Jump to content

Can not remove PUM.bad.proxy


Recommended Posts

Hello,

Malwarebytes keeps detecting this registry hack and I quarantine it but it returns.

 

OS is Vista Home premium  Service Pack 2, 64 bit. Running MS security Essentials and Malwarebytes Pro.

 

Been reading about this and it seems that the sooner the better as far as getting rid of it. Hopefully someone knows something about this and can give me a hand removing it. Thanks again

Link to post
Share on other sites

  • 2 weeks later...
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014

Ran by Sharon (administrator) on SHARON-PC on 29-05-2014 20:14:10

Running from C:\Users\Sharon\Desktop

Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Capital Intellect, Inc.) C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\wpcumi.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\Money Express.exe

(SanDisk Corporation) C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

() C:\ProgramData\sysiwp\sysiwp.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Display Systems, Inc.) C:\DSI\FIDLITE3\inetupapp.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe

(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

(Creative Technology Ltd.) C:\Windows\OEM05Mon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Capital Intellect, Inc.) C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

() C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe

() C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(US Tech Support LLC) C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [443904 2008-09-17] (IDT, Inc.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DELL Webcam Manager] => C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-08-22] (Creative Technology Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-03-31] (RealNetworks, Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\Money Express.exe [176183 2000-07-19] (Microsoft Corporation)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-04] (Google Inc.)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [Facebook Update] => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-27] (Facebook Inc.)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sansaDispatch] => C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-06-17] (SanDisk Corporation)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [bpk] => C:\ProgramData\BPK\bpk.exe

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [Google Update] => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] ()

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\Explorer: [NoControlPanel] 0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Displaysoft Online Updates - c--DSI-FIDLITE3.lnk

ShortcutTarget: Displaysoft Online Updates - c--DSI-FIDLITE3.lnk -> C:\DSI\FIDLITE3\inetupapp.exe (Display Systems, Inc.)

GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


SearchScopes: HKCU - {25203DD1-F1B0-46F9-8E3D-3C7F2852BC98} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: BeFrugalIEHelper - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - BeFrugal.com Toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

DPF: HKLM {7DD62E58-5FA8-11D2-AFB7-00104B64F126} http://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref=

DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Winsock: Catalog9-x64 19 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default

FF DefaultSearchEngine: Bing 

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Bing 

FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=

FF SearchEngineOrder.3: Bing 

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @swiftview.com/SwiftView - C:\Program Files (x86)\SwiftView\npsview.dll (SwiftView, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sharon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Sharon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Sharon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sharon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sharon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Sharon\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)

FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\Sharon\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)

FF user.js: detected! => C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npsview.dll (SwiftView, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Sharon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Sharon\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

FF Extension: Browse For Change - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\browseforchange@browseforchange.com [2012-03-09]

FF Extension: ArcadeWeb - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\textlinks@arcadeweb.com [2011-06-14]

FF Extension: Ask Toolbar - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\toolbar@ask.com [2012-07-27]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-23]

FF Extension: Yahoo! Toolbar - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-07-30]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM-x32\...\Firefox\Extensions: [superfish@superfish.com] - C:\ProgramDataMozilla\Extensions\superfish@superfish.com

FF Extension: Window Shopper - Powered by Superfish - C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011-06-08]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-06-04]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-26]

FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKCU\...\Firefox\Extensions: [{B7E247FA-8046-43A7-9581-32DC30BD2438}] - C:\Users\Sharon\AppData\Local\{B7E247FA-8046-43A7-9581-32DC30BD2438}

FF Extension: No Name - C:\Users\Sharon\AppData\Local\{B7E247FA-8046-43A7-9581-32DC30BD2438} [2010-07-20]

FF HKCU\...\Firefox\Extensions: [{682CD89D-A4D0-11E1-8270-B8AC6F996F26}] - C:\Users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\

FF Extension: Mozilla Safe Browsing - C:\Users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\ []

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (SwiftView Plug-In) - C:\Program Files (x86)\Mozilla Firefox\plugins\npsview.dll (SwiftView, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (YouTube) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-11]

CHR Extension: (McAfee Security Scan+) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-25]

CHR Extension: (Google Search) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-11]

CHR Extension: (SiteAdvisor) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-11]

CHR Extension: (RealDownloader) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-28]

CHR Extension: (Facebook Unseen) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2014-04-02]

CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-11]

CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2012-08-11]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

 

==================== Services (Whitelisted) =================

 

R2 BeFrugal.com Service; C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [348056 2012-12-05] (Capital Intellect, Inc.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 M4-Service; C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2012-08-31] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-10-22] (Alcatel-Lucent)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] ()

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe [246272 2008-09-17] (IDT, Inc.)

R2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC)

S2 WebClient; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)

S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X]

S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)

S1 Beep; No ImagePath

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [212864 2007-08-22] (Creative Technology Ltd.)

S3 OEM05Vfx; C:\Windows\System32\DRIVERS\OEM05Vfx.sys [12288 2007-08-22] (EyePower Games Pte. Ltd.)

S3 OEM05Vid; C:\Windows\System32\DRIVERS\OEM05Vid.sys [266720 2007-08-22] (Creative Technology Ltd.)

R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-29 20:14 - 2014-05-29 20:14 - 00036908 _____ () C:\Users\Sharon\Desktop\FRST.txt

2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe

2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe

2014-05-29 20:11 - 2014-05-29 20:12 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe

2014-05-29 20:02 - 2014-05-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-05-29 15:25 - 2014-05-29 15:25 - 00000851 _____ () C:\Users\Sharon\Downloads\coupon_printer.jnlp

2014-05-29 10:36 - 2014-05-29 10:36 - 00052083 _____ () C:\Users\Sharon\Downloads\message_zdm (1).html

2014-05-29 10:17 - 2014-05-29 10:17 - 00045709 _____ () C:\Users\Sharon\Downloads\message_zdm.html

2014-05-27 11:36 - 2014-05-27 11:39 - 00000000 ____D () C:\Users\Sharon\Documents\2014-05-27

2014-05-27 11:06 - 2014-05-27 11:06 - 00003387 _____ () C:\Users\Sharon\Downloads\attachment

2014-05-23 18:17 - 2014-05-28 14:52 - 00000000 ____D () C:\Users\Sharon\Desktop\Re-Fi statements 5_23_14

2014-05-23 10:54 - 2014-05-23 10:55 - 03716256 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\LogMeIn Client (1).exe

2014-05-23 10:25 - 2014-05-23 10:26 - 00749844 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T201635.html

2014-05-23 10:16 - 2014-05-23 10:17 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (3).html

2014-05-23 10:15 - 2014-05-23 10:15 - 00108468 _____ () C:\Users\Sharon\Downloads\securedoc_20140516T182012.html

2014-05-23 10:13 - 2014-05-23 10:13 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (2).html

2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Oracle

2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\ProgramData\Oracle

2014-05-20 17:53 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-05-20 17:53 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-05-20 17:53 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-05-20 17:53 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-05-20 17:52 - 2014-05-20 17:53 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-05-20 17:52 - 2014-05-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-20 17:49 - 2014-05-20 17:49 - 00921512 _____ (Oracle Corporation) C:\Users\Sharon\Downloads\chromeinstall-7u55.exe

2014-05-20 16:57 - 2014-05-20 16:57 - 00166550 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T200640.html

2014-05-20 15:25 - 2014-05-20 15:25 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (1).html

2014-05-20 15:23 - 2014-05-20 15:23 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142.html

2014-05-18 10:12 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\05_18_14hijackthis.log

2014-05-14 19:06 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\hijackthis.log

2014-05-14 03:39 - 2014-05-05 16:06 - 09348096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 03:39 - 2014-05-05 16:06 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 03:39 - 2014-05-05 15:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 03:39 - 2014-05-05 15:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 03:39 - 2014-05-05 15:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 03:39 - 2014-05-05 14:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-14 03:39 - 2014-03-25 12:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 03:39 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () C:\Windows\safetkn.dll

2014-05-07 07:15 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2014-05-06 20:46 - 2014-05-07 07:08 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\USTechSupport

2014-05-06 20:46 - 2014-05-07 07:08 - 00000000 ____D () C:\Program Files (x86)\USTechSupport

2014-05-06 20:44 - 2014-05-07 07:08 - 00000000 ____D () C:\ProgramData\USTechSupport

2014-05-03 07:22 - 2014-05-03 07:22 - 00008224 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Real

2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Apple Computer

2014-05-01 15:50 - 2014-05-01 15:50 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll

 

==================== One Month Modified Files and Folders =======

 

2014-05-29 20:14 - 2014-05-29 20:14 - 00036908 _____ () C:\Users\Sharon\Desktop\FRST.txt

2014-05-29 20:14 - 2012-05-30 22:37 - 00000000 ____D () C:\FRST

2014-05-29 20:14 - 2012-05-25 20:37 - 00000000 ____D () C:\Users\Sharon\AppData\Local\temp

2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe

2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe

2014-05-29 20:12 - 2014-05-29 20:11 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe

2014-05-29 20:12 - 2013-11-20 19:42 - 00000000 ___HD () C:\ProgramData\sysiwp

2014-05-29 20:02 - 2014-05-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-05-29 20:01 - 2011-05-04 15:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-29 20:00 - 2012-03-30 07:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-29 19:44 - 2013-09-24 07:40 - 05148672 _____ () C:\Users\Sharon\my money.mny

2014-05-29 19:44 - 2008-12-13 14:42 - 00000000 ____D () C:\Users\Sharon

2014-05-29 19:43 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-29 19:43 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-29 19:36 - 2014-02-07 11:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job

2014-05-29 19:02 - 2014-04-28 19:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-29 18:39 - 2013-03-27 21:34 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job

2014-05-29 18:01 - 2011-05-04 15:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-29 15:25 - 2014-05-29 15:25 - 00000851 _____ () C:\Users\Sharon\Downloads\coupon_printer.jnlp

2014-05-29 14:35 - 2014-02-07 11:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job

2014-05-29 12:46 - 2008-12-03 15:48 - 01998007 _____ () C:\Windows\WindowsUpdate.log

2014-05-29 12:27 - 2012-09-21 17:04 - 00000436 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job

2014-05-29 12:27 - 2011-07-24 15:17 - 00004076 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}

2014-05-29 10:36 - 2014-05-29 10:36 - 00052083 _____ () C:\Users\Sharon\Downloads\message_zdm (1).html

2014-05-29 10:17 - 2014-05-29 10:17 - 00045709 _____ () C:\Users\Sharon\Downloads\message_zdm.html

2014-05-28 21:39 - 2013-03-27 21:34 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job

2014-05-28 14:52 - 2014-05-23 18:17 - 00000000 ____D () C:\Users\Sharon\Desktop\Re-Fi statements 5_23_14

2014-05-28 12:13 - 2009-01-19 21:06 - 00000000 ____D () C:\Users\Sharon\AppData\Local\CutePDF Writer

2014-05-28 12:09 - 2009-01-02 11:09 - 00001123 ____H () C:\Windows\dsi.ini

2014-05-28 07:49 - 2012-03-30 07:37 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-28 07:48 - 2012-03-30 07:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-28 07:48 - 2011-06-14 07:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-28 07:44 - 2013-02-17 09:36 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000

2014-05-28 07:44 - 2013-02-17 09:36 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000

2014-05-28 07:43 - 2012-12-09 17:41 - 00000430 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job

2014-05-28 07:43 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-27 21:38 - 2006-11-02 11:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-27 11:39 - 2014-05-27 11:36 - 00000000 ____D () C:\Users\Sharon\Documents\2014-05-27

2014-05-27 11:06 - 2014-05-27 11:06 - 00003387 _____ () C:\Users\Sharon\Downloads\attachment

2014-05-26 09:11 - 2012-12-28 08:08 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000

2014-05-26 09:11 - 2012-12-28 08:08 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000

2014-05-23 10:55 - 2014-05-23 10:54 - 03716256 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\LogMeIn Client (1).exe

2014-05-23 10:26 - 2014-05-23 10:25 - 00749844 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T201635.html

2014-05-23 10:17 - 2014-05-23 10:16 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (3).html

2014-05-23 10:15 - 2014-05-23 10:15 - 00108468 _____ () C:\Users\Sharon\Downloads\securedoc_20140516T182012.html

2014-05-23 10:13 - 2014-05-23 10:13 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (2).html

2014-05-22 14:13 - 2008-12-13 18:09 - 00000000 ____D () C:\Users\Sharon\Documents\REAL ESTATE

2014-05-22 07:36 - 2012-06-04 07:39 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-05-22 07:35 - 2008-01-20 23:26 - 00183166 _____ () C:\Windows\PFRO.log

2014-05-21 11:27 - 2011-02-06 15:22 - 05150312 ____R () C:\Users\Sharon\my money.mbf

2014-05-20 17:55 - 2008-12-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Java

2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Oracle

2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\ProgramData\Oracle

2014-05-20 17:53 - 2014-05-20 17:52 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-05-20 17:52 - 2014-05-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-20 17:49 - 2014-05-20 17:49 - 00921512 _____ (Oracle Corporation) C:\Users\Sharon\Downloads\chromeinstall-7u55.exe

2014-05-20 17:42 - 2009-01-04 16:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Mozilla

2014-05-20 16:57 - 2014-05-20 16:57 - 00166550 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T200640.html

2014-05-20 15:25 - 2014-05-20 15:25 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (1).html

2014-05-20 15:23 - 2014-05-20 15:23 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142.html

2014-05-18 10:12 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\05_18_14hijackthis.log

2014-05-18 10:12 - 2014-05-14 19:06 - 00018645 _____ () C:\Users\Sharon\Desktop\hijackthis.log

