Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Terrible Emiesitelist "Chrome" Virus
Message
<blockquote data-quote="JakeStone" data-source="post: 294898" data-attributes="member: 30408"><p>Thank you!!</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.08.0.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p>Database version: v2014.11.08.02</p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 11.0.9600.17358</p><p>gem331 :: GEM331-PC [administrator]</p><p>11/8/2014 9:39:35 AM</p><p>mbar-log-2014-11-08 (09-39-35).txt</p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 326335</p><p>Time elapsed: 15 minute(s), 57 second(s)</p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p>Memory Modules Detected: 4</p><p>C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p>Registry Values Detected: 1</p><p>HKU\S-1-5-21-3145682528-433039331-1199355789-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zxkdocaukehh (Trojan.Agent) -> Data: regsvr32.exe /s "C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll" -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p>Files Detected: 3</p><p>C:\Users\gem331\AppData\Local\Temp\F505.tmp (Backdoor.Bot) -> Delete on reboot. [77db1326d5a76fc771f0835ca8591ae6]</p><p>C:\Users\gem331\AppData\Local\Temp\F5FE.tmp (Backdoor.Bot) -> Delete on reboot. [0e44bd7c9ddf4ee8412014cb0ef3d22e]</p><p>C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab]</p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p>(end)</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.0.1001</p><p>(c) Malwarebytes Corporation 2011-2012</p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p>Account is Administrative</p><p>Internet Explorer version: 11.0.9600.17358</p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 3.392000 GHz</p><p>Memory total: 8571527168, free: 4351533056</p><p>Downloaded database version: v2014.11.08.02</p><p>Downloaded database version: v2014.11.01.02</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 11/08/2014 09:39:28</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\iaStor.sys</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\drivers\mfehidk.sys</p><p>\SystemRoot\System32\Drivers\PxHlpa64.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\mfewfpk.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\atikmpag.sys</p><p>\SystemRoot\system32\DRIVERS\atikmdag.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\bcmwl664.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\k57nd60a.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\wacomvhid.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\WacomVKHid.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\wacommousefilter.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\AtihdW76.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\RTKVHD64.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\system32\drivers\mfeavfk.sys</p><p>\SystemRoot\system32\drivers\mfefirek.sys</p><p>\SystemRoot\system32\DRIVERS\mfencbdc.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\drivers\usbaudio.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\usbprint.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\system32\drivers\mfeapfk.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\system32\drivers\cfwids.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\userenv.dll</p><p>\Windows\System32\devobj.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk4\DR4</p><p>Upper Device Object: 0xfffffa800a26d060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\0000008c\</p><p>Lower Device Object: 0xfffffa800a882b60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk3\DR3</p><p>Upper Device Object: 0xfffffa800a26a060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\0000008b\</p><p>Lower Device Object: 0xfffffa800adcb750</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk2\DR2</p><p>Upper Device Object: 0xfffffa800a26f060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\0000008a\</p><p>Lower Device Object: 0xfffffa800a875b60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa800add4790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000089\</p><p>Lower Device Object: 0xfffffa800adcb060</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8009416060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IAAStorageDevice-1\</p><p>Lower Device Object: 0xfffffa800784a050</p><p>Lower Device Driver Name: \Driver\iaStor\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8009416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800922e8c0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8009416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800784a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E8BECE66</p><p>Partition information:</p><p> Partition 0 type is Other (0xde)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 