Jump to content

MBAM crashes on update


Recommended Posts

I have the free version of MBAM but I am considering the premium. I have run every cleaner known (I think) and I don't think the system is infected anymore but MBAM will not uupdate. It give the error that Malwarebytes has stopped working. Windows is checking for a solution....I have posted the requested Farbar logs. Thanks in advance for your help.

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Here is the RogueKiller report:

FYI It launched a webpage following the scan that reported the removal process for a new variant of ZeroAccess called RTL which I did not do since I am working with you to solve  this problem. Thanks again for your support.

 

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionto 
Started in : Normal mode
User : Al Rodgers [Admin rights]
Mode : Scan -- Date : 07/15/2014  19:27:11
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess] mcshield.exe -- [x] -> ERROR [12]
 
¤¤¤ Registry Entries : 21 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR -> FOUND
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 38.183.109.7 38.183.109.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8D5FA694-3482-4919-A487-9DEF1E1E811D} | DhcpNameServer : 38.183.109.7 38.183.109.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AF143F77-1DBB-4801-BE2D-16C9965A301C} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-75HXZT1 +++++
--- User ---
[MBR] ef53f465cc0be18113c6fa1d30d45ff9
[bSP] b01383409f28337d3ddf5e4fbdf4eb89 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 595378 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Al Rodgers on Wed 07/16/2014 at 19:00:36.86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CC9E94E3-B2C8-4188-A0F5-C26DB146CD2B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D25B97E9-62B2-40CE-BECF-E43A7B879072}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{019631F8-C372-4188-8BE1-574E1BF3DAAE}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{02CA5123-DE48-47C1-8DB0-578226829B33}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{07D4A7F9-8414-4CE7-A315-CC5F60AFDFAA}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{0C29E7B0-6D2C-4EFE-B08C-AEA38212CBDE}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{107194F1-28B1-4B54-B144-A7E81282610E}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{15277799-81AC-49A9-8DB6-712F21C3F276}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{1694949C-DF98-46BD-A11F-96E09B0ADAF9}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{1D48D066-8CE4-42FA-A5EF-2378E2DD621F}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{21EB4F64-8375-4362-A5C8-5824DA18C1C6}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{295A0654-16BF-4808-B827-2E83785EF6B7}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2AD9AE5A-3CEB-4E9A-AE01-C901F7687349}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2BC99B40-6D0D-4A8A-8BF5-0B53AAAB6A5D}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2E0EF101-AD09-4529-925D-A1CE3D22A44F}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{2F957D6C-9C9C-482A-9093-5B601154F914}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{321A5D16-5CC1-4338-BEE4-0FA3433B8DA6}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{3E5E5D0E-DF30-42F1-BC7C-C21CF2EBCD39}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{454E6697-D1A7-40D2-B73B-66B3761E75AB}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{48507EBF-048B-4D07-A4A1-43D4765D437E}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{52F0891D-0A77-4116-A1F5-1E467542F38A}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{55FDE7E2-F297-4FC7-999F-E1C555D0E982}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{5CE9185C-345B-48BF-8BE0-7B8C03EB7A8B}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{5FC09339-377F-4544-86E4-12DB54F6A9B6}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{633F4930-5D4D-45BE-801E-EBC190169202}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{6B0369CB-50EA-46D7-9D60-B14BDCA5BEC2}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{71A921C2-CC00-4735-BE16-187AF5D17146}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{7CE1B3F2-73F5-41D7-8224-3FEB07073AD4}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{7D164CB0-D7EC-4C98-B796-3339C59904C4}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{85BC6DCA-4F7C-4F03-998A-1C1CDF08E3D6}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{89F8F241-81E3-4A13-AFEA-95AF1A9D9367}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{8BECF1B2-A747-4C1A-A84E-690B4C2A1B7C}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{8F62A52A-4476-4C58-B68E-3122018B92A9}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{91FD9320-FD0C-46F7-9C62-DC128E76716E}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{92EBF094-ADF8-4066-ADCE-E92273FFA194}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{93458A23-BA26-496B-9398-7BD19FFA348F}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9783015C-646E-4079-9FAF-75B5806476DD}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9F2BC621-3139-4A64-BF92-E089034FD762}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{9F45F4EC-6A93-4487-8D2B-956439776378}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{A39E7363-9AF1-434D-B498-1BE364471AA1}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{AA6EDD6C-E082-4012-84DC-F8DC4B12E885}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{B4279C43-54F5-4A93-BD5D-1811C705A92C}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{BB156047-C37C-496A-B4F0-43C41B71B169}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C4340F5A-4452-4E9F-BDB5-16888FCC1877}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C497D37F-B069-40BD-9D0E-E2EF75C8FCB2}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{C7F59741-943E-456A-AD39-13EB5E20F187}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CA952959-36DC-4AF6-AF26-16D97BF27F9F}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CC0195AB-BB67-43F7-B08A-9DF5A36465BA}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CCAD35D9-85B8-4503-8014-242259D4927F}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CD75BEDD-6BA6-4AEE-9B80-E131686D9463}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CE856A99-66E5-4E01-AF3B-B177714D9CAA}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{CF14ED0F-8B03-407A-ACB8-F1E09F9E3146}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D171AF25-5F15-4B66-BF9F-06594FE71BC8}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D55845DA-28F5-425A-97D1-EF9744945212}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D92FA146-B821-4A2D-806A-6DE306B45B61}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{D953FE27-8401-49E6-9E7F-04970DA9CCDA}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E0C54A71-19BD-4DE8-B14B-0D764A334B87}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E245BA3B-1C5C-4DF0-80A3-7CFFCE2C6741}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{E5AD3BA6-F884-4506-AB5B-5DCC126470C3}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{EBE968E2-6333-4B17-8070-A68CC104B3A4}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F13E2526-4A84-4916-B7A0-D4FDB9830128}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F32219A1-9DDA-4BD1-90BB-78AE1456F795}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F409A7AB-5298-4917-9CCF-F97E990CD6BB}

