Jump to content

I have a redirect virus, please help!


Recommended Posts

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ok, here is what I got. I don't have an attachment button, so here it is.

 

ComboFix 13-11-12.01 - Betty Lewis 11/13/2013  17:29:48.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3892.2256 [GMT -9:00]
Running from: c:\users\Betty Lewis\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2013-11-14 02:34 . 2013-11-14 02:34    --------    d-----w-    c:\users\SYSTEM\AppData\Local\temp
2013-11-14 02:34 . 2013-11-14 02:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\Malwarebytes
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-14 01:12 . 2013-04-04 23:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-13 03:44 . 2013-11-13 03:44    --------    d-----w-    c:\program files\Paint.Net Bulk Image Processor v1.0
2013-11-11 21:35 . 2013-11-11 21:35    --------    d-----w-    c:\program files (x86)\ScorpionSaver
2013-11-09 04:14 . 2013-11-09 18:56    --------    d-----w-    c:\program files\Recuva
2013-11-09 04:02 . 2013-11-12 04:42    --------    d-----w-    c:\users\Betty Lewis\AppData\Local\WordExtra
2013-11-09 04:02 . 2013-11-10 21:46    --------    d-----w-    c:\program files (x86)\Level Quality Watcher
2013-11-09 04:02 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Optimizer Pro
2013-11-09 04:02 . 2013-11-09 04:02    --------    d-----w-    c:\users\Betty Lewis\AppData\Local\Programs
2013-11-09 04:01 . 2013-11-10 21:46    --------    d-----w-    c:\programdata\TubeDimmer
2013-11-09 04:00 . 2013-11-09 04:00    --------    d-----w-    c:\program files (x86)\sp
2013-11-07 19:27 . 2013-11-07 19:27    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\0D0S1L2Z1P1B
2013-11-07 19:26 . 2013-11-14 01:44    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\DigitalSite
2013-11-04 19:21 . 2013-11-04 19:21    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\Template
2013-10-26 23:55 . 2013-10-26 23:55    --------    d-----w-    c:\users\Betty Lewis\Tracing
2013-10-26 23:52 . 2013-10-26 23:52    --------    d-----w-    c:\windows\en
2013-10-26 23:47 . 2013-02-06 06:06    57840    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2013-10-26 23:47 . 2013-10-26 23:47    --------    d-----w-    c:\program files\Windows Live
2013-10-26 23:47 . 2013-10-26 23:51    --------    d-----w-    c:\program files (x86)\Windows Live
2013-10-26 23:46 . 2010-06-02 12:55    77656    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2013-10-26 23:46 . 2010-06-02 12:55    74072    ----a-w-    c:\windows\SysWow64\XAPOFX1_5.dll
2013-10-26 23:46 . 2010-06-02 12:55    527192    ----a-w-    c:\windows\SysWow64\XAudio2_7.dll
2013-10-26 23:46 . 2010-06-02 12:55    518488    ----a-w-    c:\windows\system32\XAudio2_7.dll
2013-10-26 23:46 . 2010-05-26 19:41    276832    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    2526056    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    248672    ----a-w-    c:\windows\SysWow64\d3dx11_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    2106216    ----a-w-    c:\windows\SysWow64\D3DCompiler_43.dll
2013-10-26 23:45 . 2013-10-26 23:45    --------    d-----w-    c:\program files (x86)\Microsoft SkyDrive
2013-10-26 23:45 . 2013-10-26 23:45    --------    d-----r-    c:\users\Betty Lewis\SkyDrive
2013-10-26 23:45 . 2013-10-26 23:44    5659096    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5a84d2101ced2a509\skydrivesetup.exe
2013-10-26 23:44 . 2013-10-26 23:44    --------    d-----w-    c:\programdata\Microsoft SkyDrive
2013-10-26 23:44 . 2013-10-26 23:44    94040    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\DSETUP.dll
2013-10-26 23:44 . 2013-10-26 23:44    525656    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\DXSETUP.exe
2013-10-26 23:44 . 2013-10-26 23:44    1691480    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\dsetup32.dll
2013-10-26 23:44 . 2013-10-26 23:44    89944    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\DSETUP.dll
2013-10-26 23:44 . 2013-10-26 23:44    537432    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\DXSETUP.exe
2013-10-26 23:44 . 2013-10-26 23:44    1801048    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\dsetup32.dll
2013-10-26 23:43 . 2013-10-26 23:43    89944    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\DSETUP.dll
2013-10-26 23:43 . 2013-10-26 23:43    537432    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\DXSETUP.exe
2013-10-26 23:43 . 2013-10-26 23:43    1801048    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\dsetup32.dll
2013-10-24 19:15 . 2013-11-09 21:27    --------    d-----w-    c:\program files (x86)\iTunes
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\program files\iPod
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\program files\iTunes
2013-10-22 22:50 . 2007-06-06 18:38    149504    ------w-    c:\program files (x86)\xerox\Support Centre\supportuninstall.exe
2013-10-19 21:27 . 2013-10-19 21:27    --------    d-----w-    c:\programdata\Lexmark 5600-6600 Series
2013-10-16 02:51 . 2013-10-16 02:51    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 21:38 . 2013-07-07 19:33    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-10-26 23:47 . 2012-07-17 22:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-24 20:12 . 2011-07-12 23:51    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-10-09 11:04 . 2010-09-18 17:40    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 00:14 . 2011-07-18 01:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-06 15:13 . 2013-10-06 15:13    47496    ----a-w-    c:\windows\system32\sbbd.exe
2013-10-06 15:13 . 2013-10-06 15:13    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-10-03 19:15 . 2013-10-03 19:15    388096    ----a-r-    c:\users\Betty Lewis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-22 23:28 . 2013-10-09 11:16    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 11:16    2876928    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 11:16    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 11:16    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 11:16    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 11:16    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 11:16    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 11:16    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 11:16    19252224    ----a-w-    c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 11:16    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 11:16    3959296    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 11:16    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 11:16    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 11:16    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 11:16    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 11:16    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 11:16    2647552    ----a-w-    c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 11:16    15404544    ----a-w-    c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 11:16    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 11:16    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 11:16    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 11:16    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 10:47    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 10:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 10:47    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 10:47    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-09-05 05:32 . 2013-10-04 12:29    9694160    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E943A46-8DC3-4EB8-ADD3-2A7B3626336F}\mpengine.dll
2013-09-04 12:12 . 2013-10-09 10:46    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 10:46    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 10:46    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 10:46    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 10:46    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 10:46    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 10:46    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 10:47    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 10:47    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 10:47    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 10:47    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 10:47    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 10:47    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 10:47    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 10:47    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 10:47    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 10:47    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 10:47    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 10:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 10:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 10:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 10:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 10:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 10:47    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 10:46    461312    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2013-10-07 21:14    82944    ----a-w-    c:\program files (x86)\ScorpionSaver\IECore.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-12 21:38    3353624    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-08-09 91536]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll" [2013-11-12 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2013-03-05 1866544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-11-12 2420248]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"Search Protection"="c:\programdata\Search Protection\SearchProtection.exe" [2013-06-13 943016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDg4NzQxNTY0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNy1TUDErMS1TVVArNC1GTDEwKzEtVFVHKzMtU1AxUzIrMS1ERFQrMA∏=90&ver=10.0.1382" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drives\sydexfdd.sys;c:\windows\SYSNATIVE\drives\sydexfdd.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys [x]
R3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys [x]
S3 dlcdcncm6_x64;dlcdcncm6_x64;c:\windows\system32\DRIVERS\dlcdcncm6_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcncm6_x64.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\DRIVERS\Rockey4USB.sys;c:\windows\SYSNATIVE\DRIVERS\Rockey4USB.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 00:14]
.
2013-11-13 c:\windows\Tasks\Geek Tech Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-11-11 c:\windows\Tasks\Geek Tech Tool Box.job
- c:\program files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe [2013-07-02 17:55]
.
2013-11-12 c:\windows\Tasks\Geek Tech Update3.job
- c:\program files (x86)\Common Files\Geek Tech\UUS3\Update3.exe [2013-07-02 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-05-21 23:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-05-21 23:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
.
------- Supplementary Scan -------
.

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.152.176.1 216.152.176.2
TCP: Interfaces\{03F6575A-9A17-480D-877F-BB02FB735D8F}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5B18462A-E31C-49EA-AEBA-8F1996722E0F}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{68E0354F-13FA-444E-A733-F9D93FAA77D8}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8578EE18-9BB3-483A-9488-3CB614A05F4D}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{AAFBB60B-EE4F-406A-A216-0C74AEC4EFB3}: NameServer = 75.126.206.18,184.173.169.186
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
FF - ProfilePath - c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\



FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-10-15 11:45; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1
FF - ExtSQL: 2013-10-29 05:57; firebug@software.joehewitt.com; c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-11-11 11:38; adblockpopups@jessehakanen.net; c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\extensions\adblockpopups@jessehakanen.net.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13  17:37:31
ComboFix-quarantined-files.txt  2013-11-14 02:37
ComboFix2.txt  2013-11-12 04:45
.
Pre-Run: 416,540,209,152 bytes free
Post-Run: 416,246,751,232 bytes free
.
- - End Of File - - FADF2F3192947454FFAE26DCC25EBA3B
 

Link to post
Share on other sites

Ok, this is what I have now.