80262</p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 81920 Numsec = 27783168</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 27865088 Numsec = 2902409216</p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p>Disk Size: 1500301910016 bytes</p><p>Sector size: 512 bytes</p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xfffffa800add4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800a8702e0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800add4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800adcb060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 2, DevicePointer: 0xfffffa800a26f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800aa5fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800a26f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800a875b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 3, DevicePointer: 0xfffffa800a26a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800a26fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800a26a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800adcb750, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 4, DevicePointer: 0xfffffa800a26d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800a26ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800a26d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800a882b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Infected: C:\Users\gem331\AppData\Local\Temp\F505.tmp --> [Backdoor.Bot]</p><p>Infected: C:\Users\gem331\AppData\Local\Temp\F5FE.tmp --> [Backdoor.Bot]</p><p>Infected: HKU\S-1-5-21-3145682528-433039331-1199355789-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zxkdocaukehh --> [Trojan.Agent]</p><p>Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent]</p><p>Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent]</p><p>Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent]</p><p>Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent]</p><p>Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01</p><p>Ran by gem331 (administrator) on GEM331-PC on 08-11-2014 10:05:41</p><p>Running from C:\Users\gem331\Downloads</p><p>Loaded Profile: gem331 (Available profiles: gem331)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p>==================== Processes (Whitelisted) =================</p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wisptis.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wisptis.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe</p><p>(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe</p><p>(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe</p><p>(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe</p><p>(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe</p><p>(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Akamai Technologies, Inc.) C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe</p><p>(Akamai Technologies, Inc.) C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe</p><p>() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe</p><p>(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe</p><p>(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64</p><p>HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64</p><p>HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)</p><p>HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)</p><p>HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)</p><p>HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)</p><p>HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()</p><p>HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)</p><p>HKLM\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\Run: [Akamai NetSession Interface] => C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)</p><p>HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\MountPoints2: {975c8cbb-636c-11e4-afa9-180373d27f7d} - I:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\MountPoints2: {be056ec8-f5f3-11e0-9606-806e6f6e6963} - D:\GW_Start.exe</p><p>==================== Internet (Whitelisted) ====================</p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.msn.com/USCON/1" target="_blank">http://g.msn.com/USCON/1</a></p><p>SearchScopes: HKCU - DefaultScope {411D77DA-5E4B-48B7-B8FA-0445AC1A2DD8} URL = <a href="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms" target="_blank">https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms</a>}</p><p>SearchScopes: HKCU - {411D77DA-5E4B-48B7-B8FA-0445AC1A2DD8} URL = <a href="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms" target="_blank">https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms</a>}</p><p>SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = </p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File</p><p>Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)</p><p>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)</p><p>Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>FireFox:</p><p>========</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()</p><p>FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Thunderbird\Extensions: [<a href="mailto:msktbird@mcafee.com">msktbird@mcafee.com</a>] - C:\Program Files\McAfee\MSK</p><p>FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-13]</p><p>Chrome: </p><p>=======</p><p>==================== Services (Whitelisted) =================</p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p>R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)</p><p>S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)</p><p>R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)</p><p>S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)</p><p>R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)</p><p>R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)</p><p>R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>S2 0127631414377148mcinstcleanup; C:\Windows\TEMP\012763~1.EXE -cleanup -nolog [X]</p><p>==================== Drivers (Whitelisted) ====================</p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p>R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)</p><p>R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)</p><p>R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)</p><p>R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)</p><p>R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)</p><p>R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)</p><p>S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)</p><p>R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)</p><p>S3 RDID1087; C:\Windows\System32\Drivers\rdwm1087.sys [81920 2009-09-18] (Roland Corporation)</p><p>S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]</p><p>==================== NetSvcs (Whitelisted) ===================</p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p>==================== One Month Created Files and Folders ========</p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p>2014-11-08 10:05 - 2014-11-08 10:06 - 00015462 _____ () C:\Users\gem331\Downloads\FRST.txt</p><p>2014-11-08 10:05 - 2014-11-08 10:05 - 02115584 _____ (Farbar) C:\Users\gem331\Downloads\FRST64.exe</p><p>2014-11-08 10:05 - 2014-11-08 10:05 - 00000000 ____D () C:\FRST</p><p>2014-11-08 10:03 - 2014-11-08 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee</p><p>2014-11-08 09:39 - 2014-11-08 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-11-08 09:38 - 2014-11-08 09:56 - 00000000 ____D () C:\Users\gem331\Desktop\mbar</p><p>2014-11-08 09:37 - 2014-11-08 09:37 - 14439144 _____ (Malwarebytes Corp.) C:\Users\gem331\Desktop\mbar-1.08.0.1001.exe</p><p>2014-11-08 08:27 - 2014-11-08 08:27 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6E9FAC9B-41B7-4491-8FFB-AEA6543EE021}</p><p>2014-11-07 07:16 - 2014-11-07 07:17 - 00000000 ____D () C:\Users\gem331\AppData\Local\{30503B1B-0BCD-495E-8416-0BFCD85AADB3}</p><p>2014-11-06 09:17 - 2014-11-06 09:17 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6288C66B-720A-4FA1-BE2A-7E37122EEE50}</p><p>2014-11-05 20:53 - 2014-11-05 20:56 - 00000000 ____D () C:\Users\gem331\Documents\Legal Writing Course Backup Nov 2014</p><p>2014-11-05 20:10 - 2014-11-05 20:10 - 00000000 ____D () C:\Users\gem331\AppData\Local\{86E1F00A-59CF-47A9-BDFB-7C750683C7D5}</p><p>2014-11-05 07:06 - 2014-11-05 07:06 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2A4280EC-EB53-4EED-B470-016798B52591}</p><p>2014-11-04 10:56 - 2014-11-08 09:39 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-04 10:55 - 2014-11-08 09:38 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-04 10:55 - 2014-11-04 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-04 10:55 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-11-04 10:55 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-11-04 07:57 - 2014-11-04 07:58 - 00000000 ____D () C:\Users\gem331\AppData\Local\{52499621-7079-4A69-A05F-2A79E208F484}</p><p>2014-11-03 09:21 - 2014-11-03 09:21 - 00000000 ____D () C:\Users\gem331\AppData\Local\{29E607CB-C851-4706-A808-0D3B449EB4ED}</p><p>2014-11-01 18:55 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-11-01 18:55 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2014-11-01 18:55 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-11-01 18:55 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-11-01 18:55 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-11-01 18:55 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-11-01 18:55 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-11-01 18:55 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-11-01 18:55 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-11-01 18:55 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-11-01 18:55 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-11-01 18:55 