Successfully deleted: [Empty Folder] C:\Users\Al Rodgers\appdata\local\{F40EB366-056B-4835-9C4B-29B4DF19DA06}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/16/2014 at 19:07:04.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

I did not see anythin here to uncheck but here is the Adwcleaner log for your review:

# AdwCleaner v3.215 - Report created 16/07/2014 at 19:10:31
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Al Rodgers - ALBERT
# Running from : C:\Users\Al Rodgers\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4882 octets] - [10/07/2014 12:00:51]
AdwCleaner[R1].txt - [683 octets] - [16/07/2014 19:10:31]
AdwCleaner[s0].txt - [4927 octets] - [10/07/2014 12:02:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [802 octets] ##########
Link to post
Share on other sites

Adw Cleaner post-reboot:

# AdwCleaner v3.215 - Report created 16/07/2014 at 19:17:25
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Al Rodgers - ALBERT
# Running from : C:\Users\Al Rodgers\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4882 octets] - [10/07/2014 12:00:51]
AdwCleaner[R1].txt - [881 octets] - [16/07/2014 19:10:31]
AdwCleaner[s0].txt - [4927 octets] - [10/07/2014 12:02:37]
AdwCleaner[s1].txt - [803 octets] - [16/07/2014 19:17:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [862 octets] ##########
Link to post
Share on other sites

ESET:

 

C:\AdwCleaner\Quarantine\C\Program Files\pcreg\service.exe.vir Win32/Conduit.SearchProtect.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Al Rodgers\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Windows\Installer\MSIEC44.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe Win32/Conduit.SearchProtect.O potentially unwanted application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe Win32/Conduit.SearchProtect.O potentially unwanted application
Link to post
Share on other sites