ComboFix 13-11-12.01 - Betty Lewis 11/13/2013  17:50:13.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3892.2005 [GMT -9:00]
Running from: c:\users\Betty Lewis\Desktop\ComboFix.exe
Command switches used :: c:\users\Betty Lewis\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\temp\ScorpionSaver.msi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\IECore.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2013-11-14 02:55 . 2013-11-14 02:55    --------    d-----w-    c:\users\SYSTEM\AppData\Local\temp
2013-11-14 02:55 . 2013-11-14 02:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\Malwarebytes
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-14 01:12 . 2013-11-14 01:12    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-14 01:12 . 2013-04-04 23:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-13 03:44 . 2013-11-13 03:44    --------    d-----w-    c:\program files\Paint.Net Bulk Image Processor v1.0
2013-11-09 04:14 . 2013-11-09 18:56    --------    d-----w-    c:\program files\Recuva
2013-11-09 04:02 . 2013-11-12 04:42    --------    d-----w-    c:\users\Betty Lewis\AppData\Local\WordExtra
2013-11-09 04:02 . 2013-11-10 21:46    --------    d-----w-    c:\program files (x86)\Level Quality Watcher
2013-11-09 04:02 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Optimizer Pro
2013-11-09 04:02 . 2013-11-09 04:02    --------    d-----w-    c:\users\Betty Lewis\AppData\Local\Programs
2013-11-09 04:01 . 2013-11-10 21:46    --------    d-----w-    c:\programdata\TubeDimmer
2013-11-09 04:00 . 2013-11-09 04:00    --------    d-----w-    c:\program files (x86)\sp
2013-11-07 19:27 . 2013-11-07 19:27    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\0D0S1L2Z1P1B
2013-11-07 19:26 . 2013-11-14 01:44    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\DigitalSite
2013-11-04 19:21 . 2013-11-04 19:21    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\Template
2013-10-26 23:55 . 2013-10-26 23:55    --------    d-----w-    c:\users\Betty Lewis\Tracing
2013-10-26 23:52 . 2013-10-26 23:52    --------    d-----w-    c:\windows\en
2013-10-26 23:47 . 2013-02-06 06:06    57840    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2013-10-26 23:47 . 2013-10-26 23:47    --------    d-----w-    c:\program files\Windows Live
2013-10-26 23:47 . 2013-10-26 23:51    --------    d-----w-    c:\program files (x86)\Windows Live
2013-10-26 23:46 . 2010-06-02 12:55    77656    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2013-10-26 23:46 . 2010-06-02 12:55    74072    ----a-w-    c:\windows\SysWow64\XAPOFX1_5.dll
2013-10-26 23:46 . 2010-06-02 12:55    527192    ----a-w-    c:\windows\SysWow64\XAudio2_7.dll
2013-10-26 23:46 . 2010-06-02 12:55    518488    ----a-w-    c:\windows\system32\XAudio2_7.dll
2013-10-26 23:46 . 2010-05-26 19:41    276832    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    2526056    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    248672    ----a-w-    c:\windows\SysWow64\d3dx11_43.dll
2013-10-26 23:46 . 2010-05-26 19:41    2106216    ----a-w-    c:\windows\SysWow64\D3DCompiler_43.dll
2013-10-26 23:45 . 2013-10-26 23:45    --------    d-----w-    c:\program files (x86)\Microsoft SkyDrive
2013-10-26 23:45 . 2013-10-26 23:45    --------    d-----r-    c:\users\Betty Lewis\SkyDrive
2013-10-26 23:45 . 2013-10-26 23:44    5659096    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5a84d2101ced2a509\skydrivesetup.exe
2013-10-26 23:44 . 2013-10-26 23:44    --------    d-----w-    c:\programdata\Microsoft SkyDrive
2013-10-26 23:44 . 2013-10-26 23:44    94040    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\DSETUP.dll
2013-10-26 23:44 . 2013-10-26 23:44    525656    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\DXSETUP.exe
2013-10-26 23:44 . 2013-10-26 23:44    1691480    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\5077a2881ced2a507\dsetup32.dll
2013-10-26 23:44 . 2013-10-26 23:44    89944    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\DSETUP.dll
2013-10-26 23:44 . 2013-10-26 23:44    537432    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\DXSETUP.exe
2013-10-26 23:44 . 2013-10-26 23:44    1801048    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\46a132a61ced2a506\dsetup32.dll
2013-10-26 23:43 . 2013-10-26 23:43    89944    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\DSETUP.dll
2013-10-26 23:43 . 2013-10-26 23:43    537432    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\DXSETUP.exe
2013-10-26 23:43 . 2013-10-26 23:43    1801048    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\2e65f09c1ced2a501\dsetup32.dll
2013-10-24 19:15 . 2013-11-09 21:27    --------    d-----w-    c:\program files (x86)\iTunes
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\program files\iPod
2013-10-24 19:15 . 2013-10-24 19:15    --------    d-----w-    c:\program files\iTunes
2013-10-22 22:50 . 2007-06-06 18:38    149504    ------w-    c:\program files (x86)\xerox\Support Centre\supportuninstall.exe
2013-10-19 21:27 . 2013-10-19 21:27    --------    d-----w-    c:\programdata\Lexmark 5600-6600 Series
2013-10-16 02:51 . 2013-10-16 02:51    --------    d-----w-    c:\users\Betty Lewis\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 21:38 . 2013-07-07 19:33    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-10-26 23:47 . 2012-07-17 22:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-24 20:12 . 2011-07-12 23:51    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-10-09 11:04 . 2010-09-18 17:40    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 00:14 . 2011-07-18 01:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-06 15:13 . 2013-10-06 15:13    47496    ----a-w-    c:\windows\system32\sbbd.exe
2013-10-06 15:13 . 2013-10-06 15:13    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-10-03 19:15 . 2013-10-03 19:15    388096    ----a-r-    c:\users\Betty Lewis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-22 23:28 . 2013-10-09 11:16    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 11:16    2876928    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 11:16    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 11:16    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 11:16    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 11:16    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 11:16    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 11:16    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 11:16    19252224    ----a-w-    c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 11:16    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 11:16    3959296    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 11:16    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 11:16    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 11:16    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 11:16    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 11:16    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 11:16    2647552    ----a-w-    c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 11:16    15404544    ----a-w-    c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 11:16    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 11:16    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 11:16    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 11:16    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 10:47    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 10:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 10:47    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 10:47    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-09-05 05:32 . 2013-10-04 12:29    9694160    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E943A46-8DC3-4EB8-ADD3-2A7B3626336F}\mpengine.dll
2013-09-04 12:12 . 2013-10-09 10:46    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 10:46    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 10:46    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 10:46    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 10:46    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 10:46    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 10:46    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 10:47    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 10:47    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 10:47    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 10:47    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 10:47    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 10:47    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 10:47    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 10:47    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 10:47    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 10:47    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 10:47    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 10:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 10:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 10:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 10:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 10:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 10:47    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 10:46    461312    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-12 21:38    3353624    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-08-09 91536]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll" [2013-11-12 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-26 23:44    220632    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2013-03-05 1866544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-11-12 2420248]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"Search Protection"="c:\programdata\Search Protection\SearchProtection.exe" [2013-06-13 943016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDg4NzQxNTY0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNy1TUDErMS1TVVArNC1GTDEwKzEtVFVHKzMtU1AxUzIrMS1ERFQrMA∏=90&ver=10.0.1382" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drives\sydexfdd.sys;c:\windows\SYSNATIVE\drives\sydexfdd.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys [x]
R3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys [x]
S3 dlcdcncm6_x64;dlcdcncm6_x64;c:\windows\system32\DRIVERS\dlcdcncm6_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcncm6_x64.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\DRIVERS\Rockey4USB.sys;c:\windows\SYSNATIVE\DRIVERS\Rockey4USB.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 00:14]
.
2013-11-13 c:\windows\Tasks\Geek Tech Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-11-11 c:\windows\Tasks\Geek Tech Tool Box.job
- c:\program files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe [2013-07-02 17:55]
.
2013-11-12 c:\windows\Tasks\Geek Tech Update3.job
- c:\program files (x86)\Common Files\Geek Tech\UUS3\Update3.exe [2013-07-02 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-26 23:44    244696    ----a-w-    c:\users\Betty Lewis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-05-21 23:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-05-21 23:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
.
------- Supplementary Scan -------
.

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.152.176.1 216.152.176.2
TCP: Interfaces\{03F6575A-9A17-480D-877F-BB02FB735D8F}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5B18462A-E31C-49EA-AEBA-8F1996722E0F}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{68E0354F-13FA-444E-A733-F9D93FAA77D8}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8578EE18-9BB3-483A-9488-3CB614A05F4D}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{AAFBB60B-EE4F-406A-A216-0C74AEC4EFB3}: NameServer = 75.126.206.18,184.173.169.186
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
FF - ProfilePath - c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\



FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-10-15 11:45; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1
FF - ExtSQL: 2013-10-29 05:57; firebug@software.joehewitt.com; c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-11-11 11:38; adblockpopups@jessehakanen.net; c:\users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\extensions\adblockpopups@jessehakanen.net.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files (x86)\ScorpionSaver\IECore.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13  17:58:02
ComboFix-quarantined-files.txt  2013-11-14 02:58
ComboFix2.txt  2013-11-14 02:37
ComboFix3.txt  2013-11-12 04:45
.
Pre-Run: 416,361,754,624 bytes free
Post-Run: 416,042,639,360 bytes free
.
- - End Of File - - C80560F8949C718E85FC1CE1E83274CE
 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Step 3 done, here are the reports.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Betty Lewis :: LAPTOP [administrator]