2014-05-15 08:44 - 2012-06-04 15:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-15 03:05 - 2013-08-15 07:11 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-15 03:05 - 2008-12-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-15 03:02 - 2006-11-02 08:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () C:\Windows\safetkn.dll

2014-05-09 17:11 - 2009-01-05 13:56 - 00000115 _____ () C:\Users\Sharon\AppData\Roaming\sview.ini

2014-05-09 17:05 - 2012-06-28 11:53 - 00131072 ____H () C:\Users\Sharon\AppData\Roaming\svfiles.log

2014-05-07 14:30 - 2014-02-07 11:34 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA

2014-05-07 14:30 - 2014-02-07 11:34 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core

2014-05-07 08:46 - 2012-06-02 19:51 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-05-07 07:23 - 2013-11-14 09:43 - 00052462 _____ () C:\Windows\SysWOW64\ourlog.dat

2014-05-07 07:22 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media

2014-05-07 07:08 - 2014-05-06 20:46 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\USTechSupport

2014-05-07 07:08 - 2014-05-06 20:46 - 00000000 ____D () C:\Program Files (x86)\USTechSupport

2014-05-07 07:08 - 2014-05-06 20:44 - 00000000 ____D () C:\ProgramData\USTechSupport

2014-05-05 17:56 - 2011-05-04 15:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-05 17:56 - 2011-05-04 15:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-05 16:06 - 2014-05-14 03:39 - 09348096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-05 16:06 - 2014-05-14 03:39 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-05 15:31 - 2014-05-14 03:39 - 06021120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-05 15:31 - 2014-05-14 03:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-05 15:17 - 2014-05-14 03:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-05 14:47 - 2014-05-14 03:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-03 07:22 - 2014-05-03 07:22 - 00008224 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Real

2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Apple Computer

2014-05-03 07:21 - 2013-05-11 18:33 - 00001234 __RSH () C:\Users\George\ntuser.pol

2014-05-03 07:21 - 2012-06-06 20:33 - 00000000 ____D () C:\Users\George\AppData\Local\temp

2014-05-03 07:21 - 2012-06-06 20:33 - 00000000 ____D () C:\Users\George

2014-05-01 15:50 - 2014-05-01 15:50 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll

2014-05-01 15:46 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\IME

2014-05-01 14:22 - 2009-01-04 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

2014-05-01 14:22 - 2008-12-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Coupons

 

ZeroAccess:

C:\Users\Sharon\AppData\Local\35fdb1a3

 

ZeroAccess:

C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}

 

Some content of TEMP:

====================

C:\Users\Sharon\AppData\Local\temp\DefaultPack.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-29 20:02

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014

Ran by Sharon at 2014-05-29 20:14:51

Running from C:\Users\Sharon\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version:  - )

Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version:  - )

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION

ATI Catalyst Install Manager (HKLM\...\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}) (Version: 3.0.812.0 - ATI Technologies, Inc.)

ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden

ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )

ATT-RC Self Support Tool (HKLM-x32\...\ATT-RC) (Version:  - )

Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

BeFrugal.com Toolbar (HKLM-x32\...\BeFrugal.com Toolbar_is1) (Version: 2012.2.4.1 - BeFrugal.com)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Browse For Change (HKLM-x32\...\iBryte_browseforchange) (Version:  - iBryte)

Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )

Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

Canon MF Toolbox 4.9.1.1.mf09 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.2.0 - Canon)

Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version:  - )

Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0126.1749.31909 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) Hidden

CCC Help English (x32 Version: 2011.0126.1748.31909 - ATI) Hidden

ccc-core-static (x32 Version: 2011.0126.1749.31909 - ATI) Hidden

ccc-utility64 (Version: 2011.0126.1749.31909 - ATI) Hidden

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)

CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION

CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )

Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)

Dell Webcam Center (HKLM-x32\...\Dell Webcam Center) (Version:  - )

Dell Webcam Manager (HKLM-x32\...\Dell Webcam Manager) (Version:  - )

DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden

Displaysoft Main Install (HKLM-x32\...\{6817B93A-8497-11D4-AA25-00104B66574A}) (Version:  - )

DocMaster 4.5.2.2 (HKLM-x32\...\DocMaster) (Version: 4.5.2.2 - DocMagic)

Driver Performer (HKLM-x32\...\Driver Performer_is1) (Version: 10.0 - Driver-Soft Inc.)

eLynx Ltd. Web Post Printer (HKLM-x32\...\eLynx Ltd. Web Post Printer) (Version:  - eLynx Ltd.)

eLynx SMARTvue (HKLM-x32\...\eLynx SMARTvue) (Version:  - eLynx Ltd.)

EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden

Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

FNT-CT Rate Calculator 2.30 (HKLM-x32\...\FNT-CT Rate Calculator_is1) (Version:  - Fidelity National Title)

FNTG-CT Rate Calculator 3.00 (HKLM-x32\...\FNTG-CT Rate Calculator_is1) (Version:  - Fidelity National Title Group)

FRED.Net (HKLM-x32\...\{4DBDBBE4-723A-4AA2-9A27-17F5DD716206}) (Version:  - )

GMD Print Utility (HKLM-x32\...\{B314C339-8AEC-4069-8793-4478CD650CE1}) (Version: 1.03.0104 - Guardian Mortgage Documents)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP LaserJet P2050 Series 6.0 (HKLM\...\{6F801026-6AF0-4520-9153-4C9B4CAAB361}) (Version: 6.0 - HP)

hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden

hppQFolderP2050 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)

Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Money 2001 (HKLM-x32\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)   (HKLM\...\Creative OEM005) (Version:  - )

Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )

Mozilla Firefox 17.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0 (x86 en-US)) (Version: 17.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

PrepExp (HKLM-x32\...\{BB7C99CE-E975-4C67-A2DB-942A66ABC804}) (Version: 6.0.198 - CATIC)

PrepExpress 6.0 (HKLM-x32\...\PrepExpress 6.0) (Version:  - )

PrepExpress 6.0 Build 205 Hot Fix 1 (HKLM-x32\...\PrepExpress 6.0 Build 205 Hot Fix 1) (Version:  - )

PrepExpress 6.0 Build 205 Hot Fix 2 (HKLM-x32\...\PrepExpress 6.0 Build 205 Hot Fix 2) (Version:  - )

PrepExpress 6.0 Update (HKLM-x32\...\PrepExpress 6.0 Update) (Version:  - )

Quick Title 2.39 (HKLM-x32\...\Quick Title_is1) (Version:  - Quick Title)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden

Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)

Roxio Creator Premier (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden

Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler (x32 Version: 3.2 - Roxio) Hidden

Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden

R-Viewer.1.6.3768 (HKLM-x32\...\InstallShield_{35870352-4116-4E80-AB2A-37A07ECE30E2}) (Version: 1.6.3763 - Data-Vision, Inc.)

R-Viewer.1.6.3768 (x32 Version: 1.6.3763 - Data-Vision, Inc.) Hidden

Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

SwiftView Viewer (HKLM-x32\...\SwiftView) (Version:  - )

The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

US Tech Support Framework (HKLM-x32\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4741 - US Tech Support LLC)

WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Window Shopper (HKLM-x32\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish)

XPS MiniView Gadget (HKLM-x32\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)

Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )

 

==================== Restore Points  =========================

 

13-05-2014 12:03:02 Scheduled Checkpoint

13-05-2014 13:32:10 Windows Update

13-05-2014 22:00:44 Windows Backup

14-05-2014 22:00:35 Windows Backup

15-05-2014 07:00:21 Windows Update

15-05-2014 22:00:45 Windows Backup

16-05-2014 18:06:15 Scheduled Checkpoint

16-05-2014 22:00:44 Windows Backup

17-05-2014 16:03:41 Scheduled Checkpoint

17-05-2014 22:00:44 Windows Backup

18-05-2014 13:07:35 Windows Update

18-05-2014 22:00:36 Windows Backup

19-05-2014 22:00:46 Windows Backup

20-05-2014 21:51:38 Installed Java 7 Update 55

20-05-2014 22:00:29 Windows Backup

21-05-2014 22:00:35 Windows Backup

22-05-2014 12:58:36 Scheduled Checkpoint

22-05-2014 22:00:49 Windows Backup

23-05-2014 11:02:57 Windows Update

23-05-2014 22:00:43 Windows Backup

24-05-2014 22:00:38 Windows Backup

25-05-2014 15:24:59 Scheduled Checkpoint

25-05-2014 22:00:43 Windows Backup

26-05-2014 13:04:25 Windows Update

26-05-2014 22:00:45 Windows Backup

27-05-2014 16:50:01 Scheduled Checkpoint

27-05-2014 22:00:45 Windows Backup

28-05-2014 22:00:43 Windows Backup

29-05-2014 22:00:36 Windows Backup

 

==================== Hosts content: ==========================

 

2006-11-02 08:34 - 2012-05-25 20:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0652DDB3-FD7C-486E-B9C9-01C1605620B5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {0DC4AA72-66CC-4942-9447-A67BF6F82138} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-09-11] (Capital Intellect, Inc.)

Task: {13F62143-222B-443E-81E9-B03AA5E58266} - System32\Tasks\RealCreateProcessScheduledTask2915955S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {2BE02B68-EDD1-4EE0-9F30-D89F1AF46FE6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {384BCDA5-8433-4224-99D3-FC1BC2BB7AF1} - System32\Tasks\RealCreateProcessScheduledTask881577S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2013-06-26] (RealNetworks, Inc.)

Task: {39786BE9-8492-4BD3-BCC3-F2F17369C84C} - System32\Tasks\RealCreateProcessScheduledTask186811S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {41096ADB-91D8-42DE-90C0-D81CBFDC6E13} - System32\Tasks\RealCreateProcessScheduledTask4575384S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {462E24AA-5A86-41B2-A50C-5D196BFC44D5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {476DD8A1-83E4-4BF1-8091-05069DD4975B} - System32\Tasks\RealCreateProcessScheduledTask5270212S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {48735741-9659-4D90-AB49-E8A083FAA116} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-28] (Adobe Systems Incorporated)

Task: {53608495-E569-42FA-A04F-E51373A0023D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {558ACE8A-E522-4EB4-8270-CF2CFA6A967E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {55DB0494-3D07-43E0-B77B-57424B154950} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {587DDC1C-BC36-465D-A636-35ADB2A20B57} - System32\Tasks\RealCreateProcessScheduledTask113954643S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION

Task: {7245B10D-80CC-4155-B809-130489CDA531} - System32\Tasks\RealCreateProcessScheduledTask10447964S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {850A2B07-9507-4F3F-A021-E1FBF3BDD820} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-27] (Facebook Inc.)

Task: {870F059A-0718-420D-8AB1-7A8AE7AB4A62} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {918FCC53-E13E-4623-A8ED-F0D722BDBD8B} - System32\Tasks\RealCreateProcessScheduledTask178901S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {964210C3-9545-4F84-A1C8-35B0839E6C0F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {9701FA65-7D73-4994-8A6B-62A7D76F2EAD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {9D867EBD-79D7-4B4B-A0CF-70FF4301E7CE} - System32\Tasks\RealCreateProcessScheduledTask932651S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {A3CDD9F2-BB2F-4A01-9BB8-31E81D61AE3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04] (Google Inc.)

Task: {B8534C34-CE86-4EE0-B3CA-0A74F43FE391} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)

Task: {BE6D2E1F-7ABF-4AE9-A500-44A35D6ECFAA} - System32\Tasks\RealCreateProcessScheduledTask185968S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: {C77E1A33-E3D3-4FE6-9E70-1063918673A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04] (Google Inc.)

Task: {CBE8C0FA-A083-4DB3-94FC-B6DDA2371EA6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-27] (Facebook Inc.)