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Al Rodgers (administrator) on ALBERT on 16-07-2014 20:34:14
Running from C:\Users\Al Rodgers\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung) C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Samsung) C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-16] (Dell)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk
ShortcutTarget: PC Auto Backup.lnk -> C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe (Samsung)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {36052362-5BE9-47F7-95E8-FC2005FBF6C5} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US370&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Al Rodgers\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Al Rodgers\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-03]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-11-03]
CHR Extension: (Google Wallet) - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-03]
CHR StartMenuInternet: Google Chrome - C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
R2 WiselinkPro; C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe [7274561 2013-02-18] (Samsung) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-16] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\windows\system32\F0F4.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 MFE_RR; \??\C:\Users\ALRODG~1\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-16 20:33 - 2014-07-16 20:33 - 02086912 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe
2014-07-16 20:30 - 2014-07-16 20:30 - 00001054 _____ () C:\Users\Al Rodgers\Desktop\ESET.txt
2014-07-16 19:28 - 2014-07-16 19:28 - 02347384 _____ (ESET) C:\Users\Al Rodgers\Desktop\esetsmartinstaller_enu.exe
2014-07-16 19:28 - 2014-07-16 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 19:21 - 2014-07-16 19:23 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\CrashDumps
2014-07-16 19:08 - 2014-07-16 19:08 - 01348263 _____ () C:\Users\Al Rodgers\Desktop\AdwCleaner.exe
2014-07-16 19:07 - 2014-07-16 19:07 - 00008961 _____ () C:\Users\Al Rodgers\Desktop\JRT.txt
2014-07-16 19:00 - 2014-07-16 19:00 - 00000000 ____D () C:\windows\ERUNT
2014-07-16 18:59 - 2014-07-16 18:59 - 01016261 _____ (Thisisu) C:\Users\Al Rodgers\Desktop\JRT.exe
2014-07-15 19:14 - 2014-07-15 19:17 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\extensions.sqlite
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\addons.sqlite
2014-07-15 19:13 - 2014-07-15 19:13 - 05336664 _____ () C:\Users\Al Rodgers\Desktop\RogueKillerX64.exe
2014-07-14 09:47 - 2014-07-16 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 09:47 - 2014-07-14 09:47 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 09:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-14 09:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-14 09:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-14 09:43 - 2014-07-14 09:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 09:35 - 2014-07-14 09:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Desktop\mbam-clean-2.1.1.1001 (1).exe
2014-07-14 09:32 - 2014-07-14 09:32 - 00000890 _____ () C:\Users\Al Rodgers\Desktop\NTREGOPT.lnk
2014-07-14 09:32 - 2014-07-14 09:32 - 00000871 _____ () C:\Users\Al Rodgers\Desktop\ERUNT.lnk
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 09:31 - 2014-07-14 09:31 - 00791393 _____ (Lars Hederer ) C:\Users\Al Rodgers\Downloads\erunt-setup.exe
2014-07-14 09:30 - 2014-07-14 09:31 - 00002440 _____ () C:\Users\Al Rodgers\Desktop\Rkill.txt
2014-07-14 09:30 - 2014-07-14 09:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Al Rodgers\Desktop\rkill.exe
2014-07-11 09:32 - 2014-07-16 20:34 - 00023981 _____ () C:\Users\Al Rodgers\Desktop\FRST.txt
2014-07-11 09:32 - 2014-07-11 09:33 - 00044238 _____ () C:\Users\Al Rodgers\Desktop\Addition.txt
2014-07-11 09:31 - 2014-07-16 20:34 - 00000000 ____D () C:\FRST
2014-07-11 09:31 - 2014-07-11 09:31 - 02084864 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64.exe
2014-07-11 09:23 - 2014-07-11 09:23 - 00070204 _____ () C:\Users\Al Rodgers\Desktop\Extras.Txt
2014-07-11 09:22 - 2014-07-11 09:22 - 00132016 _____ () C:\Users\Al Rodgers\Desktop\OTL.Txt
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 08:58 - 2014-07-11 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Downloads\mbam-setup-consumer-2.0.2.1012.exe
2014-07-11 08:49 - 2014-07-11 08:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-10 20:08 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\F0F4.tmp
2014-07-10 20:04 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\FF44.tmp
2014-07-10 19:59 - 2014-07-10 20:00 - 00281200 _____ () C:\windows\Minidump\071014-89138-01.dmp
2014-07-10 19:54 - 2014-07-10 19:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-10 19:54 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\windows\system32\658D.tmp
2014-07-10 12:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-10 12:00 - 2014-07-16 19:17 - 00000000 ____D () C:\AdwCleaner
2014-07-10 08:56 - 2014-07-14 09:33 - 00000000 ____D () C:\windows\erdnt
2014-07-09 16:40 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2014-07-09 16:40 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2014-07-09 12:46 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 12:46 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 12:46 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 12:46 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 12:46 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 12:46 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 12:46 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 12:46 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 12:46 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 12:46 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 12:37 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 12:37 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 12:37 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 12:37 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 12:37 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 12:37 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 12:37 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 12:37 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 12:37 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 12:37 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 12:37 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 12:37 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 12:37 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 12:37 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 12:37 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 12:37 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 12:37 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 12:37 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:37 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 12:37 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:37 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 12:37 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 12:37 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 12:37 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 12:37 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 12:37 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 12:37 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 12:37 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 12:37 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:37 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:37 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 12:37 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 12:37 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 12:37 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 12:37 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 12:37 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 12:37 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 12:37 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 12:37 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 12:37 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 12:37 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:37 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 12:37 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 12:37 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 12:37 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 12:37 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 12:37 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 12:37 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 12:37 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:37 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 12:37 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 12:37 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 12:37 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 12:37 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 12:37 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 12:37 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 12:28 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 12:28 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 12:28 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-07 16:26 - 2014-07-07 16:26 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BITCC72.tmp
2014-07-07 16:19 - 2014-07-07 16:19 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{EB9529ED-619E-46A9-86C1-53AB23FE2006}
2014-07-04 09:29 - 2014-07-04 09:29 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BIT88ED.tmp
2014-07-04 09:25 - 2014-07-04 09:25 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{859209E8-D6F0-466E-9DDB-E9B6D81968E7}
2014-06-30 07:40 - 2014-06-30 07:40 - 00005151 _____ () C:\Users\Al Rodgers\Downloads\sunsetan.mid
2014-06-25 09:22 - 2014-07-09 16:19 - 00000003 _____ () C:\Users\Al Rodgers\AppData\Local\proxy.log
2014-06-16 22:28 - 2014-07-16 20:33 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job
2014-06-16 22:28 - 2014-06-16 22:28 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081
 