11/13/2013 6:07:57 PM
mbar-log-2013-11-13 (18-07-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 264719
Time elapsed: 43 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SOFTWARE\CLASSES\INTERFACE\{E79B1445-DFEA-4BEF-A786-E0C0F33C863B} (Adware.SmartShopper) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{305C6CB1-9D31-4489-881D-5A8E2DC3FE14} (Adware.SmartShopper) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B} (Adware.SmartShopper) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E} (Adware.SmartShopper) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808} (Adware.SmartShopper) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Betty Lewis :: LAPTOP [administrator]

11/13/2013 6:59:22 PM
mbar-log-2013-11-13 (18-59-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 264902
Time elapsed: 44 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081553408, free: 1965072384

Initializing...
======================
------------ Kernel report ------------
     11/13/2013 18:07:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\o2mdgx64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\mozy.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdgx64.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\Rockey4.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\aksusb.sys
\SystemRoot\system32\DRIVERS\AKSCLASS.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\akshasp.sys
\SystemRoot\system32\DRIVERS\akshhl.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\Rockey4USB.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys
\SystemRoot\system32\DRIVERS\dlusbaudio_x64.sys
\SystemRoot\system32\DRIVERS\dlcdcncm6_x64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\aksfridge.sys
\??\C:\windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\windows\system32\Drivers\PROCEXP113.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a2a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049dd050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a2a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a2ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a2a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a29060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa80049dd050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BEFB4D1C

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 952031232

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955105280  Numsec = 21667840
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E79B1445-DFEA-4BEF-A786-E0C0F33C863B} --> [Adware.SmartShopper]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{305C6CB1-9D31-4489-881D-5A8E2DC3FE14} --> [Adware.SmartShopper]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B} --> [Adware.SmartShopper]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{8AD815FC-607B-419F-8B70-D345A507A54E} --> [Adware.SmartShopper]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B2B92BC9-E149-4EE8-A93E-0B8CFB329808} --> [Adware.SmartShopper]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081553408, free: 2480173056

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4081553408, free: 2271981568

Downloaded database version: v2013.11.13.13
Cancelled update
Initializing...
======================
------------ Kernel report ------------
     11/13/2013 18:59:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\o2mdgx64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\mozy.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdgx64.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\Rockey4.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\aksusb.sys
\SystemRoot\system32\DRIVERS\AKSCLASS.SYS
\SystemRoot\system32\DRIVERS\akshasp.sys
\SystemRoot\system32\DRIVERS\akshhl.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Rockey4USB.sys
\SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys
\SystemRoot\system32\DRIVERS\dlusbaudio_x64.sys
\SystemRoot\system32\DRIVERS\dlcdcncm6_x64.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\aksfridge.sys
\??\C:\windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a0c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800499a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a0cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a0b060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa800499a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BEFB4D1C

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 952031232

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955105280  Numsec = 21667840
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_955105280_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

Link to post
Share on other sites

Step 4 completed and here is the report.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Betty Lewis on Wed 11/13/2013 at 19:55:16.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02AFA7D3-F525-2BAC-803D-67F63FA893DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files

Successfully deleted: [File] "C:\Users\Betty Lewis\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\search protection"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\AppData\Roaming\digitalsite"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Betty Lewis\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{12C90396-45D0-4C26-9247-7C6108A41721}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{19246B8C-98CE-40F4-81FF-DA75D87B50AF}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{1E756A36-A8DA-4A52-BC45-1551A6B964C8}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{2B69BCAB-22E2-4ABC-B7F8-C5DB6110F2FB}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{5720B741-BE87-401D-BE3F-6ACE38B2B6E3}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{5B59211C-4267-4381-896A-A86A8ADD0761}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{83135F94-1FD7-487A-A009-79636FBADE2A}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{8D636CE1-F9C8-442A-B64D-C5E0459FC6AA}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{A0C9BEE3-6B63-4F63-AE89-3C8BC3AC7A5C}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{B1AEB142-E8A6-4054-A994-C8406984BA99}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{D8005E41-37F3-4EB5-8187-ED5FAA827FA9}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{E5B22D91-3111-4892-974E-219FDCA0F019}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{ED68300A-3B26-4D10-BA91-2E7509AF6B2B}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{F0199300-1939-450D-8709-79475A0A393E}
Successfully deleted: [Empty Folder] C:\Users\Betty Lewis\appdata\local\{FABB8461-EA41-4CFB-BDCF-48596F50982D}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] C:\Users\Betty Lewis\AppData\Roaming\mozilla\firefox\profiles\c4b7f3rp.default-1356576600586\user.js
Successfully deleted: [Folder] C:\Users\Betty Lewis\AppData\Roaming\mozilla\firefox\profiles\c4b7f3rp.default-1356576600586\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Betty Lewis\AppData\Roaming\mozilla\firefox\profiles\c4b7f3rp.default-1356576600586\prefs.js


user_pref("CT3310511.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.order.1", "Mysearchdial");
user_pref("extensions.mysearchdial.aflt", "irmsd103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyB0AzytDtCyBzytDtAyDtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
user_pref("extensions.mysearchdial.cntry", "US");
user_pref("extensions.mysearchdial.cr", "549341908");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "0079A8F9C507AC6EDF130DAE0FAB220B");
user_pref("extensions.mysearchdial.hmpg", true);

user_pref("extensions.mysearchdial.id", "701A047A90179035");
user_pref("extensions.mysearchdial.instlDay", "16016");
user_pref("extensions.mysearchdial.instlRef", "");

user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.010:26:59");

user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");

user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:26:59");
user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
user_pref("smartbar.homePageOwnerCTID", "CT3310511");
user_pref("smartbar.machineId", "UAF5+8KZR8U9ULHX79V9LYMXJZWMZR45EK8NMH+7SGKSRGSRSZDJH2MUTERJSKLPREKBTRKXG0FXG9T98ZBESW");
Emptied folder: C:\Users\Betty Lewis\AppData\Roaming\mozilla\firefox\profiles\c4b7f3rp.default-1356576600586\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at 20:02:16.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Step 5 finished and here is this report.

 

# AdwCleaner v3.012 - Report created 13/11/2013 at 20:20:01
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Betty Lewis - LAPTOP
# Running from : C:\Users\Betty Lewis\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\adawaretb
Folder Deleted : C:\Users\Betty Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\Users\Betty Lewis\AppData\Local\mysearchdial-speeddial.crx

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v5.0.1 (en-US)

[ File : C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\prefs.js ]

Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN35426139822258029");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN35426139822258029.IN.20130929132608");
Line Deleted : user_pref("CT3310511.installDate", "29/09/2013 13:26:14");
Line Deleted : user_pref("CT3310511.installSessionId", "{FE7F5F54-DF32-45DA-8BB7-0E585535B231}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "AVG Secure Search");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

-\\ Google Chrome v

[ File : C:\Users\Betty Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

*************************

AdwCleaner[R0].txt - [5316 octets] - [13/11/2013 20:11:05]
AdwCleaner[s0].txt - [5277 octets] - [13/11/2013 20:20:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5337 octets] ##########
 

Link to post
Share on other sites

Step 6 and here are the results.

 

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareSafeBrowsing.exe    multiple threats
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll    a variant of Win32/Toolbar.Visicom.B application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll    a variant of Win32/Toolbar.Visicom.A application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe    a variant of Win32/Toolbar.Visicom.C application
C:\Users\Betty Lewis\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe    Win32/InstallCore.AZ application
C:\Users\Betty Lewis\Documents\lighthouse-field-10\lighthouse-field-10\functions.php    PHP/Obfuscated.F application
C:\Users\Betty Lewis\Downloads\OffercastInstaller_AVR_U-0482-01-Blank-0000-00-en_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Betty Lewis\Downloads\Downloads\lighthouse-field-10.zip    PHP/Kryptik.AB trojan
C:\Users\Betty Lewis\Downloads\Downloads\ufm-327.zip    PHP/Obfuscated.F application
C:\Users\Betty Lewis\Downloads\Downloads\ufm-327\ufm\createToken.js.php    PHP/Obfuscated.F application
C:\Users\Betty Lewis\Downloads\Downloads\ufm-327\ufm\mailit.php    PHP/Obfuscated.F application
 

Link to post
Share on other sites

Step 7

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Betty Lewis (administrator) on LAPTOP on 13-11-2013 23:49:54
Running from C:\Users\Betty Lewis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Two Pilots) C:\windows\VPDAgent_x64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(SafeNet Inc.) C:\windows\system32\hasplms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDg4NzQxNTY0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNy1TUDErMS1TVVArNC1GTDEwKzEtVFVHKzMtU1AxUzIrMS1ERFQrMA"&"prod=90"&"ver=10.0.1382 [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [DymoQuickPrint] - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-04] (Sanford, L.P.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {5031F87C-F8C3-42F8-A525-64F5613D53D2} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {20E27590-331D-5105-86BC-00E51A165541} URL =
SearchScopes: HKLM-x32 - {78B6A26F-A475-4C4A-B552-543C0C8F72B2 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyB0AzytDtCyBzytDtAyDtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=549341908&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5031F87C-F8C3-42F8-A525-64F5613D53D2} URL =
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.152.176.1 216.152.176.2
Tcpip\..\Interfaces\{03F6575A-9A17-480D-877F-BB02FB735D8F}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{5B18462A-E31C-49EA-AEBA-8F1996722E0F}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{68E0354F-13FA-444E-A733-F9D93FAA77D8}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{8578EE18-9BB3-483A-9488-3CB614A05F4D}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{AAFBB60B-EE4F-406A-A216-0C74AEC4EFB3}: [NameServer]75.126.206.18,184.173.169.186