Task: {D67D224B-4CF4-42A6-820D-56BA3852AE7B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {DE90FE45-6BEE-4BA6-B45D-5E681A8144B9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sharon => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {EE95BDB6-3C0A-4E41-9782-74B7BD13695F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)

Task: {F0B01899-77B1-415B-8EB0-9ED2BA6E978F} - System32\Tasks\RealCreateProcessScheduledTask8908093S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-01-19 21:03 - 2007-07-12 23:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll

2011-01-26 18:12 - 2011-01-26 18:12 - 00026112 _____ () C:\Windows\system32\atitmp64.dll

2013-05-21 03:05 - 2013-05-21 03:05 - 01289216 _____ () C:\ProgramData\sysiwp\sysiwp.exe

2014-02-13 04:27 - 2014-02-13 04:27 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\0f48d9153765cbcf00b5d108df293b96\VistaBridgeLibrary.ni.dll

2012-08-31 11:20 - 2012-08-31 11:20 - 01008032 _____ () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe

2014-05-28 07:44 - 2014-05-28 07:44 - 01592208 _____ () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe

2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2013-05-21 03:05 - 2013-05-21 03:05 - 00676864 _____ () C:\ProgramData\sysiwp\sysiwphk.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () c:\windows\safetkn.dll

2013-01-17 09:47 - 2013-01-17 09:47 - 01073984 _____ () C:\Program Files (x86)\Common Files\USTechSupport\DEL\DEL_dll.dll

2014-05-21 08:24 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-21 08:24 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-21 08:24 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-05-21 08:24 - 2014-05-13 19:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: DockLoginService => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IAANTMON => 2

MSCONFIG\Services: McAfee SiteAdvisor Service => 2

MSCONFIG\Services: McciCMService => 2

MSCONFIG\Services: McciCMService64 => 2

MSCONFIG\Services: mcmscsvc => 2

MSCONFIG\Services: McNaiAnn => 2

MSCONFIG\Services: McNASvc => 2

MSCONFIG\Services: McODS => 3

MSCONFIG\Services: McProxy => 2

MSCONFIG\Services: RoxLiveShare10 => 2

MSCONFIG\Services: RoxMediaDB10 => 3

MSCONFIG\Services: RoxWatch10 => 2

MSCONFIG\Services: STacSV => 2

MSCONFIG\Services: stllssvr => 3

MSCONFIG\Services: Toolbar Updater Service => 2

MSCONFIG\Services: WajamUpdater => 2

MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

MSCONFIG\startupreg: Dell DataSafe Online => E.EXE" /M

MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

MSCONFIG\startupreg: IAAnotif => OTIF.EXE"

MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

MSCONFIG\startupreg: OEM05Mon.exe => C:\Windows\OEM05Mon.exe

MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

MSCONFIG\startupreg: SightSpeed => "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe

MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/29/2014 06:22:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SHARON\DOCUMENTS\REAL ESTATE\BJN\BJN\SUSSMAN MUNICIPAL SEARCH.DOC> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (05/29/2014 06:22:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SHARON\DOCUMENTS\REAL ESTATE\BJN\BJN\SUSSMAN MUNICIPAL SEARCH.DOC> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (05/28/2014 07:45:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: PolicyAgent4

 

Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: EmdCache4

 

Error: (05/27/2014 07:54:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/26/2014 00:02:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 1224

Start Time: 01cf78e3de6e1d4c

Termination Time: 3

 

Error: (05/26/2014 08:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/25/2014 08:45:49 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (05/28/2014 07:49:08 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Windows Media Player Network Sharing ServiceUPnPHost

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Beep

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: seclogon%%127

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: SessionLauncher%%3

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .Net Framework COM+ Supports

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: MBAMScheduler%%1053

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000MBAMScheduler

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Apple Mobile Device%%1053

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Apple Mobile Device

 

Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: WebClient%%2

 

 

Microsoft Office Sessions:

=========================

Error: (01/20/2013 05:22:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-29 20:14:21.379

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 20:14:21.222

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 20:14:21.060

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 20:14:20.903

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:17:52.902

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:17:52.740

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:17:52.577

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:17:52.415

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:03:03.592

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-29 19:03:03.414

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 54%

Total physical RAM: 6077.03 MB

Available physical RAM: 2737.05 MB

Total Pagefile: 12331.09 MB

Available Pagefile: 9227.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:407.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.98 GB) NTFS

Drive f: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:472.84 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 80000000)

Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: CBCE2081)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

One of the files found, bpk.exe, is apparently a keylogger. I would consider anything on your system compromised. If you do online banking or ordering, I would call your financial institution, explain the situation, and take steps to secure your accounts.

 

Please go to Start > Control Panel > Programs and Features and uninstall the following programs:
Ask Toolbar
Ask Toolbar Updater[
BeFrugal.com Toolbar
Coupon Printer for Windows Version: 4.0
Coupon Printer for Windows Version: 5.0
CouponPrinterPlugin


 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

startHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall)HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [bpk] => C:\ProgramData\BPK\bpk.exeHKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] ()GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTIONURLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)SearchScopes: HKCU - {18D8643F-390D-4B60-A7A2-ABAC15782AB2} URL = http://websearch.ask...60-37F14DDBB1D9BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No FileBHO-x32: BeFrugalIEHelper - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)HO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No FileToolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - BeFrugal.com Toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No FileFF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No FileFF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Sharon\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\Sharon\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)F HKLM-x32\...\Firefox\Extensions: [superfish@superfish.com] - C:\ProgramDataMozilla\Extensions\superfish@superfish.comFF Extension: Window Shopper - Powered by Superfish - C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011-06-08]CHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No FileCHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2012-08-11]R2 BeFrugal.com Service; C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [348056 2012-12-05] (Capital Intellect, Inc.)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)R2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] ()2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall)S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X]S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]S1 Beep; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptTask: {0DC4AA72-66CC-4942-9447-A67BF6F82138} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-09-11] (Capital Intellect, Inc.)Task: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTIONTask: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exeC:\Program Files (x86)\Ask.comC:\Program Files\Common Files\safewx.exeC:\ProgramData\BPKC:\ProgramData\sysiwpC:\Program Files (x86)\Common Files\BeFrugal.comC:\Program Files (x86)\CouponsC:\Windows\safetkn.dllC:\Windows\safewx.exe2014-05-29 15:25 - 2014-05-29 15:25 - 00000851 _____ () C:\Users\Sharon\Downloads\coupon_printer.jnlpend

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 
Please post the log from FRST (Fixlog.txt) in your next reply.

 

Download TFC by OldTimer to your Desktop.

  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.
  • When done, press OK to reboot your computer and finish the cleanup.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please download Junkware Removal Tool to your Desktop.

  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into your reply.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please post the logs from Farbar Recovery Scan Tool (Fixlog.txt), AdwCleaner, Junkware Removal Tool, ESET Online Scan, and note any errors encountered.

Link to post
Share on other sites

Hello,

Before I do anything, the key logger was installed by myself at least 5 years ago and is currently in use. Also, do those coupon items need to be un-installed? Coupon things not a problem to remove if necessary. 

Thanks,

 

Lorgeo

Link to post
Share on other sites

I would not recommend the use of a keylogger. Any way you look at it, that is spyware. If the purpose is to monitor a child, I would instead recommend placing the computer in a visible location rather than resorting to the use of spyware. If you really want to keep it, which I would never recommend, I will edit the script to not remove it.

 

For the coupon items, which are adware, if you want to keep them, you can.

I will post new instructions.

Link to post
Share on other sites

Please go to Start > Control Panel > Programs and Features and uninstall the following programs:
Ask Toolbar
Ask Toolbar Updater

 

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

startHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall)HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] ()GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTIONURLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)SearchScopes: HKCU - {18D8643F-390D-4B60-A7A2-ABAC15782AB2} URL = http://websearch.ask...60-37F14DDBB1D9BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No FileHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No FileToolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No FileFF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No FileCHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No FileR2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] ()2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall)S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X]S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]S1 Beep; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptTask: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTIONC:\Program Files (x86)\Ask.comC:\Program Files\Common Files\safewx.exeC:\ProgramData\sysiwpC:\Windows\safetkn.dllC:\Windows\safewx.exeend

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 
Please post the log from FRST (Fixlog.txt) in your next reply.

 

I also removed the lines that would have removed Windows Shopper by Superfish. You can read about it here, I recommend you follow the directions to remove it:

http://www.pcthreat.com/parasitebyid-28162en.html

 

Download TFC by OldTimer to your Desktop.

  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.
  • When done, press OK to reboot your computer and finish the cleanup.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • AdwCleaner will now start scanning your computer. After scanning it will display a list of malicious items detected, please uncheck any items you do not want to remove related to the coupon programs that might be detected as malicious.
  • After unchecking any items you want to keep, or if you have nothing to uncheck, continue to the removal process and select the Clean button.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please post the logs from Farbar Recovery Scan Tool (Fixlog.txt), AdwCleaner, ESET Online Scan, and note any errors encountered.

Link to post
Share on other sites

Thanks,

Here's the fixlog.txt file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014

Ran by Sharon at 2014-05-31 09:02:47 Run:1
Running from C:\Users\Sharon\Desktop\Tools
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall)
HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] ()
GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {18D8643F-390D-4B60-A7A2-ABAC15782AB2} URL = http://websearch.ask...60-37F14DDBB1D9
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
HO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
CHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
R2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] ()
2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall)
S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Task: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
C:\Program Files (x86)\Ask.com
C:\Program Files\Common Files\safewx.exe
C:\ProgramData\sysiwp
C:\Windows\safetkn.dll
C:\Windows\safewx.exe
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AirSafe => Value deleted successfully.
HKU\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sysiwp => Value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18D8643F-390D-4B60-A7A2-ABAC15782AB2} => Key deleted successfully.
HKCR\CLSID\{18D8643F-390D-4B60-A7A2-ABAC15782AB2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 => Key deleted successfully.
C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll not found.
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.
MedisCenter => Service stopped successfully.
MedisCenter => Service deleted successfully.
B-Service => Service deleted successfully.
SessionLauncher => Service deleted successfully.
Beep => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D99390E-8A1D-4C57-B2EA-5202EF2B1911} => Key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
C:\Program Files\Common Files\safewx.exe => Moved successfully.
C:\ProgramData\sysiwp => Moved successfully.
C:\Windows\safetkn.dll => Moved successfully.
C:\Windows\safewx.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

There were 2 files. SO, RO

# AdwCleaner v3.211 - Report created 31/05/2014 at 09:37:12

# Updated 26/05/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Sharon - SHARON-PC

# Running from : C:\Users\Sharon\Downloads\adwcleaner_3.211.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\ProgramData\Ask

[!] Folder Deleted : C:\ProgramData\Babylon

[!] Folder Deleted : C:\Program Files (x86)\driver-soft

[!] Folder Deleted : C:\Program Files (x86)\iBryte

[!] Folder Deleted : C:\Users\George\AppData\LocalLow\AskToolbar

[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Babylon

[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\BabylonToolbar

[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\iBryte

[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\invalidprefs.js

File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml

File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Driver-Soft

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19518

 

 

-\\ Mozilla Firefox v17.0 (en-US)

 

[ File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\prefs.js ]

 

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : \\\\Sharon\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7adqiqrj.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367530272770},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descrip[...]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B35F0F79-4C8B-49B1-B14B-F12E11C11AD7&apn_ptnrs=TV&apn_sauid=296E7551-4BFE-4540-9D60-37F14DDBB1D9&apn_dtid=OSJ000YYUS&q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=254DEBD6-73A8-4A65-8643-544B1B3417EC&n=77fdcb1c&ind=2013121308&p2=^AYY^xdm090^YYA^us&si=wiseconvert

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

 

*************************

 

AdwCleaner[R0].txt - [8061 octets] - [31/05/2014 09:35:01]

AdwCleaner[s0].txt - [6671 octets] - [31/05/2014 09:37:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6731 octets] ##########

RO:


# AdwCleaner v3.211 - Report created 31/05/2014 at 09:35:01

# Updated 26/05/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Sharon - SHARON-PC

# Running from : C:\Users\Sharon\Downloads\adwcleaner_3.211.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\invalidprefs.js

File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\Askcom.xml

File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml

File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js

Folder Found : C:\Program Files (x86)\driver-soft

Folder Found : C:\Program Files (x86)\iBryte

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Users\George\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Sharon\AppData\Local\Babylon

Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Folder Found : C:\Users\Sharon\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Sharon\AppData\LocalLow\iBryte

Folder Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : [x64] HKCU\Software\Cr_Installer

Key Found : [x64] HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\wajam.DLL

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\Software\Driver-Soft

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19518

 

 

-\\ Mozilla Firefox v17.0 (en-US)

 

[ File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\prefs.js ]

 

Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Line Found : user_pref("browser.search.order.1", "Ask.com");

Line Found : \\\\Sharon\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7adqiqrj.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367530272770},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descrip[...]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B35F0F79-4C8B-49B1-B14B-F12E11C11AD7&apn_ptnrs=TV&apn_sauid=296E7551-4BFE-4540-9D60-37F14DDBB1D9&apn_dtid=OSJ000YYUS&q={searchTerms}

Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Found [search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=254DEBD6-73A8-4A65-8643-544B1B3417EC&n=77fdcb1c&ind=2013121308&p2=^AYY^xdm090^YYA^us&si=wiseconvert

Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh

 

*************************

 

AdwCleaner[R0].txt - [7849 octets] - [31/05/2014 09:35:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7909 octets] ##########

 

Link to post
Share on other sites

Here's the Junkware removal tool log. I can't seem to get the ESET online scanner to download and run. Thanks for the help so far.

 

unkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows Vista Home Premium x64

Ran by Sharon on Sat 05/31/2014 at  9:52:55.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] ustsscheduler 

Successfully deleted: [service] ustsscheduler 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ustechsupport

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

Successfully deleted: [File] C:\Users\Sharon\appdata\local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"

Successfully deleted: [Folder] "C:\Users\Sharon\AppData\Roaming\ustechsupport"

Successfully deleted: [Folder] "C:\Users\Sharon\appdata\locallow\superfish"

Failed to delete: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Folder] "C:\Program Files (x86)\superfish"

Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\ustechsupport"

Successfully deleted: [Empty Folder] C:\Users\Sharon\appdata\local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}

Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\superfish@superfish.com

Emptied folder: C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\7adqiqrj.default\minidumps [5 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 05/31/2014 at 10:04:59.40

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Hi Lorgeo

As you didn't want to remove your coupon program, in the new instructions I didn't have Junkware Removal Tool, which removed the program. If you still want that program, you will need to reinstall it.
 

I can't seem to get the ESET online scanner to download and run.

 

What browser did you use? You have Firefox and Chrome installed in addition to Internet Explore. Whichever you tried, try the other two browsers to see if you can get it to run.
If that doesn't work, try this scanner instead:
 

Download the Sophos Virus Removal Tool and save it to your desktop:

  • Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
  • Follow the prompts to accept the license agreement, and accept the default location.
  • A message will appear "InstallShield Wizard Completed".
  • Click 'Finish' to start the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • A log will be in the following location:
  • Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
    --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • Please post the log in your next reply and note any errors encountered.

 

Download and save to your Desktop  RogueKillerX64.exe (by tigzy)

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan
  • Click on Report and copy/paste the content of the notepad in your next reply (don't fix anything yet, not everything it finds is bad).

 

Please post the log from ESET Online Scanner, or if it still wouldn't run the log from Sophos Virus Removal Tool, the log from RogueKiller, and note any errors encountered.

Link to post
Share on other sites

Hello, I was able to get the ESET Online Scanner to run, however I started it 9:30 last night and @ 7:15 this morning it was still running and indicated it was @ 92%. Almost an hour later it is stil at 92% and running and indicating 37 infected files.