==================== One Month Modified Files and Folders =======
 
2014-07-16 20:34 - 2014-07-11 09:32 - 00023981 _____ () C:\Users\Al Rodgers\Desktop\FRST.txt
2014-07-16 20:34 - 2014-07-11 09:31 - 00000000 ____D () C:\FRST
2014-07-16 20:33 - 2014-07-16 20:33 - 02086912 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64 (1).exe
2014-07-16 20:33 - 2014-06-16 22:28 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job
2014-07-16 20:30 - 2014-07-16 20:30 - 00001054 _____ () C:\Users\Al Rodgers\Desktop\ESET.txt
2014-07-16 19:58 - 2011-08-18 15:12 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job
2014-07-16 19:54 - 2011-09-07 19:00 - 01957058 _____ () C:\windows\WindowsUpdate.log
2014-07-16 19:47 - 2012-08-16 16:29 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 19:28 - 2014-07-16 19:28 - 02347384 _____ (ESET) C:\Users\Al Rodgers\Desktop\esetsmartinstaller_enu.exe
2014-07-16 19:28 - 2014-07-16 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 19:26 - 2009-07-14 00:45 - 00013872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:26 - 2009-07-14 00:45 - 00013872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 19:23 - 2014-07-16 19:21 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\CrashDumps
2014-07-16 19:23 - 2014-07-14 09:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 19:23 - 2012-08-07 11:04 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-07-16 19:19 - 2011-06-13 19:59 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-16 19:18 - 2014-06-13 20:25 - 00003222 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3970501574-1576805769-1175336529-1000
2014-07-16 19:18 - 2014-06-13 14:41 - 00003346 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3970501574-1576805769-1175336529-1000
2014-07-16 19:18 - 2014-05-08 12:29 - 00005434 _____ () C:\windows\setupact.log
2014-07-16 19:18 - 2014-05-08 12:28 - 00170156 _____ () C:\windows\PFRO.log
2014-07-16 19:18 - 2011-09-07 18:55 - 2050150400 ___SH () C:\pagefile.s
2014-07-16 19:18 - 2011-08-19 14:30 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 19:18 - 2011-06-13 20:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-16 19:18 - 2011-06-13 20:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-16 19:18 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 19:17 - 2014-07-10 12:00 - 00000000 ____D () C:\AdwCleaner
2014-07-16 19:08 - 2014-07-16 19:08 - 01348263 _____ () C:\Users\Al Rodgers\Desktop\AdwCleaner.exe
2014-07-16 19:07 - 2014-07-16 19:07 - 00008961 _____ () C:\Users\Al Rodgers\Desktop\JRT.txt
2014-07-16 19:00 - 2014-07-16 19:00 - 00000000 ____D () C:\windows\ERUNT
2014-07-16 18:59 - 2014-07-16 18:59 - 01016261 _____ (Thisisu) C:\Users\Al Rodgers\Desktop\JRT.exe
2014-07-16 18:55 - 2013-05-22 11:07 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-16 18:55 - 2011-07-29 20:19 - 00000000 ____D () C:\Users\Al Rodgers\AppData\Local\Apps\2.0
2014-07-15 19:25 - 2011-08-18 15:12 - 00000876 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job
2014-07-15 19:17 - 2014-07-15 19:14 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\extensions.sqlite
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 _____ () C:\Users\Al\AppData\addons.sqlite
2014-07-15 19:14 - 2011-07-29 20:35 - 00000000 ____D () C:\Users\Al\My Backup Files
2014-07-15 19:14 - 2009-07-14 01:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-15 19:13 - 2014-07-15 19:13 - 05336664 _____ () C:\Users\Al Rodgers\Desktop\RogueKillerX64.exe
2014-07-14 09:47 - 2014-07-14 09:47 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 09:47 - 2014-07-14 09:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 09:45 - 2014-07-14 09:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 09:35 - 2014-07-14 09:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Desktop\mbam-clean-2.1.1.1001 (1).exe
2014-07-14 09:33 - 2014-07-10 08:56 - 00000000 ____D () C:\windows\erdnt
2014-07-14 09:32 - 2014-07-14 09:32 - 00000890 _____ () C:\Users\Al Rodgers\Desktop\NTREGOPT.lnk
2014-07-14 09:32 - 2014-07-14 09:32 - 00000871 _____ () C:\Users\Al Rodgers\Desktop\ERUNT.lnk
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 09:31 - 2014-07-14 09:31 - 00791393 _____ (Lars Hederer ) C:\Users\Al Rodgers\Downloads\erunt-setup.exe
2014-07-14 09:31 - 2014-07-14 09:30 - 00002440 _____ () C:\Users\Al Rodgers\Desktop\Rkill.txt
2014-07-14 09:30 - 2014-07-14 09:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Al Rodgers\Desktop\rkill.exe
2014-07-11 09:33 - 2014-07-11 09:32 - 00044238 _____ () C:\Users\Al Rodgers\Desktop\Addition.txt
2014-07-11 09:31 - 2014-07-11 09:31 - 02084864 _____ (Farbar) C:\Users\Al Rodgers\Desktop\FRST64.exe
2014-07-11 09:23 - 2014-07-11 09:23 - 00070204 _____ () C:\Users\Al Rodgers\Desktop\Extras.Txt
2014-07-11 09:22 - 2014-07-11 09:22 - 00132016 _____ () C:\Users\Al Rodgers\Desktop\OTL.Txt
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 09:00 - 2014-07-11 08:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Al Rodgers\Downloads\mbam-setup-consumer-2.0.2.1012.exe
2014-07-11 08:51 - 2011-06-13 19:40 - 00000000 ____D () C:\ProgramData\Sonic
2014-07-11 08:49 - 2014-07-11 08:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Al Rodgers\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-10 20:00 - 2014-07-10 19:59 - 00281200 _____ () C:\windows\Minidump\071014-89138-01.dmp
2014-07-10 19:59 - 2014-06-07 12:53 - 752391153 _____ () C:\windows\MEMORY.DMP
2014-07-10 19:59 - 2014-02-07 16:47 - 00000000 ____D () C:\windows\Minidump
2014-07-10 19:54 - 2014-07-10 19:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-10 12:56 - 2009-07-14 01:08 - 00032652 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 11:24 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-10 11:02 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-07-10 10:59 - 2009-07-13 22:34 - 97779712 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-07-10 10:59 - 2009-07-13 22:34 - 24641536 _____ () C:\windows\system32\config\SYSTEM.bak
2014-07-10 10:59 - 2009-07-13 22:34 - 06029312 _____ () C:\windows\system32\config\DEFAULT.bak
2014-07-10 10:59 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-07-10 10:59 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-07-09 16:30 - 2014-05-08 12:03 - 00000000 ____D () C:\temp
2014-07-09 16:19 - 2014-06-25 09:22 - 00000003 _____ () C:\Users\Al Rodgers\AppData\Local\proxy.log
2014-07-09 16:17 - 2009-07-14 00:45 - 00382360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 16:13 - 2014-05-07 18:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 16:13 - 2011-06-13 22:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 16:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 16:11 - 2013-08-15 23:23 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 16:09 - 2011-09-07 18:35 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 13:27 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\Performance