FireFox:
========
FF ProfilePath: C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586
FF NewTab: https://www.google.com/
FF DefaultSearchEngine: https://www.google.com/
FF SelectedSearchEngine: https://www.google.com/
FF Homepage: https://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: ScorpionSaver - C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\Extensions\ScorpionSaver@jetpack
FF Extension: adblockpopups - C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: firebug - C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\Extensions\firebug@software.joehewitt.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\

Chrome:
=======
CHR Extension: (Docs) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Social Privacy) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0
CHR Extension: (Google Search) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Scorpion Saver) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: (Gmail) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 Agent; C:\windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-08] (DisplayLink Corp.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-04] (Sanford, L.P.)
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2013-05-21] (Mozy, Inc.)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [x]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-03-15] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-11-12] (AVG Technologies)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys [44944 2013-05-13] ()
R3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [60304 2013-05-08] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [200592 2013-05-08] (DisplayLink Corp.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-06] (GFI Software)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [25600 2007-03-30] (Feitian Technologies Co., Ltd.)
R3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [16384 2007-03-30] (Feitian Technologies Co., Ltd.)
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS [504880 2009-08-29] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS [32304 2009-08-29] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys [x]
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS [x]
S1 SydexFDD; system32\drives\sydexfdd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-13 23:49 - 2013-11-13 23:50 - 00016630 _____ C:\Users\Betty Lewis\Desktop\FRST.txt
2013-11-13 23:49 - 2013-11-13 23:49 - 01957794 _____ (Farbar) C:\Users\Betty Lewis\Desktop\FRST64.exe
2013-11-13 23:49 - 2013-11-13 23:49 - 00000000 ____D C:\FRST
2013-11-13 23:45 - 2013-11-13 23:45 - 00001201 _____ C:\Users\Betty Lewis\Desktop\eset threats.txt
2013-11-13 20:37 - 2013-11-13 20:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-13 20:33 - 2013-11-13 20:33 - 02347384 _____ (ESET) C:\Users\Betty Lewis\Downloads\esetsmartinstaller_enu.exe
2013-11-13 20:22 - 2013-11-13 20:22 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\adawarebp
2013-11-13 20:11 - 2013-11-13 20:20 - 00000000 ____D C:\AdwCleaner
2013-11-13 20:10 - 2013-11-13 20:10 - 01085542 _____ C:\Users\Betty Lewis\Desktop\AdwCleaner.exe
2013-11-13 20:07 - 2013-11-13 20:07 - 00014899 _____ C:\Users\Betty Lewis\Desktop\JRT report.txt
2013-11-13 20:02 - 2013-11-13 20:02 - 00014899 _____ C:\Users\Betty Lewis\Desktop\JRT.txt
2013-11-13 19:55 - 2013-11-13 19:55 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:48 - 2013-11-13 19:48 - 01034531 _____ (Thisisu) C:\Users\Betty Lewis\Desktop\JRT.exe
2013-11-13 18:07 - 2013-11-13 19:44 - 00000000 ____D C:\Users\Betty Lewis\Desktop\mbar
2013-11-13 18:07 - 2013-11-13 18:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-13 18:05 - 2013-11-13 18:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Betty Lewis\Downloads\mbar-1.07.0.1007.exe
2013-11-13 17:58 - 2013-11-13 17:58 - 00036411 _____ C:\ComboFix.txt
2013-11-13 17:49 - 2013-11-13 17:58 - 00000000 ____D C:\ComboFix
2013-11-13 17:38 - 2013-11-13 17:38 - 00036052 _____ C:\Users\Betty Lewis\Desktop\combofix report.txt
2013-11-13 17:24 - 2013-11-13 17:24 - 05147957 ____R (Swearware) C:\Users\Betty Lewis\Desktop\ComboFix.exe
2013-11-13 16:56 - 2013-11-13 16:56 - 00027707 _____ C:\Users\Betty Lewis\Desktop\dds.txt
2013-11-13 16:56 - 2013-11-13 16:56 - 00021582 _____ C:\Users\Betty Lewis\Desktop\attach.txt
2013-11-13 16:55 - 2013-11-13 16:55 - 00688992 ____R (Swearware) C:\Users\Betty Lewis\Downloads\dds.scr
2013-11-13 16:55 - 2013-11-13 16:55 - 00001832 _____ C:\sc-cleaner.txt
2013-11-13 16:54 - 2013-11-13 16:54 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Betty Lewis\Downloads\sc-cleaner.exe
2013-11-13 16:24 - 2013-11-13 20:21 - 00000448 _____ C:\windows\setupact.log
2013-11-13 16:24 - 2013-11-13 16:24 - 00000000 _____ C:\windows\setuperr.log
2013-11-13 16:23 - 2013-11-13 18:55 - 00020110 _____ C:\windows\PFRO.log
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Malwarebytes
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 16:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-13 16:10 - 2013-11-13 16:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Betty Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 18:44 - 2013-11-12 18:44 - 00000000 ____D C:\Program Files\Paint.Net Bulk Image Processor v1.0
2013-11-12 18:39 - 2013-11-12 18:39 - 00036331 _____ C:\Users\Betty Lewis\Downloads\Paint.Net Bulk Image Processor v1.0.zip
2013-11-12 08:29 - 2013-11-12 08:29 - 00744030 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-11 19:36 - 2013-11-13 17:58 - 00000000 ____D C:\Qoobox
2013-11-11 19:36 - 2013-11-11 19:43 - 00000000 ____D C:\windows\erdnt
2013-11-11 19:36 - 2011-06-25 21:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-11 19:36 - 2010-11-07 08:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-11 19:36 - 2009-04-19 19:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-11 19:36 - 2000-08-30 15:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-11 19:36 - 2000-08-30 15:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-11 19:36 - 2000-08-30 15:00 - 00098816 _____ C:\windows\sed.exe
2013-11-11 19:36 - 2000-08-30 15:00 - 00080412 _____ C:\windows\grep.exe
2013-11-11 19:36 - 2000-08-30 15:00 - 00068096 _____ C:\windows\zip.exe
2013-11-11 19:35 - 2013-11-11 19:35 - 05145576 ____R (Swearware) C:\Users\Betty Lewis\Downloads\ComboFix.exe
2013-11-11 10:33 - 2013-11-11 10:33 - 00000418 _____ C:\Users\Betty Lewis\Downloads\variations_sample.csv
2013-11-11 10:30 - 2013-11-11 10:30 - 00001129 _____ C:\Users\Betty Lewis\Downloads\sample.csv
2013-11-11 09:55 - 2013-11-11 09:55 - 01609698 _____ C:\Users\Betty Lewis\Desktop\Invitation-RDB.tif
2013-11-10 07:22 - 2013-11-10 07:22 - 02554204 _____ C:\Users\Betty Lewis\Downloads\postcard-4inx6in-h-front.jpg.zip
2013-11-09 17:16 - 2013-11-09 17:16 - 00651776 _____ C:\Users\Betty Lewis\Desktop\Final Business Card RDB - cmyk.pub
2013-11-09 17:07 - 2013-11-13 11:44 - 00003956 _____ C:\0
2013-11-09 12:14 - 2013-11-13 14:04 - 119590912 _____ C:\Users\Betty Lewis\Desktop\RDB Item Numbers.accdb
2013-11-09 11:32 - 2013-11-09 11:32 - 00003110 _____ C:\windows\System32\Tasks\{C901657F-4BB2-44BB-8129-F65835717029}
2013-11-09 11:29 - 2013-11-13 23:44 - 00715077 _____ C:\windows\WindowsUpdate.log
2013-11-09 11:29 - 2013-11-09 11:29 - 00003110 _____ C:\windows\System32\Tasks\{19597960-E3CF-4808-B098-F1D177F187ED}
2013-11-08 19:14 - 2013-11-09 09:56 - 00000000 ____D C:\Program Files\Recuva
2013-11-08 19:03 - 2013-11-09 09:56 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordExtra
2013-11-08 19:03 - 2013-11-08 19:03 - 00003866 _____ C:\windows\System32\Tasks\BrowserSafeguard Update Task
2013-11-08 19:02 - 2013-11-11 19:42 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\WordExtra
2013-11-08 19:02 - 2013-11-10 12:46 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-11-08 19:01 - 2013-11-10 12:46 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-08 19:00 - 2013-11-08 19:00 - 00000000 ____D C:\Program Files (x86)\sp
2013-11-07 17:57 - 2013-11-07 17:57 - 03090173 _____ C:\Users\Betty Lewis\Downloads\Latest
2013-11-07 16:00 - 2013-11-07 16:00 - 01035696 _____ (Ask.com) C:\Users\Betty Lewis\Downloads\OffercastInstaller_AVR_U-0482-01-Blank-0000-00-en_.exe
2013-11-07 10:27 - 2013-11-07 10:27 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\0D0S1L2Z1P1B
2013-11-06 19:40 - 2013-11-06 19:53 - 00649728 _____ C:\Users\Betty Lewis\Desktop\Final Business Card.pub
2013-11-04 10:21 - 2013-11-04 10:21 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Template
2013-11-04 10:21 - 2013-11-04 10:21 - 00000000 _____ C:\Users\Betty Lewis\AppData\Roaming\wklnhst.dat
2013-11-04 09:33 - 2013-11-04 09:33 - 00462836 _____ C:\Users\Betty Lewis\Downloads\TP001100120.cab
2013-11-04 09:33 - 2013-11-04 09:33 - 00000000 ____D C:\Users\Betty Lewis\Desktop\TP001100120
2013-11-02 12:35 - 2013-11-02 12:35 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart(2).php
2013-11-02 12:33 - 2013-11-02 12:33 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart(1).php
2013-11-02 12:25 - 2013-11-02 12:25 - 00002034 _____ C:\Users\Betty Lewis\Downloads\form-shipping.php
2013-11-02 12:23 - 2013-11-02 12:23 - 00003591 _____ C:\Users\Betty Lewis\Downloads\shipping-calculator.php
2013-11-02 12:18 - 2013-11-02 12:18 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart.php
2013-10-31 12:15 - 2013-10-31 12:15 - 00000000 ____D C:\Users\Betty Lewis\Desktop\WALLETS
2013-10-29 11:27 - 2013-11-04 12:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-29 05:29 - 2013-10-29 05:29 - 00123347 _____ C:\Users\Betty Lewis\Downloads\green.css
2013-10-29 05:22 - 2013-10-29 05:22 - 00022560 _____ C:\Users\Betty Lewis\Downloads\layout.css
2013-10-26 16:21 - 2013-10-26 16:21 - 00347304 _____ (Microsoft Corporation) C:\Users\Betty Lewis\Downloads\MicrosoftFixit.Pictures.RNP.147306266301342965.1.1.Run.exe
2013-10-26 14:55 - 2013-10-26 14:55 - 00000000 ____D C:\Users\Betty Lewis\Tracing
2013-10-26 14:52 - 2013-10-26 14:52 - 00000000 ____D C:\windows\en
2013-10-26 14:47 - 2013-10-26 14:51 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-10-26 14:47 - 2013-10-26 14:47 - 00000000 ____D C:\Program Files\Windows Live
2013-10-26 14:47 - 2013-02-05 21:06 - 00057840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fssfltr.sys
2013-10-26 14:46 - 2010-06-02 03:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2013-10-26 14:46 - 2010-06-02 03:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2013-10-26 14:46 - 2010-06-02 03:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2013-10-26 14:46 - 2010-06-02 03:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2013-10-26 14:46 - 2010-05-26 10:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2013-10-26 14:46 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2013-10-26 14:46 - 2010-05-26 10:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2013-10-26 14:46 - 2010-05-26 10:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2013-10-26 14:45 - 2013-10-26 14:45 - 00002184 _____ C:\Users\Betty Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00000000 ___RD C:\Users\Betty Lewis\SkyDrive
2013-10-26 14:45 - 2013-10-26 14:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-10-26 14:44 - 2013-10-26 14:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-26 14:42 - 2013-10-26 14:42 - 01239536 _____ (Microsoft Corporation) C:\Users\Betty Lewis\Downloads\wlsetup-web.exe
2013-10-25 16:49 - 2013-10-26 07:54 - 90139696 _____ (The GIMP Team                                               ) C:\Users\Betty Lewis\Downloads\gimp-2.8.6-setup.exe
2013-10-24 10:15 - 2013-11-09 12:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\Program Files\iTunes
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\Program Files\iPod
2013-10-23 15:07 - 2013-10-23 15:07 - 02364868 _____ C:\Users\Betty Lewis\Downloads\businesscard-3.5inx2in-h-front.jpg(1).zip
2013-10-23 15:00 - 2013-10-23 15:00 - 02364868 _____ C:\Users\Betty Lewis\Downloads\businesscard-3.5inx2in-h-front.jpg.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00079789 _____ C:\Users\Betty Lewis\Downloads\a3369.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00078544 _____ C:\Users\Betty Lewis\Downloads\a2375.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00064012 _____ C:\Users\Betty Lewis\Downloads\a4659.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00056158 _____ C:\Users\Betty Lewis\Downloads\a9435.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00043769 _____ C:\Users\Betty Lewis\Downloads\c7584.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00040478 _____ C:\Users\Betty Lewis\Downloads\a9433.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00034589 _____ C:\Users\Betty Lewis\Downloads\a3928.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00028895 _____ C:\Users\Betty Lewis\Downloads\c7583.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00028417 _____ C:\Users\Betty Lewis\Downloads\e5630.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00027293 _____ C:\Users\Betty Lewis\Downloads\d4449.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00025078 _____ C:\Users\Betty Lewis\Downloads\d4452.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00016641 _____ C:\Users\Betty Lewis\Downloads\a3895.HUS.zip
2013-10-23 11:15 - 2013-10-23 11:15 - 00049656 _____ C:\Users\Betty Lewis\Downloads\a1743.HUS.zip
2013-10-22 14:23 - 2013-10-22 14:23 - 00003208 _____ C:\windows\System32\Tasks\{6F299C20-F0E7-4F02-9177-AA25B85DB5D4}
2013-10-22 14:14 - 2013-10-22 14:15 - 06627712 _____ C:\Users\Betty Lewis\Downloads\6350WinXP03V_PS_x64_English(1).exe
2013-10-22 14:05 - 2013-10-22 14:05 - 01320242 _____ C:\Users\Betty Lewis\Downloads\32_64bitw2kps(1).exe
2013-10-22 14:05 - 2013-10-22 14:05 - 00003180 _____ C:\windows\System32\Tasks\{59B25823-8A57-410A-9E12-55A8F33E8BA5}
2013-10-22 14:03 - 2013-10-22 14:03 - 01320242 _____ C:\Users\Betty Lewis\Downloads\32_64bitw2kps.exe
2013-10-22 14:03 - 2013-10-22 14:03 - 00003174 _____ C:\windows\System32\Tasks\{14F59DF9-533A-4306-81BE-02649CC74BF1}
2013-10-22 13:50 - 2013-10-22 13:50 - 00000000 ____D C:\Program Files (x86)\Xerox
2013-10-22 13:45 - 2013-10-22 13:46 - 02927616 _____ C:\Users\Betty Lewis\Downloads\Setup(1).exe
2013-10-22 09:08 - 2013-10-22 09:08 - 00003202 _____ C:\windows\System32\Tasks\{891D6D1B-B06F-46F2-894C-E6009ED31B1C}
2013-10-22 09:03 - 2013-10-22 09:03 - 06627712 _____ C:\Users\Betty Lewis\Downloads\6350WinXP03V_PS_x64_English.exe
2013-10-22 08:49 - 2013-10-22 08:49 - 00001188 ____N C:\windows\SysWOW64\ServiceConfig.xml
2013-10-21 18:03 - 2013-10-21 18:03 - 00000000 ____D C:\Users\Betty Lewis\Desktop\typesetit_great-vibes
2013-10-21 17:59 - 2013-10-21 17:59 - 00052751 _____ C:\Users\Betty Lewis\Downloads\typesetit_great-vibes.zip
2013-10-21 07:21 - 2013-10-21 07:22 - 00000000 ____D C:\Users\Betty Lewis\Downloads\Embroidery
2013-10-21 07:21 - 2013-10-21 07:21 - 00000000 ____D C:\Users\Betty Lewis\Downloads\wordpress
2013-10-20 16:02 - 2013-10-20 16:02 - 00000000 ____D C:\Users\Betty Lewis\Desktop\RazzleZipped
2013-10-19 14:59 - 2013-10-19 14:59 - 00000000 ____D C:\Users\Betty Lewis\Desktop\images
2013-10-19 12:27 - 2013-10-19 12:27 - 00000000 ____D C:\ProgramData\Lexmark 5600-6600 Series
2013-10-17 11:36 - 2013-10-17 11:36 - 00306578 _____ C:\Users\Betty Lewis\Downloads\x4485.HUS.zip
2013-10-15 17:51 - 2013-10-15 17:51 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\U3

