents\The Legend of Sleepy Hollow (1949) - Disney Masterpieces - Full Movie_(360p).avi => ":TOC.WMV" ADS removed successfully.


The system needs a manual reboot.

==== End of Fixlog ====

Link to post
Share on other sites
Leila

Leila

Posted
  • Author
Posted

I did the reboot after running the Fixlist.txt, and turned my antivirus back on.  I can now post a reply to my forum, but the computer is turning some of the words in my replies into blue, underlined links.  If I mention Sears in my reply, when it's posted the word Sears will be in blue and underlined as a click able link.

 

I'm getting a lot of redirects.  As an example, if I click on Fox News my computer goes to an advertisement for insurance, and if I eliminate that insurance page it's then at the Fox News site.

 

If I try to use the Google search engine, the computer puts up a warning that Google is an untrustworthy site.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.