Is it normal for ESET to run this long? Thanks.

Link to post
Share on other sites

It would seem to be stuck on one file. If you can see the list of files that it had detected (and what malware was detected), please go ahead and delete them manually if necessary and let me know, or if you can stop ESET and quarantine what it has detected to this point, you can go ahead and do that. It would be good to see the file that it is stuck on, if you can see that.

 

Then please go ahead and scan with Sophos Virus Removal Tool (the instructions are in the previous post), and post the log from that (and the log from ESET if you can get that).

Link to post
Share on other sites

The number of files scanned is slowly incrementing. Also, it is scanning a backup drive which I believe is a TB about half full. I will let it drag on a bit and see what happens then follow your last post instructions. Thanks.

Link to post
Share on other sites

Stopped the scan at 3:50 as its been at 93 percent since early this morning. I could not find a way to quarantine the files.

Here is the Log:

 

 

C:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\safewx.exe.xBAD Win32/Farfli.ATK trojan
C:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Windows\safewx.exe.xBAD Win32/Farfli.ATK trojan
C:\Program Files (x86)\FoxTabMusicConverter\AudioConverter.exe a variant of Win32/InstallCore.A potentially unwanted application
C:\ProgramData\BPK\bpkconfigure.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\BPK\bpkwb.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\ProgramData\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Users\All Users\BPK\bpkconfigure.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\BPK\bpkwb.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\All Users\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Sharon\Desktop\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Windows\Installer\48270c.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\System32\air.exe Win32/Farfli.ATK trojan
C:\Windows\SysWOW64\air.exe Win32/Farfli.ATK trojan
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-06-02 213830\Backup files 17.zip a variant of Win32/Toolbar.Zugo potentially unwanted application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-10-30 092305\Backup files 1.zip JS/Redirector.NIQ trojan
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-16 180010\Backup files 1.zip JS/Redirector.NIQ trojan
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-21 180010\Backup files 2.zip JS/Redirector.NIQ trojan
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-23 185945\Backup files 1.zip multiple threats
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-01-06 183518\Backup files 1.zip JS/Agent.NKW trojan
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-24 181541\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-26 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-28 180011\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-30 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-31 180011\Backup files 2.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-01 180030\Backup files 21.zip a variant of Win32/Toolbar.Zugo potentially unwanted application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-01 180030\Backup files 24.zip multiple threats
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-19 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-21 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-23 180016\Backup files 2.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-25 180017\Backup files 3.zip Win32/OpenCandy potentially unsafe application
F:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-26 180014\Backup files 3.zip Win32/OpenCandy potentially unsafe application
Link to post
Share on other sites

We can delete those files, leaving the one you previously said you wanted to keep, but one of the ones detected should already have been removed, so we'll try a different way.

Please note the backup files on your F: drive that were detected as infected, If you no longer need those, I recommend you delete them. Some contained potentially unwanted programs, but some contained trojans.

 

We will use ComboFix, which I see you have previously run. It's not an application that should be run on your own, and it will need to be properly uninstalled when we are finished, along with other utilities we used to be sure to remove the quarantined files.

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**
 
Please post the log from ComboFix (C:\ComboFix.txt) in your next reply, and note any errors encountered.

Link to post
Share on other sites

Here's the ComboFix log....Thanks again for the help:

 

 

ComboFix 14-05-29.01 - Sharon 06/01/2014  19:54:55.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.3352 [GMT -4:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\sysiwp\sysiwp.exe
c:\users\Sharon\AppData\Roaming\svfiles.log
c:\windows\SysWow64\bidisp.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BeFrugal.com Service
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-02 to 2014-06-02  )))))))))))))))))))))))))))))))
.
.
2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp
2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-01 13:56 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE01932E-AD7E-43C6-9150-6548CE75E33A}\mpengine.dll
2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET
2014-05-31 20:23 . 2014-06-02 00:14 -------- d--h--w- c:\programdata\sysiwp
2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll
2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe
2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe
2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll
2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll
2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll
2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll
2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT
2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner
2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle
2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 01:21 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe
2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll
2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll
2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll
2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll
2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll
2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll
2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll
2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll
2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll
2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll
2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec
2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]
"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
netsvcr REG_MULTI_SZ   MedisCenter
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48]
.
2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job
- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09]
.
2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job
- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aquarionwater.com\www
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: com\swiftview
Trusted Zone: coupons.com\microsite
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: docmagic.com\www
Trusted Zone: elynx.com\gateway
Trusted Zone: elynx.com\stest.lane100
Trusted Zone: elynx.com\stest.lane200
Trusted Zone: elynx.net\aegis
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\ctest.lane100
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gateway
Trusted Zone: elynx.net\gateway.ctest
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\ssctest
Trusted Zone: elynx.net\stest
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: hsbc.com\mortgage-esign.us
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: sasrlink.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\gateway
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend.com\loandocs.ss3
Trusted Zone: swiftsend.com\www
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\products
Trusted Zone: swiftview.com\www
Trusted Zone: wamuloandocs.com\www
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-bpk - c:\programdata\BPK\bpk.exe
Wow6432Node-HKCU-Run-sysiwp - c:\programdata\sysiwp\sysiwp.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2014-06-01  21:25:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-02 01:25
ComboFix2.txt  2012-05-26 00:37
ComboFix3.txt  2012-05-25 11:02
ComboFix4.txt  2012-05-25 00:26
ComboFix5.txt  2014-06-01 23:53
.
Pre-Run: 440,709,865,472 bytes free
Post-Run: 440,796,131,328 bytes free
.
- - End Of File - - 900830E5900BE6C65D521F094DE018FF
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

We need to make sure you have the most recent version of ComboFix.

Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.
 

Killall::
File::

C:\Program Files (x86)\FoxTabMusicConverter\AudioConverter.exe

C:\Windows\Installer\48270c.msi

C:\Windows\System32\air.exe
C:\Windows\SysWOW64\air.exe

Folder::

C:\ProgramData\sysiwp
C:\Users\All Users\sysiwp

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

 

Link to post
Share on other sites

Latest Log....Thanks.

 