==================== One Month Modified Files and Folders =======

2013-11-13 23:50 - 2013-11-13 23:49 - 00016630 _____ C:\Users\Betty Lewis\Desktop\FRST.txt
2013-11-13 23:49 - 2013-11-13 23:49 - 01957794 _____ (Farbar) C:\Users\Betty Lewis\Desktop\FRST64.exe
2013-11-13 23:49 - 2013-11-13 23:49 - 00000000 ____D C:\FRST
2013-11-13 23:45 - 2013-11-13 23:45 - 00001201 _____ C:\Users\Betty Lewis\Desktop\eset threats.txt
2013-11-13 23:44 - 2013-11-09 11:29 - 00715077 _____ C:\windows\WindowsUpdate.log
2013-11-13 23:13 - 2012-05-12 07:23 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 20:37 - 2013-11-13 20:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-13 20:33 - 2013-11-13 20:33 - 02347384 _____ (ESET) C:\Users\Betty Lewis\Downloads\esetsmartinstaller_enu.exe
2013-11-13 20:29 - 2009-07-13 19:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 20:29 - 2009-07-13 19:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 20:27 - 2009-07-13 20:13 - 00730532 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-13 20:22 - 2013-11-13 20:22 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\adawarebp
2013-11-13 20:22 - 2010-09-15 16:20 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-11-13 20:21 - 2013-11-13 16:24 - 00000448 _____ C:\windows\setupact.log
2013-11-13 20:21 - 2009-07-13 20:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-13 20:20 - 2013-11-13 20:11 - 00000000 ____D C:\AdwCleaner
2013-11-13 20:10 - 2013-11-13 20:10 - 01085542 _____ C:\Users\Betty Lewis\Desktop\AdwCleaner.exe
2013-11-13 20:07 - 2013-11-13 20:07 - 00014899 _____ C:\Users\Betty Lewis\Desktop\JRT report.txt
2013-11-13 20:02 - 2013-11-13 20:02 - 00014899 _____ C:\Users\Betty Lewis\Desktop\JRT.txt
2013-11-13 19:55 - 2013-11-13 19:55 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:48 - 2013-11-13 19:48 - 01034531 _____ (Thisisu) C:\Users\Betty Lewis\Desktop\JRT.exe
2013-11-13 19:44 - 2013-11-13 18:07 - 00000000 ____D C:\Users\Betty Lewis\Desktop\mbar
2013-11-13 18:58 - 2013-11-13 18:07 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-13 18:55 - 2013-11-13 16:23 - 00020110 _____ C:\windows\PFRO.log
2013-11-13 18:05 - 2013-11-13 18:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Betty Lewis\Downloads\mbar-1.07.0.1007.exe
2013-11-13 18:00 - 2013-08-26 08:24 - 00000472 _____ C:\windows\Tasks\Geek Tech Registration3.job
2013-11-13 17:58 - 2013-11-13 17:58 - 00036411 _____ C:\ComboFix.txt
2013-11-13 17:58 - 2013-11-13 17:49 - 00000000 ____D C:\ComboFix
2013-11-13 17:58 - 2013-11-11 19:36 - 00000000 ____D C:\Qoobox
2013-11-13 17:55 - 2009-07-13 17:34 - 00000215 _____ C:\windows\system.ini
2013-11-13 17:38 - 2013-11-13 17:38 - 00036052 _____ C:\Users\Betty Lewis\Desktop\combofix report.txt
2013-11-13 17:24 - 2013-11-13 17:24 - 05147957 ____R (Swearware) C:\Users\Betty Lewis\Desktop\ComboFix.exe
2013-11-13 16:56 - 2013-11-13 16:56 - 00027707 _____ C:\Users\Betty Lewis\Desktop\dds.txt
2013-11-13 16:56 - 2013-11-13 16:56 - 00021582 _____ C:\Users\Betty Lewis\Desktop\attach.txt
2013-11-13 16:55 - 2013-11-13 16:55 - 00688992 ____R (Swearware) C:\Users\Betty Lewis\Downloads\dds.scr
2013-11-13 16:55 - 2013-11-13 16:55 - 00001832 _____ C:\sc-cleaner.txt
2013-11-13 16:54 - 2013-11-13 16:54 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Betty Lewis\Downloads\sc-cleaner.exe
2013-11-13 16:24 - 2013-11-13 16:24 - 00000000 _____ C:\windows\setuperr.log
2013-11-13 16:16 - 2013-07-07 10:33 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Malwarebytes
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 16:11 - 2013-11-13 16:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Betty Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 14:25 - 2013-05-21 14:06 - 00003936 _____ C:\windows\mozy.flt
2013-11-13 14:25 - 2013-05-21 14:06 - 00003676 _____ C:\windows\mozy.blk
2013-11-13 14:04 - 2013-11-09 12:14 - 119590912 _____ C:\Users\Betty Lewis\Desktop\RDB Item Numbers.accdb
2013-11-13 13:56 - 2011-08-23 17:56 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\Paint.NET
2013-11-13 11:44 - 2013-11-09 17:07 - 00003956 _____ C:\0
2013-11-12 18:44 - 2013-11-12 18:44 - 00000000 ____D C:\Program Files\Paint.Net Bulk Image Processor v1.0
2013-11-12 18:44 - 2010-09-15 16:45 - 00022875 _____ C:\Users\Betty Lewis\AppData\Roaming\mainhst.zgh
2013-11-12 18:40 - 2011-08-23 17:56 - 00000000 ____D C:\Program Files\Paint.NET
2013-11-12 18:39 - 2013-11-12 18:39 - 00036331 _____ C:\Users\Betty Lewis\Downloads\Paint.Net Bulk Image Processor v1.0.zip
2013-11-12 12:38 - 2013-07-07 10:33 - 00046368 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-11-12 08:29 - 2013-11-12 08:29 - 00744030 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-12 02:58 - 2013-08-26 08:24 - 00000428 _____ C:\windows\Tasks\Geek Tech Update3.job
2013-11-11 19:45 - 2009-07-13 18:20 - 00000000 __RHD C:\Users\Default
2013-11-11 19:43 - 2013-11-11 19:36 - 00000000 ____D C:\windows\erdnt
2013-11-11 19:42 - 2013-11-08 19:02 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\WordExtra
2013-11-11 19:35 - 2013-11-11 19:35 - 05145576 ____R (Swearware) C:\Users\Betty Lewis\Downloads\ComboFix.exe
2013-11-11 12:35 - 2013-08-26 08:24 - 00000466 _____ C:\windows\Tasks\Geek Tech Tool Box.job
2013-11-11 10:33 - 2013-11-11 10:33 - 00000418 _____ C:\Users\Betty Lewis\Downloads\variations_sample.csv
2013-11-11 10:30 - 2013-11-11 10:30 - 00001129 _____ C:\Users\Betty Lewis\Downloads\sample.csv
2013-11-11 09:55 - 2013-11-11 09:55 - 01609698 _____ C:\Users\Betty Lewis\Desktop\Invitation-RDB.tif
2013-11-10 13:51 - 2013-10-05 13:21 - 00000000 ____D C:\Users\Betty Lewis\Desktop\forms
2013-11-10 12:46 - 2013-11-08 19:02 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-11-10 12:46 - 2013-11-08 19:01 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-10 07:22 - 2013-11-10 07:22 - 02554204 _____ C:\Users\Betty Lewis\Downloads\postcard-4inx6in-h-front.jpg.zip
2013-11-09 17:16 - 2013-11-09 17:16 - 00651776 _____ C:\Users\Betty Lewis\Desktop\Final Business Card RDB - cmyk.pub
2013-11-09 12:30 - 2013-07-07 13:36 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-11-09 12:27 - 2013-10-24 10:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-09 11:32 - 2013-11-09 11:32 - 00003110 _____ C:\windows\System32\Tasks\{C901657F-4BB2-44BB-8129-F65835717029}
2013-11-09 11:29 - 2013-11-09 11:29 - 00003110 _____ C:\windows\System32\Tasks\{19597960-E3CF-4808-B098-F1D177F187ED}
2013-11-09 11:11 - 2013-05-04 11:42 - 00000000 ____D C:\ProgramData\Sierra
2013-11-09 11:11 - 2009-12-14 19:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-09 10:57 - 2010-08-20 08:48 - 00000000 ____D C:\Users\Betty Lewis
2013-11-09 09:56 - 2013-11-08 19:14 - 00000000 ____D C:\Program Files\Recuva
2013-11-09 09:56 - 2013-11-08 19:03 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordExtra
2013-11-09 09:56 - 2013-10-06 06:16 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-11-09 09:56 - 2009-07-13 18:20 - 00000000 ____D C:\windows\AppCompat
2013-11-09 09:55 - 2009-07-13 18:20 - 00000000 ____D C:\windows\registration
2013-11-08 19:03 - 2013-11-08 19:03 - 00003866 _____ C:\windows\System32\Tasks\BrowserSafeguard Update Task
2013-11-08 19:00 - 2013-11-08 19:00 - 00000000 ____D C:\Program Files (x86)\sp
2013-11-07 17:57 - 2013-11-07 17:57 - 03090173 _____ C:\Users\Betty Lewis\Downloads\Latest
2013-11-07 16:00 - 2013-11-07 16:00 - 01035696 _____ (Ask.com) C:\Users\Betty Lewis\Downloads\OffercastInstaller_AVR_U-0482-01-Blank-0000-00-en_.exe
2013-11-07 10:27 - 2013-11-07 10:27 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\0D0S1L2Z1P1B