2014-07-09 10:47 - 2012-08-16 16:29 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 10:47 - 2011-10-16 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 16:26 - 2014-07-07 16:26 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BITCC72.tmp
2014-07-07 16:19 - 2014-07-07 16:19 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{EB9529ED-619E-46A9-86C1-53AB23FE2006}
2014-07-04 09:29 - 2014-07-04 09:29 - 00000000 ____H () C:\Users\Al Rodgers\AppData\Local\BIT88ED.tmp
2014-07-04 09:25 - 2014-07-04 09:25 - 00000000 _____ () C:\Users\Al Rodgers\AppData\Local\{859209E8-D6F0-466E-9DDB-E9B6D81968E7}
2014-07-02 19:57 - 2011-09-07 18:08 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-02 15:00 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-30 07:41 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-30 07:40 - 2014-06-30 07:40 - 00005151 _____ () C:\Users\Al Rodgers\Downloads\sunsetan.mid
2014-06-29 22:09 - 2014-07-09 12:46 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 12:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-23 09:53 - 2011-08-18 15:12 - 00003912 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA
2014-06-23 09:53 - 2011-08-18 15:12 - 00003516 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core
2014-06-21 19:48 - 2014-01-31 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-20 16:14 - 2014-07-09 12:37 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 12:37 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 12:37 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 12:37 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 12:37 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 12:37 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 12:37 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 12:37 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 12:37 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 12:37 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 12:37 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 12:37 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 12:37 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 12:37 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 12:37 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 12:37 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 12:37 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 12:37 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 12:37 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 12:37 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 12:37 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 12:37 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 12:37 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 12:37 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 12:37 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 12:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 12:37 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 12:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 12:37 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 12:37 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 12:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 12:37 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 12:37 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 12:37 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 12:37 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 12:37 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 12:37 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 12:37 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 12:37 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 12:37 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 12:37 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 12:37 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 12:37 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 12:37 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 12:37 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 12:37 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 12:37 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 12:37 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 12:37 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 12:37 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 12:37 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 12:37 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 12:37 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 12:37 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 12:46 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 12:46 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 12:46 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-16 22:28 - 2014-06-16 22:28 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081
2014-06-16 22:28 - 2011-08-19 14:30 - 00003650 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-09 09:49
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Al Rodgers at 2014-07-11 09:32:37
Running from C:\Users\Al Rodgers\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD APP SDK Runtime (Version: 2.4.595.1 - Advanced Micro Devices Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{57CC96D5-EC41-6CFA-9BBE-2F004C839318}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
BACKTRACK D-TOUR (HKLM-x32\...\com.bushnell.BacktrackDtour) (Version: 1.7.1 - Registria Inc.)
BACKTRACK D-TOUR (x32 Version: 1.7.1 - Registria Inc.) Hidden
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.523.2 - Best Buy)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
CLEAR™ WiMAX Tutorial (HKLM-x32\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.0.10 - Intel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PC Auto Backup (HKLM-x32\...\InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}) (Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.)
PC Auto Backup (x32 Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Price Check by AOL (HKLM-x32\...\Price Check by AOL) (Version: 1.11.2.1 - AOL Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung i-Launcher 1.0.1.54 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.54 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-07-10 11:02 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0739170C-965D-4A3E-9326-3ACC06C3811B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)