ComboFix 14-05-29.01 - Sharon 06/02/2014   6:47.2.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.3651 [GMT -4:00]
Running from: c:\users\Sharon\Desktop\ComboFix.exe
Command switches used :: c:\users\Sharon\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exe"
"c:\windows\Installer\48270c.msi"
"c:\windows\System32\air.exe"
"c:\windows\SysWOW64\air.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exe
c:\programdata\sysiwp
c:\programdata\sysiwp\bpk.dt
c:\programdata\sysiwp\dt\2014-05-31_16-28-51-24653009
c:\programdata\sysiwp\dt\2014-05-31_16-33-51-24952999
c:\programdata\sysiwp\dt\2014-05-31_16-38-51-25253005
c:\programdata\sysiwp\dt\2014-05-31_16-43-51-25553010
c:\programdata\sysiwp\dt\2014-05-31_16-48-51-25853031
c:\programdata\sysiwp\dt\2014-05-31_16-53-51-26153021
c:\programdata\sysiwp\dt\2014-05-31_16-58-51-26453042
c:\programdata\sysiwp\dt\2014-05-31_17-03-51-26753048
c:\programdata\sysiwp\dt\2014-05-31_17-08-51-27053053
c:\programdata\sysiwp\dt\2014-05-31_17-13-51-27353059
c:\programdata\sysiwp\dt\2014-05-31_17-18-51-27653064
c:\programdata\sysiwp\dt\2014-05-31_17-23-51-27953070
c:\programdata\sysiwp\dt\2014-05-31_17-28-51-28253060
c:\programdata\sysiwp\dt\2014-05-31_17-33-51-28553081
c:\programdata\sysiwp\dt\2014-05-31_17-38-51-28853071
c:\programdata\sysiwp\dt\2014-05-31_17-43-51-29153092
c:\programdata\sysiwp\dt\2014-05-31_17-48-51-29453082
c:\programdata\sysiwp\dt\2014-05-31_17-53-51-29753103
c:\programdata\sysiwp\dt\2014-05-31_17-58-51-30053093
c:\programdata\sysiwp\dt\2014-05-31_18-03-51-30353114
c:\programdata\sysiwp\dt\2014-05-31_18-08-51-30653104
c:\programdata\sysiwp\dt\2014-05-31_18-13-51-30953125
c:\programdata\sysiwp\dt\2014-05-31_18-18-51-31253115
c:\programdata\sysiwp\dt\2014-05-31_18-23-51-31553136
c:\programdata\sysiwp\dt\2014-05-31_18-28-51-31853126
c:\programdata\sysiwp\dt\2014-05-31_18-33-51-32153147
c:\programdata\sysiwp\dt\2014-05-31_18-38-51-32453153
c:\programdata\sysiwp\dt\2014-05-31_18-43-51-32753158
c:\programdata\sysiwp\dt\2014-05-31_18-48-51-33053164
c:\programdata\sysiwp\dt\2014-05-31_18-53-51-33353169
c:\programdata\sysiwp\dt\2014-05-31_18-58-51-33653175
c:\programdata\sysiwp\dt\2014-05-31_19-03-51-33953165
c:\programdata\sysiwp\dt\2014-05-31_19-08-51-34253186
c:\programdata\sysiwp\dt\2014-05-31_19-13-51-34553176
c:\programdata\sysiwp\dt\2014-05-31_19-18-51-34853197
c:\programdata\sysiwp\dt\2014-05-31_19-23-51-35153202
c:\programdata\sysiwp\dt\2014-05-31_19-28-51-35453192
c:\programdata\sysiwp\dt\2014-05-31_19-33-51-35753198
c:\programdata\sysiwp\dt\2014-05-31_19-38-51-36053203
c:\programdata\sysiwp\dt\2014-05-31_19-43-51-36353209
c:\programdata\sysiwp\dt\2014-05-31_19-48-51-36653214
c:\programdata\sysiwp\dt\2014-05-31_19-53-51-36953236
c:\programdata\sysiwp\dt\2014-05-31_19-58-51-37253241
c:\programdata\sysiwp\dt\2014-05-31_20-03-51-37553231
c:\programdata\sysiwp\dt\2014-05-31_20-08-51-37853237
c:\programdata\sysiwp\dt\2014-05-31_20-13-51-38153242
c:\programdata\sysiwp\dt\2014-05-31_20-18-51-38453248
c:\programdata\sysiwp\dt\2014-05-31_20-23-51-38753269
c:\programdata\sysiwp\dt\2014-05-31_20-28-51-39053274
c:\programdata\sysiwp\dt\2014-05-31_20-33-51-39353280
c:\programdata\sysiwp\dt\2014-05-31_20-38-51-39653285
c:\programdata\sysiwp\dt\2014-05-31_20-43-51-39953275
c:\programdata\sysiwp\dt\2014-05-31_20-48-51-40253281
c:\programdata\sysiwp\dt\2014-05-31_20-53-51-40553302
c:\programdata\sysiwp\dt\2014-05-31_20-58-51-40853323
c:\programdata\sysiwp\dt\2014-05-31_21-03-51-41153313
c:\programdata\sysiwp\dt\2014-05-31_21-08-51-41453303
c:\programdata\sysiwp\dt\2014-05-31_21-13-51-41753308
c:\programdata\sysiwp\dt\2014-05-31_21-18-51-42053329
c:\programdata\sysiwp\dt\2014-05-31_21-23-51-42353319
c:\programdata\sysiwp\dt\2014-05-31_21-28-51-42653340
c:\programdata\sysiwp\dt\2014-05-31_21-33-51-42953330
c:\programdata\sysiwp\dt\2014-05-31_21-38-51-43253352
c:\programdata\sysiwp\dt\2014-05-31_21-43-51-43553357
c:\programdata\sysiwp\dt\2014-05-31_21-48-51-43853363
c:\programdata\sysiwp\dt\2014-05-31_21-53-51-44153368
c:\programdata\sysiwp\dt\2014-05-31_21-58-51-44453374
c:\programdata\sysiwp\dt\2014-05-31_22-03-51-44753379
c:\programdata\sysiwp\dt\2014-05-31_22-08-51-45053385
c:\programdata\sysiwp\dt\2014-05-31_22-13-51-45353390
c:\programdata\sysiwp\dt\2014-05-31_22-18-51-45653380
c:\programdata\sysiwp\dt\2014-05-31_22-23-51-45953401
c:\programdata\sysiwp\dt\2014-05-31_22-28-51-46253391
c:\programdata\sysiwp\dt\2014-05-31_22-33-51-46553412
c:\programdata\sysiwp\dt\2014-05-31_22-38-51-46853402
c:\programdata\sysiwp\dt\2014-05-31_22-43-51-47153408
c:\programdata\sysiwp\dt\2014-05-31_22-48-51-47453413
c:\programdata\sysiwp\dt\2014-05-31_22-53-51-47753434
c:\programdata\sysiwp\dt\2014-05-31_22-58-51-48053440
c:\programdata\sysiwp\dt\2014-05-31_23-03-51-48353445
c:\programdata\sysiwp\dt\2014-05-31_23-08-51-48653451
c:\programdata\sysiwp\dt\2014-05-31_23-13-51-48953441
c:\programdata\sysiwp\dt\2014-05-31_23-18-51-49253462
c:\programdata\sysiwp\dt\2014-05-31_23-23-51-49553452
c:\programdata\sysiwp\dt\2014-05-31_23-28-51-49853473
c:\programdata\sysiwp\dt\2014-05-31_23-33-50-50153463
c:\programdata\sysiwp\dt\2014-05-31_23-38-50-50453484
c:\programdata\sysiwp\dt\2014-05-31_23-43-50-50753490
c:\programdata\sysiwp\dt\2014-05-31_23-48-50-51053495
c:\programdata\sysiwp\dt\2014-05-31_23-53-50-51353485
c:\programdata\sysiwp\dt\2014-05-31_23-58-50-51653506
c:\programdata\sysiwp\dt\2014-06-01_00-03-50-51953512
c:\programdata\sysiwp\dt\2014-06-01_00-08-50-52253517
c:\programdata\sysiwp\dt\2014-06-01_00-13-50-52553523
c:\programdata\sysiwp\dt\2014-06-01_00-18-50-52853528
c:\programdata\sysiwp\dt\2014-06-01_00-23-50-53153534
c:\programdata\sysiwp\dt\2014-06-01_00-28-50-53453539
c:\programdata\sysiwp\dt\2014-06-01_00-33-50-53753545
c:\programdata\sysiwp\dt\2014-06-01_00-38-50-54053535
c:\programdata\sysiwp\dt\2014-06-01_00-43-50-54353556
c:\programdata\sysiwp\dt\2014-06-01_00-48-50-54653561
c:\programdata\sysiwp\dt\2014-06-01_00-53-50-54953567
c:\programdata\sysiwp\dt\2014-06-01_00-58-50-55253572
c:\programdata\sysiwp\dt\2014-06-01_01-03-50-55553578
c:\programdata\sysiwp\dt\2014-06-01_01-08-50-55853568
c:\programdata\sysiwp\dt\2014-06-01_01-13-50-56153589
c:\programdata\sysiwp\dt\2014-06-01_01-18-50-56453595
c:\programdata\sysiwp\dt\2014-06-01_01-23-50-56753600
c:\programdata\sysiwp\dt\2014-06-01_01-28-50-57053606
c:\programdata\sysiwp\dt\2014-06-01_01-33-50-57353595
c:\programdata\sysiwp\dt\2014-06-01_01-38-50-57653617
c:\programdata\sysiwp\dt\2014-06-01_01-43-50-57953607
c:\programdata\sysiwp\dt\2014-06-01_01-48-50-58253628
c:\programdata\sysiwp\dt\2014-06-01_01-53-50-58553633
c:\programdata\sysiwp\dt\2014-06-01_01-58-50-58853639
c:\programdata\sysiwp\dt\2014-06-01_02-03-50-59153629
c:\programdata\sysiwp\dt\2014-06-01_02-08-50-59453650
c:\programdata\sysiwp\dt\2014-06-01_02-13-50-59753671
c:\programdata\sysiwp\dt\2014-06-01_02-18-50-60053645
c:\programdata\sysiwp\dt\2014-06-01_02-23-50-60353666
c:\programdata\sysiwp\dt\2014-06-01_02-28-50-60653672
c:\programdata\sysiwp\dt\2014-06-01_02-33-50-60953693
c:\programdata\sysiwp\dt\2014-06-01_02-38-50-61253683
c:\programdata\sysiwp\dt\2014-06-01_02-43-50-61553704
c:\programdata\sysiwp\dt\2014-06-01_02-48-50-61853694
c:\programdata\sysiwp\dt\2014-06-01_02-53-50-62153699
c:\programdata\sysiwp\dt\2014-06-01_02-58-50-62453721
c:\programdata\sysiwp\dt\2014-06-01_03-03-50-62753710
c:\programdata\sysiwp\dt\2014-06-01_03-08-50-63053716
c:\programdata\sysiwp\dt\2014-06-01_03-13-50-63353722
c:\programdata\sysiwp\dt\2014-06-01_03-18-50-63653758
c:\programdata\sysiwp\dt\2014-06-01_03-23-50-63953748
c:\programdata\sysiwp\dt\2014-06-01_03-28-50-64253738
c:\programdata\sysiwp\dt\2014-06-01_03-33-50-64553744
c:\programdata\sysiwp\dt\2014-06-01_03-38-50-64853749
c:\programdata\sysiwp\dt\2014-06-01_03-43-50-65153739
c:\programdata\sysiwp\dt\2014-06-01_03-48-50-65453760
c:\programdata\sysiwp\dt\2014-06-01_03-53-50-65753781
c:\programdata\sysiwp\dt\2014-06-01_03-58-50-66053771
c:\programdata\sysiwp\dt\2014-06-01_04-03-50-66353792
c:\programdata\sysiwp\dt\2014-06-01_04-08-50-66653782
c:\programdata\sysiwp\dt\2014-06-01_04-13-50-66953788
c:\programdata\sysiwp\dt\2014-06-01_04-18-50-67253825
c:\programdata\sysiwp\dt\2014-06-01_04-23-50-67553799
c:\programdata\sysiwp\dt\2014-06-01_04-28-50-67853789
c:\programdata\sysiwp\dt\2014-06-01_04-33-50-68153825
c:\programdata\sysiwp\dt\2014-06-01_04-38-50-68453815
c:\programdata\sysiwp\dt\2014-06-01_04-43-50-68753837
c:\programdata\sysiwp\dt\2014-06-01_04-48-50-69053826
c:\programdata\sysiwp\dt\2014-06-01_04-53-50-69353832
c:\programdata\sysiwp\dt\2014-06-01_04-58-50-69653853
c:\programdata\sysiwp\dt\2014-06-01_05-03-50-69953874
c:\programdata\sysiwp\dt\2014-06-01_05-08-50-70253880
c:\programdata\sysiwp\dt\2014-06-01_05-13-50-70553870
c:\programdata\sysiwp\dt\2014-06-01_05-18-50-70853860
c:\programdata\sysiwp\dt\2014-06-01_05-23-50-71153865
c:\programdata\sysiwp\dt\2014-06-01_05-28-50-71453902
c:\programdata\sysiwp\dt\2014-06-01_05-33-50-71753876
c:\programdata\sysiwp\dt\2014-06-01_05-38-50-72053882
c:\programdata\sysiwp\dt\2014-06-01_05-43-50-72353887
c:\programdata\sysiwp\dt\2014-06-01_05-48-50-72653893
c:\programdata\sysiwp\dt\2014-06-01_05-53-50-72953883
c:\programdata\sysiwp\dt\2014-06-01_05-58-50-73253919
c:\programdata\sysiwp\dt\2014-06-01_06-03-50-73553909
c:\programdata\sysiwp\dt\2014-06-01_06-08-50-73853915
c:\programdata\sysiwp\dt\2014-06-01_06-13-50-74153936
c:\programdata\sysiwp\dt\2014-06-01_06-18-50-74453941
c:\programdata\sysiwp\dt\2014-06-01_06-23-50-74753931
c:\programdata\sysiwp\dt\2014-06-01_06-28-50-75053937
c:\programdata\sysiwp\dt\2014-06-01_06-33-50-75353942
c:\programdata\sysiwp\dt\2014-06-01_06-38-50-75653932
c:\programdata\sysiwp\dt\2014-06-01_06-43-50-75953969
c:\programdata\sysiwp\dt\2014-06-01_06-48-49-76253959
c:\programdata\sysiwp\dt\2014-06-01_06-53-49-76553965
c:\programdata\sysiwp\dt\2014-06-01_06-58-49-76853986
c:\programdata\sysiwp\dt\2014-06-01_07-03-49-77153960
c:\programdata\sysiwp\dt\2014-06-01_07-08-49-77453981
c:\programdata\sysiwp\dt\2014-06-01_07-13-49-77753971
c:\programdata\sysiwp\dt\2014-06-01_07-18-49-78053992
c:\programdata\sysiwp\dt\2014-06-01_07-23-49-78353982
c:\programdata\sysiwp\dt\2014-06-01_07-28-49-78654003
c:\programdata\sysiwp\dt\2014-06-01_07-33-49-78954009
c:\programdata\sysiwp\dt\2014-06-01_07-38-49-79253999
c:\programdata\sysiwp\dt\2014-06-01_07-43-49-79554020
c:\programdata\sysiwp\dt\2014-06-01_07-48-49-79854025
c:\programdata\sysiwp\dt\2014-06-01_07-53-49-80154031
c:\programdata\sysiwp\dt\2014-06-01_07-58-49-80454021
c:\programdata\sysiwp\dt\2014-06-01_08-03-49-80754042
c:\programdata\sysiwp\dt\2014-06-01_08-08-49-81054032
c:\programdata\sysiwp\dt\2014-06-01_08-13-49-81354053
c:\programdata\sysiwp\dt\2014-06-01_08-18-49-81654058
c:\programdata\sysiwp\dt\2014-06-01_08-23-49-81954064
c:\programdata\sysiwp\dt\2014-06-01_08-28-49-82254069
c:\programdata\sysiwp\dt\2014-06-01_08-33-49-82554075
c:\programdata\sysiwp\dt\2014-06-01_08-38-49-82854081
c:\programdata\sysiwp\dt\2014-06-01_08-43-49-83154086
c:\programdata\sysiwp\dt\2014-06-01_08-48-49-83454092
c:\programdata\sysiwp\dt\2014-06-01_08-53-49-83754081
c:\programdata\sysiwp\dt\2014-06-01_08-58-49-84054103
c:\programdata\sysiwp\dt\2014-06-01_09-03-49-84354093
c:\programdata\sysiwp\dt\2014-06-01_09-08-49-84654114
c:\programdata\sysiwp\dt\2014-06-01_09-13-49-84954119
c:\programdata\sysiwp\dt\2014-06-01_09-18-49-85254125
c:\programdata\sysiwp\dt\2014-06-01_09-23-49-85554130
c:\programdata\sysiwp\dt\2014-06-01_09-28-49-85854120
c:\programdata\sysiwp\dt\2014-06-01_09-33-49-86154141
c:\programdata\sysiwp\dt\2014-06-01_09-38-49-86454131
c:\programdata\sysiwp\dt\2014-06-01_09-43-49-86754152
c:\programdata\sysiwp\dt\2014-06-01_09-48-49-87054158
c:\programdata\sysiwp\dt\2014-06-01_09-53-49-87354163
c:\programdata\sysiwp\dt\2014-06-01_09-58-49-87654169
c:\programdata\sysiwp\dt\2014-06-01_10-03-49-87954174
c:\programdata\sysiwp\dt\2014-06-01_10-08-49-88254180
c:\programdata\sysiwp\dt\2014-06-01_10-13-49-88554185
c:\programdata\sysiwp\dt\2014-06-01_10-18-49-88854207
c:\programdata\sysiwp\dt\2014-06-01_10-23-49-89154181
c:\programdata\sysiwp\dt\2014-06-01_10-28-49-89454202
c:\programdata\sysiwp\dt\2014-06-01_10-33-49-89754208
c:\programdata\sysiwp\dt\2014-06-01_10-42-34-90279166
c:\programdata\sysiwp\dt\2014-06-01_10-47-34-90579172
c:\programdata\sysiwp\dt\2014-06-01_10-52-34-90879162
c:\programdata\sysiwp\dt\2014-06-01_10-57-34-91179183
c:\programdata\sysiwp\dt\2014-06-01_11-02-34-91479173
c:\programdata\sysiwp\dt\2014-06-01_11-07-34-91779194
c:\programdata\sysiwp\dt\2014-06-01_11-12-34-92079184
c:\programdata\sysiwp\dt\2014-06-01_11-17-34-92379205
c:\programdata\sysiwp\dt\2014-06-01_11-22-34-92679226
c:\programdata\sysiwp\dt\2014-06-01_11-27-34-92979216
c:\programdata\sysiwp\dt\2014-06-01_11-32-34-93279222
c:\programdata\sysiwp\dt\2014-06-01_11-37-34-93579227
c:\programdata\sysiwp\dt\2014-06-01_11-42-34-93879233
c:\programdata\sysiwp\dt\2014-06-01_11-47-34-94179238
c:\programdata\sysiwp\dt\2014-06-01_11-52-34-94479244
c:\programdata\sysiwp\dt\2014-06-01_11-57-34-94779234
c:\programdata\sysiwp\dt\2014-06-01_12-02-34-95079255
c:\programdata\sysiwp\dt\2014-06-01_12-07-34-95379245
c:\programdata\sysiwp\dt\2014-06-01_12-12-34-95679266
c:\programdata\sysiwp\dt\2014-06-01_12-17-34-95979256
c:\programdata\sysiwp\dt\2014-06-01_12-22-34-96279277
c:\programdata\sysiwp\dt\2014-06-01_12-27-34-96579267
c:\programdata\sysiwp\dt\2014-06-01_12-32-34-96879288
c:\programdata\sysiwp\dt\2014-06-01_12-37-34-97179294
c:\programdata\sysiwp\dt\2014-06-01_12-42-34-97479283
c:\programdata\sysiwp\dt\2014-06-01_12-47-34-97779305
c:\programdata\sysiwp\dt\2014-06-01_12-52-34-98079294
c:\programdata\sysiwp\dt\2014-06-01_12-57-34-98379316
c:\programdata\sysiwp\dt\2014-06-01_13-02-34-98679306
c:\programdata\sysiwp\dt\2014-06-01_13-07-34-98979327
c:\programdata\sysiwp\dt\2014-06-01_13-12-34-99279332
c:\programdata\sysiwp\dt\2014-06-01_13-17-34-99579338