2013-11-07 04:49 - 2011-07-16 07:31 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-06 19:53 - 2013-11-06 19:40 - 00649728 _____ C:\Users\Betty Lewis\Desktop\Final Business Card.pub
2013-11-04 12:13 - 2013-10-29 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-04 10:21 - 2013-11-04 10:21 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Template
2013-11-04 10:21 - 2013-11-04 10:21 - 00000000 _____ C:\Users\Betty Lewis\AppData\Roaming\wklnhst.dat
2013-11-04 10:21 - 2009-07-13 20:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-11-04 09:33 - 2013-11-04 09:33 - 00462836 _____ C:\Users\Betty Lewis\Downloads\TP001100120.cab
2013-11-04 09:33 - 2013-11-04 09:33 - 00000000 ____D C:\Users\Betty Lewis\Desktop\TP001100120
2013-11-02 12:35 - 2013-11-02 12:35 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart(2).php
2013-11-02 12:33 - 2013-11-02 12:33 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart(1).php
2013-11-02 12:25 - 2013-11-02 12:25 - 00002034 _____ C:\Users\Betty Lewis\Downloads\form-shipping.php
2013-11-02 12:23 - 2013-11-02 12:23 - 00003591 _____ C:\Users\Betty Lewis\Downloads\shipping-calculator.php
2013-11-02 12:18 - 2013-11-02 12:18 - 00006273 _____ C:\Users\Betty Lewis\Downloads\cart.php
2013-10-31 12:15 - 2013-10-31 12:15 - 00000000 ____D C:\Users\Betty Lewis\Desktop\WALLETS
2013-10-29 05:29 - 2013-10-29 05:29 - 00123347 _____ C:\Users\Betty Lewis\Downloads\green.css
2013-10-29 05:22 - 2013-10-29 05:22 - 00022560 _____ C:\Users\Betty Lewis\Downloads\layout.css
2013-10-26 16:21 - 2013-10-26 16:21 - 00347304 _____ (Microsoft Corporation) C:\Users\Betty Lewis\Downloads\MicrosoftFixit.Pictures.RNP.147306266301342965.1.1.Run.exe
2013-10-26 14:55 - 2013-10-26 14:55 - 00000000 ____D C:\Users\Betty Lewis\Tracing
2013-10-26 14:54 - 2010-12-02 16:15 - 00000000 ____D C:\Users\Betty Lewis\AppData\Local\Windows Live
2013-10-26 14:52 - 2013-10-26 14:52 - 00000000 ____D C:\windows\en
2013-10-26 14:51 - 2013-10-26 14:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-10-26 14:51 - 2009-12-14 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-10-26 14:47 - 2013-10-26 14:47 - 00000000 ____D C:\Program Files\Windows Live
2013-10-26 14:46 - 2009-07-13 18:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-26 14:45 - 2013-10-26 14:45 - 00002184 _____ C:\Users\Betty Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 14:45 - 2013-10-26 14:45 - 00000000 ___RD C:\Users\Betty Lewis\SkyDrive
2013-10-26 14:45 - 2013-10-26 14:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-10-26 14:44 - 2013-10-26 14:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-26 14:42 - 2013-10-26 14:42 - 01239536 _____ (Microsoft Corporation) C:\Users\Betty Lewis\Downloads\wlsetup-web.exe
2013-10-26 07:54 - 2013-10-25 16:49 - 90139696 _____ (The GIMP Team                                               ) C:\Users\Betty Lewis\Downloads\gimp-2.8.6-setup.exe
2013-10-24 11:18 - 2010-02-23 16:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-24 11:12 - 2011-07-12 14:51 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\Program Files\iTunes
2013-10-24 10:15 - 2013-10-24 10:15 - 00000000 ____D C:\Program Files\iPod
2013-10-23 15:07 - 2013-10-23 15:07 - 02364868 _____ C:\Users\Betty Lewis\Downloads\businesscard-3.5inx2in-h-front.jpg(1).zip
2013-10-23 15:00 - 2013-10-23 15:00 - 02364868 _____ C:\Users\Betty Lewis\Downloads\businesscard-3.5inx2in-h-front.jpg.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00079789 _____ C:\Users\Betty Lewis\Downloads\a3369.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00078544 _____ C:\Users\Betty Lewis\Downloads\a2375.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00064012 _____ C:\Users\Betty Lewis\Downloads\a4659.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00056158 _____ C:\Users\Betty Lewis\Downloads\a9435.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00043769 _____ C:\Users\Betty Lewis\Downloads\c7584.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00040478 _____ C:\Users\Betty Lewis\Downloads\a9433.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00034589 _____ C:\Users\Betty Lewis\Downloads\a3928.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00028895 _____ C:\Users\Betty Lewis\Downloads\c7583.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00028417 _____ C:\Users\Betty Lewis\Downloads\e5630.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00027293 _____ C:\Users\Betty Lewis\Downloads\d4449.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00025078 _____ C:\Users\Betty Lewis\Downloads\d4452.HUS.zip
2013-10-23 11:16 - 2013-10-23 11:16 - 00016641 _____ C:\Users\Betty Lewis\Downloads\a3895.HUS.zip
2013-10-23 11:15 - 2013-10-23 11:15 - 00049656 _____ C:\Users\Betty Lewis\Downloads\a1743.HUS.zip
2013-10-22 14:23 - 2013-10-22 14:23 - 00003208 _____ C:\windows\System32\Tasks\{6F299C20-F0E7-4F02-9177-AA25B85DB5D4}
2013-10-22 14:15 - 2013-10-22 14:14 - 06627712 _____ C:\Users\Betty Lewis\Downloads\6350WinXP03V_PS_x64_English(1).exe
2013-10-22 14:05 - 2013-10-22 14:05 - 01320242 _____ C:\Users\Betty Lewis\Downloads\32_64bitw2kps(1).exe
2013-10-22 14:05 - 2013-10-22 14:05 - 00003180 _____ C:\windows\System32\Tasks\{59B25823-8A57-410A-9E12-55A8F33E8BA5}
2013-10-22 14:03 - 2013-10-22 14:03 - 01320242 _____ C:\Users\Betty Lewis\Downloads\32_64bitw2kps.exe
2013-10-22 14:03 - 2013-10-22 14:03 - 00003174 _____ C:\windows\System32\Tasks\{14F59DF9-533A-4306-81BE-02649CC74BF1}
2013-10-22 13:50 - 2013-10-22 13:50 - 00000000 ____D C:\Program Files (x86)\Xerox
2013-10-22 13:46 - 2013-10-22 13:45 - 02927616 _____ C:\Users\Betty Lewis\Downloads\Setup(1).exe
2013-10-22 09:08 - 2013-10-22 09:08 - 00003202 _____ C:\windows\System32\Tasks\{891D6D1B-B06F-46F2-894C-E6009ED31B1C}
2013-10-22 09:07 - 2011-07-12 10:46 - 00000000 ____D C:\Xerox
2013-10-22 09:03 - 2013-10-22 09:03 - 06627712 _____ C:\Users\Betty Lewis\Downloads\6350WinXP03V_PS_x64_English.exe
2013-10-22 08:50 - 2009-07-13 19:45 - 00462784 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-22 08:49 - 2013-10-22 08:49 - 00001188 ____N C:\windows\SysWOW64\ServiceConfig.xml
2013-10-21 18:16 - 2010-08-20 08:53 - 00131744 _____ C:\Users\Betty Lewis\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 18:03 - 2013-10-21 18:03 - 00000000 ____D C:\Users\Betty Lewis\Desktop\typesetit_great-vibes
2013-10-21 17:59 - 2013-10-21 17:59 - 00052751 _____ C:\Users\Betty Lewis\Downloads\typesetit_great-vibes.zip
2013-10-21 07:22 - 2013-10-21 07:21 - 00000000 ____D C:\Users\Betty Lewis\Downloads\Embroidery
2013-10-21 07:21 - 2013-10-21 07:21 - 00000000 ____D C:\Users\Betty Lewis\Downloads\wordpress
2013-10-20 16:02 - 2013-10-20 16:02 - 00000000 ____D C:\Users\Betty Lewis\Desktop\RazzleZipped
2013-10-20 11:50 - 2013-10-06 07:49 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-10-19 14:59 - 2013-10-19 14:59 - 00000000 ____D C:\Users\Betty Lewis\Desktop\images
2013-10-19 13:59 - 2011-07-12 12:00 - 00000000 ____D C:\ProgramData\Lx_cats
2013-10-19 13:56 - 2012-06-26 04:36 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\Apple Computer
2013-10-19 12:27 - 2013-10-19 12:27 - 00000000 ____D C:\ProgramData\Lexmark 5600-6600 Series
2013-10-17 11:36 - 2013-10-17 11:36 - 00306578 _____ C:\Users\Betty Lewis\Downloads\x4485.HUS.zip
2013-10-17 10:23 - 2012-06-26 04:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-15 17:51 - 2013-10-15 17:51 - 00000000 ____D C:\Users\Betty Lewis\AppData\Roaming\U3
2013-10-14 10:20 - 2009-07-13 18:20 - 00000000 ____D C:\windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Betty Lewis\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 02:05