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-11-01 18:55 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-11-01 18:55 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-11-01 18:55 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-11-01 18:55 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-11-01 18:55 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-11-01 18:55 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-11-01 18:55 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-11-01 18:55 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-11-01 18:55 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-11-01 18:55 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-11-01 18:55 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-11-01 18:55 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-11-01 18:55 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-11-01 18:55 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-11-01 18:55 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL</p><p>2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL</p><p>2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL</p><p>2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL</p><p>2014-11-01 18:55 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL</p><p>2014-11-01 18:55 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL</p><p>2014-11-01 18:55 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL</p><p>2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL</p><p>2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL</p><p>2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL</p><p>2014-11-01 18:55 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls</p><p>2014-11-01 18:55 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll</p><p>2014-11-01 18:55 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll</p><p>2014-11-01 18:54 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll</p><p>2014-11-01 18:54 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll</p><p>2014-11-01 18:53 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2014-11-01 18:52 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe</p><p>2014-11-01 18:52 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2014-11-01 18:52 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys</p><p>2014-11-01 18:52 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys</p><p>2014-11-01 18:51 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll</p><p>2014-11-01 18:51 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll</p><p>2014-11-01 17:37 - 2014-11-01 17:37 - 00000278 _____ () C:\ProgramData\INSTALL_TOR.URL</p><p>2014-11-01 16:32 - 2014-11-01 17:33 - 00000424 _____ () C:\ProgramData\@system.temp</p><p>2014-11-01 16:32 - 2014-11-01 17:33 - 00000160 ____H () C:\ProgramData\@system3.att</p><p>2014-11-01 16:32 - 2014-11-01 16:32 - 00000896 ____H () C:\Users\gem331\AppData\Roaming\麽鎒駓覜</p><p>2014-11-01 06:58 - 2014-11-01 06:58 - 00000000 ____D () C:\Users\gem331\AppData\Local\{13B9259C-8B09-465E-80B7-D59CD3F386D1}</p><p>2014-10-31 09:32 - 2014-11-05 12:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\Idsoft</p><p>2014-10-31 09:32 - 2014-11-05 12:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\Eljtion</p><p>2014-10-31 05:59 - 2014-10-31 05:59 - 00000000 ____D () C:\Users\gem331\AppData\Local\{3E8C0C27-013A-458C-8EAD-5984FCE46C00}</p><p>2014-10-30 08:04 - 2014-10-30 08:04 - 00000000 ____D () C:\Users\gem331\AppData\Local\{C2764EF1-C84F-4ECD-88B3-48B7CF1D4216}</p><p>2014-10-29 19:24 - 2014-10-29 19:25 - 00000000 ____D () C:\Users\gem331\AppData\Local\{5F07EBF4-966A-49BE-8D98-3398D5B5EB19}</p><p>2014-10-29 05:45 - 2014-10-29 05:45 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2843912C-9623-4B64-BF15-9B191F6325E1}</p><p>2014-10-28 08:47 - 2014-10-28 08:47 - 00000000 ____D () C:\Users\gem331\AppData\Local\{580CE6C9-B84F-4B34-AB1A-80CAF8C47F2E}</p><p>2014-10-27 18:59 - 2014-10-27 19:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6AED27B9-0556-4022-BFA3-79FB6B2015E1}</p><p>2014-10-27 06:59 - 2014-10-27 06:59 - 00000000 ____D () C:\Users\gem331\AppData\Local\{0D14DF02-A5A3-4C07-9F15-F1DAD5DB55C2}</p><p>2014-10-26 12:59 - 2014-10-26 12:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</p><p>2014-10-26 12:59 - 2014-10-26 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</p><p>2014-10-26 12:59 - 2014-10-26 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe</p><p>2014-10-26 12:59 - 2014-10-26 12:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</p><p>2014-10-26 11:05 - 2014-10-26 11:05 - 00007606 _____ () C:\Users\gem331\AppData\Local\Resmon.ResmonCfg</p><p>2014-10-26 10:48 - 2014-10-26 10:48 - 00000000 ____D () C:\Users\gem331\AppData\Local\{937C637A-5591-4F6D-8A60-41D442F4CA1F}</p><p>2014-10-25 07:28 - 2014-10-25 07:28 - 00000000 ____D () C:\Users\gem331\AppData\Local\{5FCFC80F-7105-4242-B664-7C18EDD48A52}</p><p>2014-10-24 06:38 - 2014-10-24 06:38 - 00000000 ____D () C:\Users\gem331\AppData\Local\{67B6727E-008E-4144-A660-8B4CC726ABF1}</p><p>2014-10-23 04:10 - 2014-10-23 04:10 - 00000000 ____D () C:\Users\gem331\AppData\Local\{F701A27E-BD51-4E8F-8FC6-6AA70B3C3770}</p><p>2014-10-22 17:48 - 2014-10-26 12:50 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}</p><p>2014-10-22 06:28 - 2014-10-22 06:28 - 00000000 ____D () C:\Users\gem331\AppData\Local\{24618734-49BA-448E-818E-EF010B2E58B6}</p><p>2014-10-21 08:43 - 2014-10-21 08:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{9A1A05A1-0E48-464C-9E1A-BE8DCA5D88AD}</p><p>2014-10-20 20:43 - 2014-10-20 20:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{D205F36A-4962-4B6A-8063-017EFDD52BDD}</p><p>2014-10-20 08:43 - 2014-10-20 08:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2DBF80D5-B7C0-4495-87AC-1CDC7FA7DCB2}</p><p>2014-10-16 03:40 - 2014-10-16 03:41 - 00000000 ____D () C:\Users\gem331\AppData\Local\{96E05496-5377-4A41-A9C3-C28CBC0874AC}</p><p>2014-10-15 15:39 - 2014-10-15 15:40 - 00000000 ____D () C:\Users\gem331\AppData\Local\{808FD0BA-2954-4AF0-B729-C60774953B28}</p><p>2014-10-15 04:56 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll</p><p>2014-10-15 03:39 - 2014-10-15 03:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{4481E1AE-C998-4EBE-8636-A315D253DB4B}</p><p>2014-10-14 06:30 - 2014-10-14 06:30 - 00000000 ____D () C:\Users\gem331\AppData\Local\{3D2868F4-CFA4-4D55-85DA-E36FA64D7B74}</p><p>2014-10-13 06:32 - 2014-10-13 06:32 - 00000000 ____D () C:\Users\gem331\AppData\Local\{95EEF9BD-E48C-4B73-A371-C2E328DC12D4}</p><p>2014-10-12 07:00 - 2014-10-12 07:01 - 00000000 ____D () C:\Users\gem331\AppData\Local\{673EDE01-2603-4E61-9363-726296999E07}</p><p>2014-10-11 18:39 - 2014-10-11 18:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{37405407-2CB1-4901-858C-6B4AC9329085}</p><p>2014-10-11 06:38 - 2014-10-11 06:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{72613B2A-4D82-437E-ABA3-D8D37EA8BAE7}</p><p>2014-10-10 18:23 - 2014-10-10 18:24 - 00000000 ____D () C:\Users\gem331\AppData\Local\{1F6EC818-989D-4830-888F-D5627B60F1B3}</p><p>2014-10-10 06:22 - 2014-10-10 06:22 - 00000000 ____D () C:\Users\gem331\AppData\Local\{8E913B29-6AD7-408E-B955-D4855A12D170}</p><p>2014-10-09 16:31 - 2014-10-09 16:31 - 00000000 ____D () C:\Users\gem331\AppData\Local\{E59D85C1-D528-4E01-B9E2-D432C578F32D}</p><p>2014-10-09 03:32 - 2014-10-09 03:32 - 00000000 ____D () C:\Users\gem331\AppData\Local\{DC1FEA68-0374-4DFA-9E3E-77D18947B052}</p><p>==================== One Month Modified Files and Folders =======</p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p>2014-11-08 10:05 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-08 10:05 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-08 10:02 - 2011-10-13 15:38 - 01661686 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-08 10:02 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-11-08 09:58 - 2013-12-03 21:34 - 00000000 ____D () C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}</p><p>2014-11-08 09:58 - 2011-10-13 16:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks</p><p>2014-11-08 09:58 - 2011-10-13 16:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks</p><p>2014-11-08 09:58 - 2011-10-13 15:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2014-11-08 09:58 - 2010-11-20 21:47 - 00257704 _____ () C:\Windows\PFRO.log</p><p>2014-11-08 09:58 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\addins</p><p>2014-11-08 09:58 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-11-08 09:58 - 2009-07-13 22:51 - 00071100 _____ () C:\Windows\setupact.log</p><p>2014-11-08 09:49 - 2012-04-27 08:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-11-07 18:38 - 2013-04-14 07:24 - 00000000 ____D () C:\Users\gem331\AppData\Local\Google</p><p>2014-11-07 10:48 - 2013-05-21 16:35 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask</p><p>2014-11-05 13:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-11-05 12:00 - 2014-09-01 20:48 - 00000000 ____D () C:\Users\gem331\.pdftool</p><p>2014-11-05 12:00 - 2013-01-24 15:11 - 00000000 ____D () C:\Users\gem331\AppData\Local\Akamai</p><p>2014-11-05 12:00 - 2011-11-20 10:31 - 00000000 ____D () C:\Users\gem331\AppData\Local\Apple Computer</p><p>2014-11-05 12:00 - 2011-11-15 14:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\Dell</p><p>2014-11-05 11:59 - 2011-10-13 16:05 - 00000000 ____D () C:\ProgramData\Sonic</p><p>2014-11-05 11:59 - 2011-10-13 15:52 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-11-04 12:34 - 2012-09-17 13:16 - 00000000 ____D () C:\Users\gem331\Documents\Legal Writing</p><p>2014-11-04 11:08 - 2014-07-11 06:46 - 00000000 ____D () C:\Users\gem331\AppData\Roaming\Search Protection</p><p>2014-11-03 09:18 - 2009-07-13 22:45 - 00357504 