c:\programdata\sysiwp\dt\2014-06-01_13-22-34-99879359
c:\programdata\sysiwp\dt\2014-06-01_13-27-34-100179349
c:\programdata\sysiwp\dt\2014-06-01_13-32-34-100479354
c:\programdata\sysiwp\dt\2014-06-01_13-37-34-100779360
c:\programdata\sysiwp\dt\2014-06-01_13-42-33-101079365
c:\programdata\sysiwp\dt\2014-06-01_13-47-33-101379355
c:\programdata\sysiwp\dt\2014-06-01_13-52-33-101679376
c:\programdata\sysiwp\dt\2014-06-01_13-57-33-101979397
c:\programdata\sysiwp\dt\2014-06-01_14-02-33-102279387
c:\programdata\sysiwp\dt\2014-06-01_14-07-33-102579377
c:\programdata\sysiwp\dt\2014-06-01_14-12-33-102879383
c:\programdata\sysiwp\dt\2014-06-01_14-17-33-103179404
c:\programdata\sysiwp\dt\2014-06-01_14-22-33-103479394
c:\programdata\sysiwp\dt\2014-06-01_14-27-33-103779399
c:\programdata\sysiwp\dt\2014-06-01_14-32-33-104079405
c:\programdata\sysiwp\dt\2014-06-01_14-37-33-104379426
c:\programdata\sysiwp\dt\2014-06-01_14-42-33-104679432
c:\programdata\sysiwp\dt\2014-06-01_14-47-33-104979437
c:\programdata\sysiwp\dt\2014-06-01_14-52-33-105279427
c:\programdata\sysiwp\dt\2014-06-01_14-57-33-105579433
c:\programdata\sysiwp\dt\2014-06-01_15-02-33-105879454
c:\programdata\sysiwp\dt\2014-06-01_15-07-33-106179459
c:\programdata\sysiwp\dt\2014-06-01_15-12-33-106479465
c:\programdata\sysiwp\dt\2014-06-01_15-17-33-106779455
c:\programdata\sysiwp\dt\2014-06-01_15-22-33-107079476
c:\programdata\sysiwp\dt\2014-06-01_15-27-33-107379481
c:\programdata\sysiwp\dt\2014-06-01_15-32-33-107679487
c:\programdata\sysiwp\dt\2014-06-01_15-37-33-107979492
c:\programdata\sysiwp\dt\2014-06-01_15-42-33-108279498
c:\programdata\sysiwp\dt\2014-06-01_15-47-33-108579503
c:\programdata\sysiwp\dt\2014-06-01_15-52-33-108879509
c:\programdata\sysiwp\dt\2014-06-01_15-57-33-109179499
c:\programdata\sysiwp\dt\2014-06-01_16-02-33-109479504
c:\programdata\sysiwp\dt\2014-06-01_16-07-33-109779525
c:\programdata\sysiwp\dt\2014-06-01_16-12-33-110079531
c:\programdata\sysiwp\dt\2014-06-01_16-17-33-110379537
c:\programdata\sysiwp\dt\2014-06-01_16-22-33-110679526
c:\programdata\sysiwp\dt\2014-06-01_16-27-33-110979548
c:\programdata\sysiwp\dt\2014-06-01_16-32-33-111279537
c:\programdata\sysiwp\dt\2014-06-01_16-37-33-111579559
c:\programdata\sysiwp\dt\2014-06-01_16-42-33-111879564
c:\programdata\sysiwp\dt\2014-06-01_16-47-33-112179570
c:\programdata\sysiwp\dt\2014-06-01_16-52-33-112479560
c:\programdata\sysiwp\dt\2014-06-01_16-57-33-112779565
c:\programdata\sysiwp\dt\2014-06-01_17-02-33-113079571
c:\programdata\sysiwp\dt\2014-06-01_17-07-33-113379576
c:\programdata\sysiwp\dt\2014-06-01_17-12-33-113679597
c:\programdata\sysiwp\dt\2014-06-01_17-17-33-113979587
c:\programdata\sysiwp\dt\2014-06-01_17-22-33-114279593
c:\programdata\sysiwp\dt\2014-06-01_17-27-33-114579598
c:\programdata\sysiwp\dt\2014-06-01_17-32-33-114879619
c:\programdata\sysiwp\dt\2014-06-01_17-37-33-115179609
c:\programdata\sysiwp\dt\2014-06-01_17-42-33-115479630
c:\programdata\sysiwp\dt\2014-06-01_17-47-33-115779620
c:\programdata\sysiwp\dt\2014-06-01_17-52-33-116079641
c:\programdata\sysiwp\dt\2014-06-01_17-57-33-116379647
c:\programdata\sysiwp\dt\2014-06-01_18-02-33-116679652
c:\programdata\sysiwp\dt\2014-06-01_18-07-33-116979658
c:\programdata\sysiwp\dt\2014-06-01_18-12-33-117279664
c:\programdata\sysiwp\dt\2014-06-01_18-17-33-117579653
c:\programdata\sysiwp\dt\2014-06-01_18-22-33-117879659
c:\programdata\sysiwp\dt\2014-06-01_18-27-33-118179680
c:\programdata\sysiwp\dt\2014-06-01_18-32-33-118479670
c:\programdata\sysiwp\dt\2014-06-01_18-37-33-118779691
c:\programdata\sysiwp\dt\2014-06-01_18-42-33-119079681
c:\programdata\sysiwp\dt\2014-06-01_18-47-33-119379702
c:\programdata\sysiwp\dt\2014-06-01_18-52-33-119679708
c:\programdata\sysiwp\dt\2014-06-01_18-57-33-119979713
c:\programdata\sysiwp\dt\2014-06-01_19-02-33-120279703
c:\programdata\sysiwp\dt\2014-06-01_19-07-33-120579724
c:\programdata\sysiwp\dt\2014-06-01_19-12-33-120879730
c:\programdata\sysiwp\dt\2014-06-01_19-17-33-121179720
c:\programdata\sysiwp\dt\2014-06-01_19-22-33-121479725
c:\programdata\sysiwp\dt\2014-06-01_19-27-33-121779731
c:\programdata\sysiwp\dt\2014-06-01_19-32-33-122079736
c:\programdata\sysiwp\dt\2014-06-01_19-37-33-122379742
c:\programdata\sysiwp\dt\2014-06-01_19-42-33-122679747
c:\programdata\sysiwp\dt\2014-06-01_19-47-33-122979768
c:\programdata\sysiwp\dt\2014-06-01_19-52-33-123279774
c:\programdata\sysiwp\help.chm
c:\programdata\sysiwp\install.bin
c:\programdata\sysiwp\install.log
c:\programdata\sysiwp\pkl.bin
c:\programdata\sysiwp\sysiwpconfigure.exe
c:\programdata\sysiwp\sysiwphk.dll
c:\programdata\sysiwp\sysiwpi.dll
c:\programdata\sysiwp\sysiwpr.exe
c:\programdata\sysiwp\sysiwpvw.exe
c:\programdata\sysiwp\sysiwpwb.dll
c:\programdata\sysiwp\web.dt
c:\users\All Users\sysiwp\bpk.dt
c:\users\All Users\sysiwp\dt\2014-05-31_16-28-51-24653009
c:\users\All Users\sysiwp\dt\2014-05-31_16-33-51-24952999
c:\users\All Users\sysiwp\dt\2014-05-31_16-38-51-25253005
c:\users\All Users\sysiwp\dt\2014-05-31_16-43-51-25553010
c:\users\All Users\sysiwp\dt\2014-05-31_16-48-51-25853031
c:\users\All Users\sysiwp\dt\2014-05-31_16-53-51-26153021
c:\users\All Users\sysiwp\dt\2014-05-31_16-58-51-26453042
c:\users\All Users\sysiwp\dt\2014-05-31_17-03-51-26753048
c:\users\All Users\sysiwp\dt\2014-05-31_17-08-51-27053053
c:\users\All Users\sysiwp\dt\2014-05-31_17-13-51-27353059
c:\users\All Users\sysiwp\dt\2014-05-31_17-18-51-27653064
c:\users\All Users\sysiwp\dt\2014-05-31_17-23-51-27953070
c:\users\All Users\sysiwp\dt\2014-05-31_17-28-51-28253060
c:\users\All Users\sysiwp\dt\2014-05-31_17-33-51-28553081
c:\users\All Users\sysiwp\dt\2014-05-31_17-38-51-28853071
c:\users\All Users\sysiwp\dt\2014-05-31_17-43-51-29153092
c:\users\All Users\sysiwp\dt\2014-05-31_17-48-51-29453082
c:\users\All Users\sysiwp\dt\2014-05-31_17-53-51-29753103
c:\users\All Users\sysiwp\dt\2014-05-31_17-58-51-30053093
c:\users\All Users\sysiwp\dt\2014-05-31_18-03-51-30353114
c:\users\All Users\sysiwp\dt\2014-05-31_18-08-51-30653104
c:\users\All Users\sysiwp\dt\2014-05-31_18-13-51-30953125
c:\users\All Users\sysiwp\dt\2014-05-31_18-18-51-31253115
c:\users\All Users\sysiwp\dt\2014-05-31_18-23-51-31553136
c:\users\All Users\sysiwp\dt\2014-05-31_18-28-51-31853126
c:\users\All Users\sysiwp\dt\2014-05-31_18-33-51-32153147
c:\users\All Users\sysiwp\dt\2014-05-31_18-38-51-32453153
c:\users\All Users\sysiwp\dt\2014-05-31_18-43-51-32753158
c:\users\All Users\sysiwp\dt\2014-05-31_18-48-51-33053164
c:\users\All Users\sysiwp\dt\2014-05-31_18-53-51-33353169
c:\users\All Users\sysiwp\dt\2014-05-31_18-58-51-33653175
c:\users\All Users\sysiwp\dt\2014-05-31_19-03-51-33953165
c:\users\All Users\sysiwp\dt\2014-05-31_19-08-51-34253186
c:\users\All Users\sysiwp\dt\2014-05-31_19-13-51-34553176
c:\users\All Users\sysiwp\dt\2014-05-31_19-18-51-34853197
c:\users\All Users\sysiwp\dt\2014-05-31_19-23-51-35153202
c:\users\All Users\sysiwp\dt\2014-05-31_19-28-51-35453192
c:\users\All Users\sysiwp\dt\2014-05-31_19-33-51-35753198
c:\users\All Users\sysiwp\dt\2014-05-31_19-38-51-36053203
c:\users\All Users\sysiwp\dt\2014-05-31_19-43-51-36353209
c:\users\All Users\sysiwp\dt\2014-05-31_19-48-51-36653214
c:\users\All Users\sysiwp\dt\2014-05-31_19-53-51-36953236
c:\users\All Users\sysiwp\dt\2014-05-31_19-58-51-37253241
c:\users\All Users\sysiwp\dt\2014-05-31_20-03-51-37553231
c:\users\All Users\sysiwp\dt\2014-05-31_20-08-51-37853237
c:\users\All Users\sysiwp\dt\2014-05-31_20-13-51-38153242
c:\users\All Users\sysiwp\dt\2014-05-31_20-18-51-38453248
c:\users\All Users\sysiwp\dt\2014-05-31_20-23-51-38753269
c:\users\All Users\sysiwp\dt\2014-05-31_20-28-51-39053274
c:\users\All Users\sysiwp\dt\2014-05-31_20-33-51-39353280
c:\users\All Users\sysiwp\dt\2014-05-31_20-38-51-39653285
c:\users\All Users\sysiwp\dt\2014-05-31_20-43-51-39953275
c:\users\All Users\sysiwp\dt\2014-05-31_20-48-51-40253281
c:\users\All Users\sysiwp\dt\2014-05-31_20-53-51-40553302
c:\users\All Users\sysiwp\dt\2014-05-31_20-58-51-40853323
c:\users\All Users\sysiwp\dt\2014-05-31_21-03-51-41153313
c:\users\All Users\sysiwp\dt\2014-05-31_21-08-51-41453303
c:\users\All Users\sysiwp\dt\2014-05-31_21-13-51-41753308
c:\users\All Users\sysiwp\dt\2014-05-31_21-18-51-42053329
c:\users\All Users\sysiwp\dt\2014-05-31_21-23-51-42353319
c:\users\All Users\sysiwp\dt\2014-05-31_21-28-51-42653340
c:\users\All Users\sysiwp\dt\2014-05-31_21-33-51-42953330
c:\users\All Users\sysiwp\dt\2014-05-31_21-38-51-43253352
c:\users\All Users\sysiwp\dt\2014-05-31_21-43-51-43553357
c:\users\All Users\sysiwp\dt\2014-05-31_21-48-51-43853363
c:\users\All Users\sysiwp\dt\2014-05-31_21-53-51-44153368
c:\users\All Users\sysiwp\dt\2014-05-31_21-58-51-44453374
c:\users\All Users\sysiwp\dt\2014-05-31_22-03-51-44753379
c:\users\All Users\sysiwp\dt\2014-05-31_22-08-51-45053385
c:\users\All Users\sysiwp\dt\2014-05-31_22-13-51-45353390
c:\users\All Users\sysiwp\dt\2014-05-31_22-18-51-45653380
c:\users\All Users\sysiwp\dt\2014-05-31_22-23-51-45953401
c:\users\All Users\sysiwp\dt\2014-05-31_22-28-51-46253391
c:\users\All Users\sysiwp\dt\2014-05-31_22-33-51-46553412
c:\users\All Users\sysiwp\dt\2014-05-31_22-38-51-46853402
c:\users\All Users\sysiwp\dt\2014-05-31_22-43-51-47153408
c:\users\All Users\sysiwp\dt\2014-05-31_22-48-51-47453413
c:\users\All Users\sysiwp\dt\2014-05-31_22-53-51-47753434
c:\users\All Users\sysiwp\dt\2014-05-31_22-58-51-48053440
c:\users\All Users\sysiwp\dt\2014-05-31_23-03-51-48353445
c:\users\All Users\sysiwp\dt\2014-05-31_23-08-51-48653451
c:\users\All Users\sysiwp\dt\2014-05-31_23-13-51-48953441
c:\users\All Users\sysiwp\dt\2014-05-31_23-18-51-49253462
c:\users\All Users\sysiwp\dt\2014-05-31_23-23-51-49553452
c:\users\All Users\sysiwp\dt\2014-05-31_23-28-51-49853473
c:\users\All Users\sysiwp\dt\2014-05-31_23-33-50-50153463
c:\users\All Users\sysiwp\dt\2014-05-31_23-38-50-50453484
c:\users\All Users\sysiwp\dt\2014-05-31_23-43-50-50753490
c:\users\All Users\sysiwp\dt\2014-05-31_23-48-50-51053495
c:\users\All Users\sysiwp\dt\2014-05-31_23-53-50-51353485
c:\users\All Users\sysiwp\dt\2014-05-31_23-58-50-51653506
c:\users\All Users\sysiwp\dt\2014-06-01_00-03-50-51953512
c:\users\All Users\sysiwp\dt\2014-06-01_00-08-50-52253517
c:\users\All Users\sysiwp\dt\2014-06-01_00-13-50-52553523
c:\users\All Users\sysiwp\dt\2014-06-01_00-18-50-52853528
c:\users\All Users\sysiwp\dt\2014-06-01_00-23-50-53153534
c:\users\All Users\sysiwp\dt\2014-06-01_00-28-50-53453539
c:\users\All Users\sysiwp\dt\2014-06-01_00-33-50-53753545
c:\users\All Users\sysiwp\dt\2014-06-01_00-38-50-54053535
c:\users\All Users\sysiwp\dt\2014-06-01_00-43-50-54353556
c:\users\All Users\sysiwp\dt\2014-06-01_00-48-50-54653561
c:\users\All Users\sysiwp\dt\2014-06-01_00-53-50-54953567
c:\users\All Users\sysiwp\dt\2014-06-01_00-58-50-55253572
c:\users\All Users\sysiwp\dt\2014-06-01_01-03-50-55553578
c:\users\All Users\sysiwp\dt\2014-06-01_01-08-50-55853568
c:\users\All Users\sysiwp\dt\2014-06-01_01-13-50-56153589
c:\users\All Users\sysiwp\dt\2014-06-01_01-18-50-56453595
c:\users\All Users\sysiwp\dt\2014-06-01_01-23-50-56753600
c:\users\All Users\sysiwp\dt\2014-06-01_01-28-50-57053606
c:\users\All Users\sysiwp\dt\2014-06-01_01-33-50-57353595
c:\users\All Users\sysiwp\dt\2014-06-01_01-38-50-57653617
c:\users\All Users\sysiwp\dt\2014-06-01_01-43-50-57953607
c:\users\All Users\sysiwp\dt\2014-06-01_01-48-50-58253628
c:\users\All Users\sysiwp\dt\2014-06-01_01-53-50-58553633
c:\users\All Users\sysiwp\dt\2014-06-01_01-58-50-58853639
c:\users\All Users\sysiwp\dt\2014-06-01_02-03-50-59153629
c:\users\All Users\sysiwp\dt\2014-06-01_02-08-50-59453650
c:\users\All Users\sysiwp\dt\2014-06-01_02-13-50-59753671
c:\users\All Users\sysiwp\dt\2014-06-01_02-18-50-60053645
c:\users\All Users\sysiwp\dt\2014-06-01_02-23-50-60353666
c:\users\All Users\sysiwp\dt\2014-06-01_02-28-50-60653672
c:\users\All Users\sysiwp\dt\2014-06-01_02-33-50-60953693
c:\users\All Users\sysiwp\dt\2014-06-01_02-38-50-61253683
c:\users\All Users\sysiwp\dt\2014-06-01_02-43-50-61553704
c:\users\All Users\sysiwp\dt\2014-06-01_02-48-50-61853694
c:\users\All Users\sysiwp\dt\2014-06-01_02-53-50-62153699
c:\users\All Users\sysiwp\dt\2014-06-01_02-58-50-62453721
c:\users\All Users\sysiwp\dt\2014-06-01_03-03-50-62753710
c:\users\All Users\sysiwp\dt\2014-06-01_03-08-50-63053716
c:\users\All Users\sysiwp\dt\2014-06-01_03-13-50-63353722
c:\users\All Users\sysiwp\dt\2014-06-01_03-18-50-63653758
c:\users\All Users\sysiwp\dt\2014-06-01_03-23-50-63953748
c:\users\All Users\sysiwp\dt\2014-06-01_03-28-50-64253738
c:\users\All Users\sysiwp\dt\2014-06-01_03-33-50-64553744
c:\users\All Users\sysiwp\dt\2014-06-01_03-38-50-64853749
c:\users\All Users\sysiwp\dt\2014-06-01_03-43-50-65153739
c:\users\All Users\sysiwp\dt\2014-06-01_03-48-50-65453760
c:\users\All Users\sysiwp\dt\2014-06-01_03-53-50-65753781
c:\users\All Users\sysiwp\dt\2014-06-01_03-58-50-66053771
c:\users\All Users\sysiwp\dt\2014-06-01_04-03-50-66353792
c:\users\All Users\sysiwp\dt\2014-06-01_04-08-50-66653782
c:\users\All Users\sysiwp\dt\2014-06-01_04-13-50-66953788
c:\users\All Users\sysiwp\dt\2014-06-01_04-18-50-67253825
c:\users\All Users\sysiwp\dt\2014-06-01_04-23-50-67553799
c:\users\All Users\sysiwp\dt\2014-06-01_04-28-50-67853789
c:\users\All Users\sysiwp\dt\2014-06-01_04-33-50-68153825
c:\users\All Users\sysiwp\dt\2014-06-01_04-38-50-68453815
c:\users\All Users\sysiwp\dt\2014-06-01_04-43-50-68753837
c:\users\All Users\sysiwp\dt\2014-06-01_04-48-50-69053826
c:\users\All Users\sysiwp\dt\2014-06-01_04-53-50-69353832
c:\users\All Users\sysiwp\dt\2014-06-01_04-58-50-69653853
c:\users\All Users\sysiwp\dt\2014-06-01_05-03-50-69953874
c:\users\All Users\sysiwp\dt\2014-06-01_05-08-50-70253880
c:\users\All Users\sysiwp\dt\2014-06-01_05-13-50-70553870
c:\users\All Users\sysiwp\dt\2014-06-01_05-18-50-70853860
c:\users\All Users\sysiwp\dt\2014-06-01_05-23-50-71153865
c:\users\All Users\sysiwp\dt\2014-06-01_05-28-50-71453902
c:\users\All Users\sysiwp\dt\2014-06-01_05-33-50-71753876
c:\users\All Users\sysiwp\dt\2014-06-01_05-38-50-72053882
c:\users\All Users\sysiwp\dt\2014-06-01_05-43-50-72353887