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Betty Lewis at 2013-11-13 23:50:32
Running from C:\Users\Betty Lewis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
4D Embroidery 8.1 (x32 Version: 8.1)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.2146.41621)
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Adobe Acrobat 8 Professional (x32 Version: 8.0.0)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.5.1 (x32 Version: 9.5.1)
Amazon Links (x32 Version: 2.02)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Panorama Maker 6 (x32 Version: 6.0.8.85)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.17)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Cisco Network Magic (x32 Version: 5.5.09195.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.98.16.61)
D3DX10 (x32 Version: 15.4.2368.0902)
Direct DiscRecorder (x32 Version: 1.00.0000)
DisplayLink Core Software (Version: 7.2.47873.0)
Dolby Control Center (Version: 2.2.1)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0)
DYMO Label v.8 (x32 Version: 8.5.0.1751)
DYMO LabelWriter Drivers (Version: 8.3.0.443)
eReg (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
Geek Tech Tool Box (x32 Version: 3.1.4.0)
HDMI Control Manager (Version: 2.0)
HDMI Control Manager (x32 Version: 2.0)
HiJackThis (x32 Version: 1.0.0)
iCloud (Version: 3.0.2.163)
Intel® Control Center (x32 Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2008)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.5.0.1037)
InterVideo WinDVD BD for TOSHIBA (x32 Version: 8.0.20.153)
iTunes (Version: 11.1.2.31)
Java Auto Updater (x32 Version: 2.0.5.1)
Java 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 en-US) (HKCU Version: 23.0.1)
Mozilla Firefox 5.0.1 (x86 en-US) (x32 Version: 5.0.1)
Mozy Restore Manager (x32 Version: 2.0.3.542)
MozyHome (Version: 2.20.3.278)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
mythreadbox (x32 Version: 1.0)
Neat (x32 Version: 5.2.2.3)
Neat ADF Scanner 2008 Driver (Version: 2.0.1.5)
Neat ADF Scanner Driver (Version: 2.0.2.1)
Neat Core Files (x32 Version: 5.2.2.3)
Neat Mobile Scanner (Silver) Driver (Version: 2.0.1.5)
Neat Mobile Scanner 2008 Driver (Version: 2.0.1.4)
Neat Mobile Scanner Driver (Version: 2.0.1.2)
Network Magic (x32 Version: 5.5.9195.0)
NetZero Launcher (x32 Version: 2.01)
Nikon Message Center 2 (x32 Version: 2.1.0)
Nikon Movie Editor (x32 Version: 2.7.0)
Notepad++ (x32 Version: 6.1.4)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.56)
O2Micro Flash Memory Card Windows Driver (x32 Version: 2.0.56)
Paint.NET v3.5.10 (Version: 3.60.0)
Photo Gallery (x32 Version: 16.4.3508.0205)
Picture Control Utility (x32 Version: 1.4.12)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Pure Networks Platform (x32 Version: 11.2.09195.1)
Quickbooks Financial Center (x32 Version: 2.02)
Quicken 2008 (x32 Version: 17.1.5.3)
Quicken 2011 (x32 Version: 20.1.8.6)
Quicken Legal Business Pro 2011 (x32)
Quicken WillMaker Plus 2011 (x32)
QuickTime (x32 Version: 7.74.80.86)
Realtek WLAN Driver (x32 Version: 2.00.0006)
Regi (Version: 1.00.0000)
Send To Neat (Version: 1.1.0.0)
Sentinel HASP Run-time (x32 Version: 5.0.1.14210)
Skype Launcher (x32 Version: 2.01)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 14.0.12.0)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.1.07-A)
TOSHIBA eco Utility (Version: 1.1.12.64)
TOSHIBA eco Utility (x32 Version: 1.1.12.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.02.01.00)
TOSHIBA Hardware Setup (x32 Version: 4.02.01.00)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.4)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.4)
TOSHIBA Media Controller (x32 Version: 1.0.65)
Toshiba Online Backup (x32 Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.5.1.64)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (Version: 4.02.01.00)
TOSHIBA Supervisor Password (x32 Version: 4.02.01.00)
TOSHIBA USB Display Drivers (Version: 6.1.35912.0)
TOSHIBA USB Sleep and Charge Utility (x32 Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.34.64)
TOSHIBA Value Added Package (x32 Version: 1.2.34.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.10)
ToshibaRegistration (x32 Version: 1.0.3)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
ViewNX 2 (x32 Version: 2.7.6)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
WildTangent Games (x32 Version: 1.0.0.80)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
ZipGenius 6 (6.3.1.2612) (x32 Version: 6.3)