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-11-03 09:17 - 2014-05-06 15:10 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-11-01 19:55 - 2011-11-15 15:14 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-11-01 19:51 - 2013-08-17 13:51 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-11-01 19:48 - 2011-11-15 14:47 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-11-01 18:39 - 2011-11-15 14:35 - 00000000 ____D () C:\Users\gem331</p><p>2014-11-01 18:34 - 2014-09-24 16:07 - 00000000 ____D () C:\Program Files (x86)\iTunes</p><p>2014-11-01 18:34 - 2014-08-30 13:55 - 00000000 ____D () C:\Windows\system32\WTablet</p><p>2014-11-01 18:34 - 2013-11-02 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java</p><p>2014-11-01 18:34 - 2011-11-20 10:30 - 00000000 ____D () C:\Program Files\Bonjour</p><p>2014-11-01 18:34 - 2011-10-13 16:07 - 00000000 ____D () C:\Program Files (x86)\McAfee</p><p>2014-11-01 18:34 - 2011-10-13 15:48 - 00000000 ____D () C:\Program Files (x86)\Multimedia Card Reader(9106)</p><p>2014-11-01 18:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat</p><p>2014-11-01 18:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared</p><p>2014-11-01 18:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration</p><p>2014-10-27 02:23 - 2013-04-14 07:24 - 00000000 ____D () C:\Program Files\Google</p><p>2014-10-27 02:23 - 2013-04-14 07:24 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2014-10-26 12:59 - 2013-11-02 08:43 - 00000000 ____D () C:\ProgramData\Oracle</p><p>2014-10-26 12:59 - 2011-10-13 15:46 - 00000000 ____D () C:\Program Files (x86)\Java</p><p>2014-10-26 12:50 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD</p><p>2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions</p><p>2014-10-26 12:43 - 2012-12-17 07:41 - 00000000 ____D () C:\Users\gem331\AppData\Local\{1A5E79B2-D5FF-4346-A149-DC16864A4CB7}</p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\gem331\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe</p><p>C:\Users\gem331\AppData\Local\Temp\ose00000.exe</p><p></p><p>==================== Bamital & volsnap Check =================</p><p>(There is no automatic fix for files that do not pass verification.)</p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2014-11-05 13:42</p><p>==================== End Of Log ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01</p><p>Ran by gem331 at 2014-11-08 10:07:03</p><p>Running from C:\Users\gem331\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p>==================== Security Center ========================</p><p>(If an entry is included in the fixlist, it will be removed.)</p><p>AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}</p><p>AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}</p><p>==================== Installed Programs ======================</p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)</p><p>Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)</p><p>Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)</p><p>AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)</p><p>Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden</p><p>Audio Creator LE 1.5 (HKLM-x32\...\AudioCreator_is1) (Version: 1.5 - Cakewalk Music Software)</p><p>Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)</p><p>Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)</p><p>Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)</p><p>Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)</p><p>Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)</p><p>Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)</p><p>Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)</p><p>Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)</p><p>Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)</p><p>Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden</p><p>Dimension Pro (HKLM-x32\...\Cakewalk Dimension Pro_is1) (Version: 1.0 - Cakewalk Music Software)</p><p>DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden</p><p>DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)</p><p>Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.0 - EZ Freeware)</p><p>Guru (HKLM-x32\...\Guru) (Version: "1.0.0" - "FXpansion")</p><p>Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)</p><p>iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)</p><p>Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)</p><p>Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>JUNO Series Driver (HKLM\...\RolandRDID0087) (Version: - Roland Corporation)</p><p>K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )</p><p>KTGranulator 1.2 (HKLM-x32\...