c:\users\All Users\sysiwp\dt\2014-06-01_05-48-50-72653893
c:\users\All Users\sysiwp\dt\2014-06-01_05-53-50-72953883
c:\users\All Users\sysiwp\dt\2014-06-01_05-58-50-73253919
c:\users\All Users\sysiwp\dt\2014-06-01_06-03-50-73553909
c:\users\All Users\sysiwp\dt\2014-06-01_06-08-50-73853915
c:\users\All Users\sysiwp\dt\2014-06-01_06-13-50-74153936
c:\users\All Users\sysiwp\dt\2014-06-01_06-18-50-74453941
c:\users\All Users\sysiwp\dt\2014-06-01_06-23-50-74753931
c:\users\All Users\sysiwp\dt\2014-06-01_06-28-50-75053937
c:\users\All Users\sysiwp\dt\2014-06-01_06-33-50-75353942
c:\users\All Users\sysiwp\dt\2014-06-01_06-38-50-75653932
c:\users\All Users\sysiwp\dt\2014-06-01_06-43-50-75953969
c:\users\All Users\sysiwp\dt\2014-06-01_06-48-49-76253959
c:\users\All Users\sysiwp\dt\2014-06-01_06-53-49-76553965
c:\users\All Users\sysiwp\dt\2014-06-01_06-58-49-76853986
c:\users\All Users\sysiwp\dt\2014-06-01_07-03-49-77153960
c:\users\All Users\sysiwp\dt\2014-06-01_07-08-49-77453981
c:\users\All Users\sysiwp\dt\2014-06-01_07-13-49-77753971
c:\users\All Users\sysiwp\dt\2014-06-01_07-18-49-78053992
c:\users\All Users\sysiwp\dt\2014-06-01_07-23-49-78353982
c:\users\All Users\sysiwp\dt\2014-06-01_07-28-49-78654003
c:\users\All Users\sysiwp\dt\2014-06-01_07-33-49-78954009
c:\users\All Users\sysiwp\dt\2014-06-01_07-38-49-79253999
c:\users\All Users\sysiwp\dt\2014-06-01_07-43-49-79554020
c:\users\All Users\sysiwp\dt\2014-06-01_07-48-49-79854025
c:\users\All Users\sysiwp\dt\2014-06-01_07-53-49-80154031
c:\users\All Users\sysiwp\dt\2014-06-01_07-58-49-80454021
c:\users\All Users\sysiwp\dt\2014-06-01_08-03-49-80754042
c:\users\All Users\sysiwp\dt\2014-06-01_08-08-49-81054032
c:\users\All Users\sysiwp\dt\2014-06-01_08-13-49-81354053
c:\users\All Users\sysiwp\dt\2014-06-01_08-18-49-81654058
c:\users\All Users\sysiwp\dt\2014-06-01_08-23-49-81954064
c:\users\All Users\sysiwp\dt\2014-06-01_08-28-49-82254069
c:\users\All Users\sysiwp\dt\2014-06-01_08-33-49-82554075
c:\users\All Users\sysiwp\dt\2014-06-01_08-38-49-82854081
c:\users\All Users\sysiwp\dt\2014-06-01_08-43-49-83154086
c:\users\All Users\sysiwp\dt\2014-06-01_08-48-49-83454092
c:\users\All Users\sysiwp\dt\2014-06-01_08-53-49-83754081
c:\users\All Users\sysiwp\dt\2014-06-01_08-58-49-84054103
c:\users\All Users\sysiwp\dt\2014-06-01_09-03-49-84354093
c:\users\All Users\sysiwp\dt\2014-06-01_09-08-49-84654114
c:\users\All Users\sysiwp\dt\2014-06-01_09-13-49-84954119
c:\users\All Users\sysiwp\dt\2014-06-01_09-18-49-85254125
c:\users\All Users\sysiwp\dt\2014-06-01_09-23-49-85554130
c:\users\All Users\sysiwp\dt\2014-06-01_09-28-49-85854120
c:\users\All Users\sysiwp\dt\2014-06-01_09-33-49-86154141
c:\users\All Users\sysiwp\dt\2014-06-01_09-38-49-86454131
c:\users\All Users\sysiwp\dt\2014-06-01_09-43-49-86754152
c:\users\All Users\sysiwp\dt\2014-06-01_09-48-49-87054158
c:\users\All Users\sysiwp\dt\2014-06-01_09-53-49-87354163
c:\users\All Users\sysiwp\dt\2014-06-01_09-58-49-87654169
c:\users\All Users\sysiwp\dt\2014-06-01_10-03-49-87954174
c:\users\All Users\sysiwp\dt\2014-06-01_10-08-49-88254180
c:\users\All Users\sysiwp\dt\2014-06-01_10-13-49-88554185
c:\users\All Users\sysiwp\dt\2014-06-01_10-18-49-88854207
c:\users\All Users\sysiwp\dt\2014-06-01_10-23-49-89154181
c:\users\All Users\sysiwp\dt\2014-06-01_10-28-49-89454202
c:\users\All Users\sysiwp\dt\2014-06-01_10-33-49-89754208
c:\users\All Users\sysiwp\dt\2014-06-01_10-42-34-90279166
c:\users\All Users\sysiwp\dt\2014-06-01_10-47-34-90579172
c:\users\All Users\sysiwp\dt\2014-06-01_10-52-34-90879162
c:\users\All Users\sysiwp\dt\2014-06-01_10-57-34-91179183
c:\users\All Users\sysiwp\dt\2014-06-01_11-02-34-91479173
c:\users\All Users\sysiwp\dt\2014-06-01_11-07-34-91779194
c:\users\All Users\sysiwp\dt\2014-06-01_11-12-34-92079184
c:\users\All Users\sysiwp\dt\2014-06-01_11-17-34-92379205
c:\users\All Users\sysiwp\dt\2014-06-01_11-22-34-92679226
c:\users\All Users\sysiwp\dt\2014-06-01_11-27-34-92979216
c:\users\All Users\sysiwp\dt\2014-06-01_11-32-34-93279222
c:\users\All Users\sysiwp\dt\2014-06-01_11-37-34-93579227
c:\users\All Users\sysiwp\dt\2014-06-01_11-42-34-93879233
c:\users\All Users\sysiwp\dt\2014-06-01_11-47-34-94179238
c:\users\All Users\sysiwp\dt\2014-06-01_11-52-34-94479244
c:\users\All Users\sysiwp\dt\2014-06-01_11-57-34-94779234
c:\users\All Users\sysiwp\dt\2014-06-01_12-02-34-95079255
c:\users\All Users\sysiwp\dt\2014-06-01_12-07-34-95379245
c:\users\All Users\sysiwp\dt\2014-06-01_12-12-34-95679266
c:\users\All Users\sysiwp\dt\2014-06-01_12-17-34-95979256
c:\users\All Users\sysiwp\dt\2014-06-01_12-22-34-96279277
c:\users\All Users\sysiwp\dt\2014-06-01_12-27-34-96579267
c:\users\All Users\sysiwp\dt\2014-06-01_12-32-34-96879288
c:\users\All Users\sysiwp\dt\2014-06-01_12-37-34-97179294
c:\users\All Users\sysiwp\dt\2014-06-01_12-42-34-97479283
c:\users\All Users\sysiwp\dt\2014-06-01_12-47-34-97779305
c:\users\All Users\sysiwp\dt\2014-06-01_12-52-34-98079294
c:\users\All Users\sysiwp\dt\2014-06-01_12-57-34-98379316
c:\users\All Users\sysiwp\dt\2014-06-01_13-02-34-98679306
c:\users\All Users\sysiwp\dt\2014-06-01_13-07-34-98979327
c:\users\All Users\sysiwp\dt\2014-06-01_13-12-34-99279332
c:\users\All Users\sysiwp\dt\2014-06-01_13-17-34-99579338
c:\users\All Users\sysiwp\dt\2014-06-01_13-22-34-99879359
c:\users\All Users\sysiwp\dt\2014-06-01_13-27-34-100179349
c:\users\All Users\sysiwp\dt\2014-06-01_13-32-34-100479354
c:\users\All Users\sysiwp\dt\2014-06-01_13-37-34-100779360
c:\users\All Users\sysiwp\dt\2014-06-01_13-42-33-101079365
c:\users\All Users\sysiwp\dt\2014-06-01_13-47-33-101379355
c:\users\All Users\sysiwp\dt\2014-06-01_13-52-33-101679376
c:\users\All Users\sysiwp\dt\2014-06-01_13-57-33-101979397
c:\users\All Users\sysiwp\dt\2014-06-01_14-02-33-102279387
c:\users\All Users\sysiwp\dt\2014-06-01_14-07-33-102579377
c:\users\All Users\sysiwp\dt\2014-06-01_14-12-33-102879383
c:\users\All Users\sysiwp\dt\2014-06-01_14-17-33-103179404
c:\users\All Users\sysiwp\dt\2014-06-01_14-22-33-103479394
c:\users\All Users\sysiwp\dt\2014-06-01_14-27-33-103779399
c:\users\All Users\sysiwp\dt\2014-06-01_14-32-33-104079405
c:\users\All Users\sysiwp\dt\2014-06-01_14-37-33-104379426
c:\users\All Users\sysiwp\dt\2014-06-01_14-42-33-104679432
c:\users\All Users\sysiwp\dt\2014-06-01_14-47-33-104979437
c:\users\All Users\sysiwp\dt\2014-06-01_14-52-33-105279427
c:\users\All Users\sysiwp\dt\2014-06-01_14-57-33-105579433
c:\users\All Users\sysiwp\dt\2014-06-01_15-02-33-105879454
c:\users\All Users\sysiwp\dt\2014-06-01_15-07-33-106179459
c:\users\All Users\sysiwp\dt\2014-06-01_15-12-33-106479465
c:\users\All Users\sysiwp\dt\2014-06-01_15-17-33-106779455
c:\users\All Users\sysiwp\dt\2014-06-01_15-22-33-107079476
c:\users\All Users\sysiwp\dt\2014-06-01_15-27-33-107379481
c:\users\All Users\sysiwp\dt\2014-06-01_15-32-33-107679487
c:\users\All Users\sysiwp\dt\2014-06-01_15-37-33-107979492
c:\users\All Users\sysiwp\dt\2014-06-01_15-42-33-108279498
c:\users\All Users\sysiwp\dt\2014-06-01_15-47-33-108579503
c:\users\All Users\sysiwp\dt\2014-06-01_15-52-33-108879509
c:\users\All Users\sysiwp\dt\2014-06-01_15-57-33-109179499
c:\users\All Users\sysiwp\dt\2014-06-01_16-02-33-109479504
c:\users\All Users\sysiwp\dt\2014-06-01_16-07-33-109779525
c:\users\All Users\sysiwp\dt\2014-06-01_16-12-33-110079531
c:\users\All Users\sysiwp\dt\2014-06-01_16-17-33-110379537
c:\users\All Users\sysiwp\dt\2014-06-01_16-22-33-110679526
c:\users\All Users\sysiwp\dt\2014-06-01_16-27-33-110979548
c:\users\All Users\sysiwp\dt\2014-06-01_16-32-33-111279537
c:\users\All Users\sysiwp\dt\2014-06-01_16-37-33-111579559
c:\users\All Users\sysiwp\dt\2014-06-01_16-42-33-111879564
c:\users\All Users\sysiwp\dt\2014-06-01_16-47-33-112179570
c:\users\All Users\sysiwp\dt\2014-06-01_16-52-33-112479560
c:\users\All Users\sysiwp\dt\2014-06-01_16-57-33-112779565
c:\users\All Users\sysiwp\dt\2014-06-01_17-02-33-113079571
c:\users\All Users\sysiwp\dt\2014-06-01_17-07-33-113379576
c:\users\All Users\sysiwp\dt\2014-06-01_17-12-33-113679597
c:\users\All Users\sysiwp\dt\2014-06-01_17-17-33-113979587
c:\users\All Users\sysiwp\dt\2014-06-01_17-22-33-114279593
c:\users\All Users\sysiwp\dt\2014-06-01_17-27-33-114579598
c:\users\All Users\sysiwp\dt\2014-06-01_17-32-33-114879619
c:\users\All Users\sysiwp\dt\2014-06-01_17-37-33-115179609
c:\users\All Users\sysiwp\dt\2014-06-01_17-42-33-115479630
c:\users\All Users\sysiwp\dt\2014-06-01_17-47-33-115779620
c:\users\All Users\sysiwp\dt\2014-06-01_17-52-33-116079641
c:\users\All Users\sysiwp\dt\2014-06-01_17-57-33-116379647
c:\users\All Users\sysiwp\dt\2014-06-01_18-02-33-116679652
c:\users\All Users\sysiwp\dt\2014-06-01_18-07-33-116979658
c:\users\All Users\sysiwp\dt\2014-06-01_18-12-33-117279664
c:\users\All Users\sysiwp\dt\2014-06-01_18-17-33-117579653
c:\users\All Users\sysiwp\dt\2014-06-01_18-22-33-117879659
c:\users\All Users\sysiwp\dt\2014-06-01_18-27-33-118179680
c:\users\All Users\sysiwp\dt\2014-06-01_18-32-33-118479670
c:\users\All Users\sysiwp\dt\2014-06-01_18-37-33-118779691
c:\users\All Users\sysiwp\dt\2014-06-01_18-42-33-119079681
c:\users\All Users\sysiwp\dt\2014-06-01_18-47-33-119379702
c:\users\All Users\sysiwp\dt\2014-06-01_18-52-33-119679708
c:\users\All Users\sysiwp\dt\2014-06-01_18-57-33-119979713
c:\users\All Users\sysiwp\dt\2014-06-01_19-02-33-120279703
c:\users\All Users\sysiwp\dt\2014-06-01_19-07-33-120579724
c:\users\All Users\sysiwp\dt\2014-06-01_19-12-33-120879730
c:\users\All Users\sysiwp\dt\2014-06-01_19-17-33-121179720
c:\users\All Users\sysiwp\dt\2014-06-01_19-22-33-121479725
c:\users\All Users\sysiwp\dt\2014-06-01_19-27-33-121779731
c:\users\All Users\sysiwp\dt\2014-06-01_19-32-33-122079736
c:\users\All Users\sysiwp\dt\2014-06-01_19-37-33-122379742
c:\users\All Users\sysiwp\dt\2014-06-01_19-42-33-122679747
c:\users\All Users\sysiwp\dt\2014-06-01_19-47-33-122979768
c:\users\All Users\sysiwp\dt\2014-06-01_19-52-33-123279774
c:\users\All Users\sysiwp\help.chm
c:\users\All Users\sysiwp\install.bin
c:\users\All Users\sysiwp\install.log
c:\users\All Users\sysiwp\pkl.bin
c:\users\All Users\sysiwp\sysiwpconfigure.exe
c:\users\All Users\sysiwp\sysiwphk.dll
c:\users\All Users\sysiwp\sysiwpi.dll
c:\users\All Users\sysiwp\sysiwpr.exe
c:\users\All Users\sysiwp\sysiwpvw.exe
c:\users\All Users\sysiwp\sysiwpwb.dll
c:\users\All Users\sysiwp\web.dt
c:\windows\Installer\48270c.msi
c:\windows\SysWOW64\air.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-02 to 2014-06-02  )))))))))))))))))))))))))))))))
.
.
2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp
2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-02 01:52 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA0B2348-A4EF-4885-ADED-64CB50684965}\mpengine.dll
2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET
2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll
2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe
2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe
2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll
2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll
2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll
2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll
2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT
2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner
2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle
2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 11:11 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe
2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll
2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll
2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll
2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll
2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll
2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll
2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll
2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll
2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll
2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll
2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec
2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]
"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
netsvcr REG_MULTI_SZ   MedisCenter
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48]
.
2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job
- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09]
.
2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job
- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aquarionwater.com\www
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: com\swiftview
Trusted Zone: coupons.com\microsite
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: docmagic.com\www
Trusted Zone: elynx.com\gateway
Trusted Zone: elynx.com\stest.lane100
Trusted Zone: elynx.com\stest.lane200
Trusted Zone: elynx.net\aegis
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\ctest.lane100
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gateway
Trusted Zone: elynx.net\gateway.ctest
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\ssctest
Trusted Zone: elynx.net\stest
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: hsbc.com\mortgage-esign.us
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: sasrlink.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\gateway
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend.com\loandocs.ss3
Trusted Zone: swiftsend.com\www
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\products
Trusted Zone: swiftview.com\www
Trusted Zone: wamuloandocs.com\www
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-06-02  07:17:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-02 11:17
ComboFix2.txt  2014-06-02 01:25
ComboFix3.txt  2012-05-26 00:37
ComboFix4.txt  2012-05-25 11:02
ComboFix5.txt  2014-06-02 10:43
.
Pre-Run: 440,775,299,072 bytes free
Post-Run: 440,612,446,208 bytes free
.
- - End Of File - - 0C53CA91E455361784464A16A7B218C1
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