==================== Restore Points  =========================

09-11-2013 04:09:26 Removed ScorpionSaver
09-11-2013 04:10:00 Removed ScorpionSaver
09-11-2013 20:30:22 Removed ScorpionSaver
09-11-2013 20:37:00 Removed iSEEK AnswerWorks English Runtime
11-11-2013 17:11:42 Geek Tech Tool Box Backup
11-11-2013 19:55:45 Removed ScorpionSaver
11-11-2013 21:34:48 Geek Tech Tool Box Backup
14-11-2013 01:15:39 Geek Tech Tool Box Backup
14-11-2013 03:53:34 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-13 17:34 - 2013-11-13 17:55 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {30EF97EE-DBA1-4E52-A7CD-B3748AF2E9C9} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
Task: {69EC040A-DB48-4DB1-8E91-9E6AB45ABEDD} - System32\Tasks\Geek Tech Update3 => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\Update3.exe [2013-07-02] (Geek Tech)
Task: {8406AC08-87C2-4DC5-AEFB-E881FCE9FBD9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {AB21F1A0-5440-447A-8559-EE9C09078B16} - System32\Tasks\Geek Tech Tool Box => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe [2013-07-02] (Geek Tech)
Task: {B4594826-D015-4CCD-9B6E-E2085F9B598A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {BC9C8631-EBEE-4AE7-BF21-87A7AA6AA338} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {BDA2265F-7763-417D-B9D5-0274AD853C73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {C5D795ED-9DD8-4892-85A1-01B1BF8FA4AF} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-04-13] (Microsoft Corporation)
Task: {D934C23D-8D4B-42AE-A438-B9FFAC837E44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9E6FBB9-D765-48B1-84F1-9934BFAAD43C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {F9281817-222D-468A-99A8-FEC8DA37762B} - \GreatArcadeHits No Task File
Task: {FEE1E5F7-0C76-495F-AF0F-06E75AB552E0} - System32\Tasks\Geek Tech Registration3 => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll [2013-07-02] (Geek Tech)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Geek Tech Registration3.job => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll
Task: C:\windows\Tasks\Geek Tech Tool Box.job => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe
Task: C:\windows\Tasks\Geek Tech Update3.job => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\Update3.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-23 16:30 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-04 21:58 - 2013-03-04 21:58 - 00085504 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2013-10-06 06:25 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-10-06 06:25 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2013-10-29 11:27 - 2013-10-29 11:27 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 15:14 - 2013-10-08 15:14 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Atheros AR8132 PCI-E Fast Ethernet Controller
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2013 11:49:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/13/2013 08:22:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SydexFDD

Error: (11/13/2013 08:22:06 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (11/13/2013 08:21:59 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service failed to start due to the following error:
%%2

Error: (11/13/2013 08:21:58 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2

Error: (11/13/2013 08:21:53 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%2

Error: (11/13/2013 08:21:53 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
%%3

Error: (11/13/2013 08:21:27 PM) (Source: SRTSP) (User: )
Description: Error loading Symantec real time Anti-Virus driver.

Error: (11/13/2013 08:21:27 PM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.


Microsoft Office Sessions:
=========================
Error: (07/13/2012 06:34:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1795 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/29/2010 07:17:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-13 17:54:33.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:54:33.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:54:33.147
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:54:33.006
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:34:26.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:34:26.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:34:26.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-13 17:34:26.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 19:42:29.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 19:42:29.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3892.47 MB
Available physical RAM: 1666.16 MB
Total Pagefile: 7783.13 MB
Available Pagefile: 5270.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Laptop) (Fixed) (Total:453.96 GB) (Free:386.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (6600 Series) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BEFB4D1C)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from Control Panel, Add\Remove programs.
 
Then run this tool.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

Then run this tool
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then run the following.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

FRST64 results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Betty Lewis at 2013-11-14 08:21:52 Run:1
Running from C:\Users\Betty Lewis\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {5031F87C-F8C3-42F8-A525-64F5613D53D2} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {20E27590-331D-5105-86BC-00E51A165541} URL =
SearchScopes: HKLM-x32 - {78B6A26F-A475-4C4A-B552-543C0C8F72B2 URL = http://download.micr...heckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Extension: ScorpionSaver - C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\Extensions\ScorpionSaver@jetpack
CHR Extension: (Scorpion Saver) - C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS [x]
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Betty Lewis\AppData\Local\Temp\Quarantine.exe
Task: {30EF97EE-DBA1-4E52-A7CD-B3748AF2E9C9} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
Task: {69EC040A-DB48-4DB1-8E91-9E6AB45ABEDD} - System32\Tasks\Geek Tech Update3 => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\Update3.exe [2013-07-02] (Geek Tech)
Task: {AB21F1A0-5440-447A-8559-EE9C09078B16} - System32\Tasks\Geek Tech Tool Box => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe [2013-07-02] (Geek Tech)
Task: {D934C23D-8D4B-42AE-A438-B9FFAC837E44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9281817-222D-468A-99A8-FEC8DA37762B} - \GreatArcadeHits No Task File
Task: {FEE1E5F7-0C76-495F-AF0F-06E75AB552E0} - System32\Tasks\Geek Tech Registration3 => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll [2013-07-02] (Geek Tech)
Task: C:\windows\Tasks\Geek Tech Registration3.job => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll
Task: C:\windows\Tasks\Geek Tech Tool Box.job => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe
Task: C:\windows\Tasks\Geek Tech Update3.job => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\Update3.exe
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{20E27590-331D-5105-86BC-00E51A165541} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{20E27590-331D-5105-86BC-00E51A165541} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{78B6A26F-A475-4C4A-B552-543C0C8F72B2 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{78B6A26F-A475-4C4A-B552-543C0C8F72B2 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5031F87C-F8C3-42F8-A525-64F5613D53D2} => Key deleted successfully.
HKCR\CLSID\{5031F87C-F8C3-42F8-A525-64F5613D53D2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => Key not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Users\Betty Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\c4b7f3rp.default-1356576600586\Extensions\ScorpionSaver@jetpack => Moved successfully.
C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg => Moved successfully.
"C:\Users\BETTYL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg" => File/Directory not found.
NIS => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
"C:\Users\Betty Lewis\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30EF97EE-DBA1-4E52-A7CD-B3748AF2E9C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30EF97EE-DBA1-4E52-A7CD-B3748AF2E9C9} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69EC040A-DB48-4DB1-8E91-9E6AB45ABEDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EC040A-DB48-4DB1-8E91-9E6AB45ABEDD} => Key deleted successfully.
C:\Windows\System32\Tasks\Geek Tech Update3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Geek Tech Update3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB21F1A0-5440-447A-8559-EE9C09078B16} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB21F1A0-5440-447A-8559-EE9C09078B16} => Key deleted successfully.
C:\Windows\System32\Tasks\Geek Tech Tool Box => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Geek Tech Tool Box => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D934C23D-8D4B-42AE-A438-B9FFAC837E44} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D934C23D-8D4B-42AE-A438-B9FFAC837E44} => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9281817-222D-468A-99A8-FEC8DA37762B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9281817-222D-468A-99A8-FEC8DA37762B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEE1E5F7-0C76-495F-AF0F-06E75AB552E0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE1E5F7-0C76-495F-AF0F-06E75AB552E0} => Key deleted successfully.
C:\Windows\System32\Tasks\Geek Tech Registration3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Geek Tech Registration3 => Key deleted successfully.
C:\windows\Tasks\Geek Tech Registration3.job => Moved successfully.
C:\windows\Tasks\Geek Tech Tool Box.job => Moved successfully.
C:\windows\Tasks\Geek Tech Update3.job => Moved successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Are there still any signs of an infection ?

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.