Task: {09E8BE9F-4E1A-4655-BC1F-3445A94BC11E} - System32\Tasks\{E6DC3341-EDFC-48E8-903D-AA1974AD4AB2} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {0E48BE66-A882-4543-84BA-6A8C0F1DDD1E} - System32\Tasks\RealCreateProcessScheduledTask99926003S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {12F52790-448C-490A-9712-175C4F1767C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {1546FBF4-50B4-4151-BEF7-2B69A61E6416} - System32\Tasks\RealCreateProcessScheduledTask75294366S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {1F95C70E-8BA9-42DB-BC89-966A06E9CCCB} - System32\Tasks\RealCreateProcessScheduledTask95719187S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {25289BA2-66A7-475E-8F6B-A2597DE9A361} - System32\Tasks\RealCreateProcessScheduledTask166040490S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {343F0B87-5869-41AC-A93A-0C01DAB71588} - System32\Tasks\RealCreateProcessScheduledTask26163551S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {3715B373-B29B-470E-B742-55577D62FAB5} - System32\Tasks\RealCreateProcessScheduledTask1405709S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {37D96F55-FBB6-4251-8F89-B1D85650D4FA} - System32\Tasks\RealCreateProcessScheduledTask35097697S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {3B0B170C-9C81-439C-9997-C45C24F7DF4A} - System32\Tasks\RealCreateProcessScheduledTask25189793S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {40D1DC4B-CEA7-4D2E-96A7-F542F29CC30A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {426019C6-2FFA-492D-A0BA-E190312A341D} - System32\Tasks\RealCreateProcessScheduledTask101337921S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {4D76C645-7683-446C-A840-6B83FF336387} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {5042A714-B57C-468C-88A5-FADF6BD957B3} - System32\Tasks\RealCreateProcessScheduledTask13693814S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {55446EBC-9287-42C5-9485-FCF6D4A476C8} - System32\Tasks\RealCreateProcessScheduledTask272705176S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {5578D98B-194E-492A-A436-E260040EE644} - System32\Tasks\RealCreateProcessScheduledTask117624S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {59189666-DCC1-41D3-8F38-796BDF565509} - System32\Tasks\RealCreateProcessScheduledTask182502465S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {66EE6D8C-74C1-4ED3-9087-216686AA9CD3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {69CDAC07-B290-476A-BFF3-A9A03DAF6D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81F7CF66-51B4-44B3-8F00-32389AD2ACDD} - System32\Tasks\{0202BA65-9187-461D-8173-680EBA9FD10C} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {8F74DA1A-75EE-4380-BA1A-77F7FCB3383A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {90AE9A88-0911-421C-8958-E032B2D486E6} - System32\Tasks\{D98A7AE1-8D84-40E4-AE3F-EBE9732EE6FD} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {927FD2DC-3019-4926-BAE7-1FEF33D355EF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9399247D-D8A0-46D3-BDB2-3FF41B775358} - System32\Tasks\{9A8EFA79-9583-4734-8B35-CA763F9C77DB} => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
Task: {9F3A1B5F-3116-4318-8E3F-A3F6884B01CA} - System32\Tasks\RealCreateProcessScheduledTask4359588S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {ABA796EC-CD1C-40A9-9356-CEDA2A285A63} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000
Task: {B3B6730A-2905-4D72-A223-623D314B3C60} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B7054C15-42B4-4E1A-B73D-81EDD28FAEF3} - System32\Tasks\RealCreateProcessScheduledTask7747602S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {C267AB2F-8BB8-4253-B26D-0E32CAF7AD15} - System32\Tasks\RealCreateProcessScheduledTask196124S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {CE8249B0-C3EA-4D94-9718-D577B8195751} - System32\Tasks\{0F151CAD-F8F4-456C-A9CC-0CE6AAF7CFDA} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {CF3276C8-85B3-49B5-8BFB-CB06806F1089} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D2B04EB0-F0C4-4D66-AE8E-9A7C438D1863} - System32\Tasks\{4AF2580A-BB1F-4497-8F7D-0336057405E0} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F} - \Digital Sites No Task File <==== ATTENTION
Task: {D730BE0C-3832-442B-874F-42C8F4268D28} - System32\Tasks\RealCreateProcessScheduledTask243236S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {DA5829FE-1ED5-4E02-A42C-8986438507A6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {DB05E88C-918B-4AAF-A691-63DD4BDF8229} - System32\Tasks\{7319BC69-D998-4161-A188-66C4A48ABC23} => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Task: {DCA10CD6-656A-4677-B742-68414F671858} - System32\Tasks\RealCreateProcessScheduledTask63204787S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {E6549044-D47B-4D18-A895-42A745F637B0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {E91C0ED4-6749-4BC1-B5C7-C1C0EA557740} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)
Task: {E9240DB0-B020-45CA-A670-B1BFBEECCC49} - System32\Tasks\RealCreateProcessScheduledTask112757475S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {E95CC8E7-CD31-4B1E-B9DA-416D9FE063AB} - System32\Tasks\RealCreateProcessScheduledTask254749S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {F5E6A805-F98F-4C6B-93A0-A88A9F9B9437} - System32\Tasks\RealCreateProcessScheduledTask10249390S-1-5-21-3970501574-1576805769-1175336529-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-21 16:13 - 2014-06-21 16:13 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-06-13 19:59 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2014-03-18 21:49 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-06-13 21:56 - 2011-03-25 21:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-09-03 13:11 - 2010-09-03 13:11 - 00520295 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 14:02 - 2010-04-30 14:02 - 00057344 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\lang.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-02-13 14:17 - 2014-02-13 14:17 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-06-13 19:24 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-06-11 08:44 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 08:44 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 08:44 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 08:44 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 08:44 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Al Rodgers\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:82C232FB
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file E:\HitmanPro_x64.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: E:\HitmanPro_x64.exe
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 2
 
Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.212, time stamp: 0x52e62ab4
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.212, time stamp: 0x52e62ab4
Exception code: 0xc0000006
Fault offset: 0x0000000000276ee0
Faulting process id: 0x1acc
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
Error: (07/11/2014 09:15:07 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/11/2014 09:07:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/11/2014 09:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1310
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (07/11/2014 09:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xfc8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (07/11/2014 08:46:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd1c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/11/2014 08:44:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (07/10/2014 09:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error: 
%%1275
 
Error: (07/10/2014 09:00:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error: 
%%1275
 
Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error: 
%%1275
 
Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (07/10/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error: 
%%1275
 
Error: (07/10/2014 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (07/10/2014 08:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error: 
%%1275
 
Error: (07/10/2014 08:08:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\system32\F0F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: E:\HitmanPro_x64.exeHitmanPro 3.7C00004282
 
Error: (07/11/2014 09:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro_x64.exe3.7.9.21252e62ab4HitmanPro_x64.exe3.7.9.21252e62ab4c00000060000000000276ee01acc01cf9d0a2cdcaf24E:\HitmanPro_x64.exeE:\HitmanPro_x64.exe6b050193-08fd-11e4-85f2-bc7737a35240
 
Error: (07/11/2014 09:15:07 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\Kickstarter.exeE:\Kickstarter.exe0
 
Error: (07/11/2014 09:07:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\Kickstarter.exeE:\Kickstarter.exe0
 
Error: (07/11/2014 09:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd131001cf9d08c12483ebC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3cc70e00-08fc-11e4-85f2-bc7737a35240
 
Error: (07/11/2014 09:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfc801cf9d08a2b7ed6bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle242ece2-08fb-11e4-85f2-bc7737a35240
 
Error: (07/11/2014 08:46:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd1c01cf9d061a8db31aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5dc290bd-08f9-11e4-8919-bc7737a35240
 
Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/11/2014 08:44:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/11/2014 08:44:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-10 21:10:04.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\HitmanPro.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-10 21:00:41.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:41.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:40.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:40.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:40.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:40.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:40.079
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 21:00:39.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-10 20:08:41.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\F0F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 6051.18 MB
Available physical RAM: 3733.43 MB
Total Pagefile: 12100.53 MB
Available Pagefile: 9531.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:522.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 16693EDB)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014

Ran by Al Rodgers at 2014-07-21 10:47:24 Run:1

Running from C:\Users\Al Rodgers\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

BootExecute: autocheck autochk * sdnclean64.exe

SearchScopes: HKLM-x32 - DefaultScope value is missing.