It appears that the difficult to remove random named folder was related to the keylogger that you wanted to keep installed (a few files were the same three character file name as the keylogger, less the extension), so we will need to restore the content of two folders that ComboFix quarantined.

 

We need to make sure you have the most recent version of ComboFix.

Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

 

DEQUARANTINE::

C:\ProgramData\sysiwp
C:\Users\All Users\sysiwp

 

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

Link to post
Share on other sites

New log. Not sure where we are with this but I still get the pop up after a scan w/ Malwarebytes Pro "Potential threat detected "Choose an action" Only Quarantine available and MBAM hangs and needs to be closed.

 

ComboFix 14-06-03.01 - Sharon 06/03/2014   6:21.3.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.3365 [GMT -4:00]
Running from: c:\users\Sharon\Desktop\sar20er.exe
Command switches used :: c:\users\Sharon\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sharon\AppData\Roaming\svfiles.log
c:\windows\SysWow64\bidisp.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-03 to 2014-06-03  )))))))))))))))))))))))))))))))
.
.
2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp
2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-02 11:24 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C1DDAC0-20DC-4E6B-A8F5-942D62576BB2}\mpengine.dll
2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET
2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll
2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe
2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe
2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll
2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll
2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll
2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll
2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT
2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner
2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle
2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle
2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 10:30 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe
2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]
"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
netsvcr REG_MULTI_SZ   MedisCenter
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48]
.
2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job
- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09]
.
2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job
- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34]
.
2014-06-02 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job
- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aquarionwater.com\www
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: com\swiftview
Trusted Zone: coupons.com\microsite
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: docmagic.com\www
Trusted Zone: elynx.com\gateway
Trusted Zone: elynx.com\stest.lane100
Trusted Zone: elynx.com\stest.lane200
Trusted Zone: elynx.net\aegis
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\ctest.lane100
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gateway
Trusted Zone: elynx.net\gateway.ctest
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\ssctest
Trusted Zone: elynx.net\stest
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: hsbc.com\mortgage-esign.us
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: sasrlink.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\gateway
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend.com\loandocs.ss3
Trusted Zone: swiftsend.com\www
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\products
Trusted Zone: swiftview.com\www
Trusted Zone: wamuloandocs.com\www
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-06-03  06:43:52
ComboFix-quarantined-files.txt  2014-06-03 10:43
ComboFix2.txt  2014-06-02 11:17
ComboFix3.txt  2014-06-02 01:25
ComboFix4.txt  2012-05-26 00:37
ComboFix5.txt  2014-06-03 10:20
.
Pre-Run: 440,600,793,088 bytes free
Post-Run: 440,551,026,688 bytes free
.
- - End Of File - - 7C9FB56B15B93D5F72A661B0333711B5
5C616939100B85E558DA92B899A0FC36
Thanks.
Link to post
Share on other sites

Not sure where we are with this but I still get the pop up after a scan w/ Malwarebytes Pro "Potential threat detected "Choose an action" Only Quarantine available and MBAM hangs and needs to be closed.

I don't see that you had mentioned that before. The next itme you run Malwarebytes, be certain you update it before scanning, does this still happen?

 

The PUM.BAD.PROXY hasn't been detected since 6/3

Excellent.

Did you rename ComboFix when you ran it?

Running from: c:\users\Sharon\Desktop\sar20er.exe

 

I see you haven't yet posted this log previously requested, we got caught up in manually deleting what ESET detected before it stopped responding.

 

Download and save to your Desktop  RogueKillerX64.exe (by tigzy)

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan
  • Click on Report and copy/paste the content of the notepad in your next reply (don't fix anything yet, not everything it finds is bad).

Please post the log from RogueKiller, answer the question about renaming ComboFix and the question about Malwarebytes Anti-Malware, and note any errors encountered.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.