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

S3 MFE_RR; \??\C:\Users\ALRODG~1\AppData\Local\Temp\mfe_rr.sys

C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe

Task: {0739170C-965D-4A3E-9326-3ACC06C3811B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)

Task: {4D76C645-7683-446C-A840-6B83FF336387} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION

Task: {69CDAC07-B290-476A-BFF3-A9A03DAF6D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)

Task: {7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {ABA796EC-CD1C-40A9-9356-CEDA2A285A63} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000

Task: {D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F} - \Digital Sites No Task File <==== ATTENTION

Task: {E6549044-D47B-4D18-A895-42A745F637B0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)

Task: {E91C0ED4-6749-4BC1-B5C7-C1C0EA557740} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => C:\Users\Al Rodgers\AppData\Local\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:82C232FB

 

*****************

 

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.

'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.

'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1' => Key deleted successfully.

C:\windows\SysWOW64\npDeployJava1.dll => Moved successfully.

'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2' => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.

MFE_RR => Service deleted successfully.

C:\Users\Al Rodgers\AppData\Local\Temp\Quarantine.exe => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0739170C-965D-4A3E-9326-3ACC06C3811B}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0739170C-965D-4A3E-9326-3ACC06C3811B}' => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D76C645-7683-446C-A840-6B83FF336387}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D76C645-7683-446C-A840-6B83FF336387}' => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69CDAC07-B290-476A-BFF3-A9A03DAF6D0A}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69CDAC07-B290-476A-BFF3-A9A03DAF6D0A}' => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB260F1-2E5B-49BB-88F1-C5ADB5EDC007}' => Key deleted successfully.

C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABA796EC-CD1C-40A9-9356-CEDA2A285A63}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA796EC-CD1C-40A9-9356-CEDA2A285A63}' => Key deleted successfully.

C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000 => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3970501574-1576805769-1175336529-1000' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5BEF4C2-AEBA-46CC-A5DB-BE6ACCC7DD2F}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6549044-D47B-4D18-A895-42A745F637B0}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6549044-D47B-4D18-A895-42A745F637B0}' => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081 => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cf89d3c6004081' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E91C0ED4-6749-4BC1-B5C7-C1C0EA557740}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91C0ED4-6749-4BC1-B5C7-C1C0EA557740}' => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA' => Key deleted successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf89d3c6004081.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000Core.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3970501574-1576805769-1175336529-1000UA.job => Moved successfully.

C:\ProgramData\Temp => ":82C232FB" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up.  Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now.  It is an actual backup of the MBR (master boot record).
 

Link to post
Share on other sites

aswmbr.txt:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-22 12:31:16
-----------------------------
12:31:16.734    OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:16.734    Number of processors: 4 586 0x2A07
12:31:16.734    ComputerName: ALBERT  UserName: 
12:31:20.119    Initialize success
12:31:20.150    VM: initialized successfully
12:31:20.166    VM: Intel CPU supported 
12:31:27.255    VM: supported disk I/O iaStor.sys
12:40:10.753    AVAST engine defs: 14072200
12:41:59.611    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:59.626    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
12:41:59.751    VM: Disk 0 MBR read successfully
12:41:59.751    Disk 0 MBR scan
12:41:59.767    Disk 0 Windows 7 default MBR code
12:41:59.782    Disk 0 Partition 1 00     DE Dell Utility DELL 8.0      100 MB offset 2048
12:41:59.798    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
12:41:59.814    Disk 0 Boot: NTFS     code=1
12:41:59.845    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       595378 MB offset 30926848
12:41:59.892    Disk 0 scanning C:\windows\system32\drivers
12:42:13.932    Service scanning
12:42:52.808    Modules scanning
12:42:52.823    Disk 0 trace - called modules:
12:42:52.855    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
12:42:52.870    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800601a060]
12:42:52.886    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8005d16230]
12:42:52.901    5 ACPI.sys[fffff88000f0c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d1c050]
12:42:54.820    AVAST engine scan C:\windows
12:42:58.517    AVAST engine scan C:\windows\system32
12:46:37.342    AVAST engine scan C:\windows\system32\drivers
12:46:54.611    AVAST engine scan C:\Users\Al Rodgers
12:48:45.684    Disk 0 MBR has been saved successfully to "C:\Users\Al Rodgers\Desktop\MBR.dat"
12:48:45.700    The log file has been saved successfully to "C:\Users\Al Rodgers\Desktop\aswMBR.txt"
Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

YES!!! Thank you AdvancedSetup

 

The.bat file worked. MBAM updated and i ran a scan with the following results:

PS I quarantined the PUP. Please let me know if I need to take any further steps. I think I will get MBAM premium for real-time protection., do you have any other recommendations?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/29/2014
Scan Time: 1:04:05 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.29.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Al Rodgers
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325370
Time Elapsed: 9 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.BrowserGuardian.A, HKLM\SOFTWARE\WOW6432NODE\Browser Guardian, Quarantined, [9cad6a3ba1da88aec052b616966c4cb4], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.