\KTGranulator_is1) (Version: 1.2 - Koen Tanghe for Smartelectronix)</p><p>LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)</p><p>LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden</p><p>LeapFrog Leapster Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)</p><p>Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden</p><p>My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)</p><p>PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)</p><p>Pen Tablet (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)</p><p>PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden</p><p>QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)</p><p>Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)</p><p>Roxio File Backup (Version: 1.3.2 - Roxio) Hidden</p><p>Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)</p><p>Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)</p><p>SONAR Home Studio 7 (HKLM-x32\...\SONARHome7_is1) (Version: 17.0 - Cakewalk Music Software)</p><p>Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden</p><p>Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - )</p><p>THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog)</p><p>Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>==================== Custom CLSID (selected items): ==========================</p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>==================== Restore Points =========================</p><p>02-11-2014 00:07:34 Restore Operation</p><p>02-11-2014 01:47:46 Windows Update</p><p>08-11-2014 15:55:50 Malwarebytes Anti-Rootkit Restore Point</p><p>==================== Hosts content: ==========================</p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p>2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>==================== Scheduled Tasks (whitelisted) =============</p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p>Task: {0AA287C3-1423-48D5-954D-C042A4A1B606} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)</p><p>Task: {6E70FB4A-65D0-4825-B0A7-E08AA4E92EC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)</p><p>Task: {AF4DF9B4-E66B-4538-A869-7E79A17D68B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)</p><p>Task: {CB25AFA1-6110-40E6-8AF9-1C628313745A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe</p><p>Task: {E560F6E3-21AA-420A-9890-4C4945EFED6D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)</p><p>Task: {EA97AAD7-5A15-4715-B47B-21985BC9A3DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>==================== Loaded Modules (whitelisted) =============</p><p>2010-06-06 08:20 - 2010-06-06 08:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll</p><p>2011-10-13 15:51 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE</p><p>2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe</p><p>2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll</p><p>2014-11-04 15:40 - 2014-11-04 15:40 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll</p><p>2011-10-13 15:46 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll</p><p>==================== Alternate Data Streams (whitelisted) =========</p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"</p><p>==================== EXE Association (whitelisted) =============</p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>========================= Accounts: ==========================</p><p>Administrator (S-1-5-21-3145682528-433039331-1199355789-500 - Administrator - Disabled)</p><p>gem331 (S-1-5-21-3145682528-433039331-1199355789-1000 - Administrator - Enabled) => C:\Users\gem331</p><p>Guest (S-1-5-21-3145682528-433039331-1199355789-501 - Limited - Disabled)</p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>==================== Event log errors: =========================</p><p>Application errors:</p><p>==================</p><p>Error: (11/08/2014 10:00:17 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p>Error: (11/08/2014 08:43:35 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: Zdkcbkh.exe, version: 36.0.1985.143, time stamp: 0x53e2e515</p><p>Faulting module name: zxkdocaukehh.dll, version: 7.0.4.453, time stamp: 0x545cc1c5</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x000140fb</p><p>Faulting process id: 0x2978</p><p>Faulting application start time: 0xZdkcbkh.exe0</p><p>Faulting application path: Zdkcbkh.exe1</p><p>Faulting module path: Zdkcbkh.exe2</p><p>Report Id: Zdkcbkh.exe3</p><p>Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 8002</p><p>Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 8002</p><p>Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p>Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 7004</p><p>Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 7004</p><p>Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p>Error: (11/07/2014 08:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 6006</p><p>Error: (11/07/2014 08:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 6006</p><p></p><p>System errors:</p><p>=============</p><p>Error: (11/05/2014 08:54:13 PM) (Source: Disk) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Harddisk1\DR9.</p><p>Error: (11/05/2014 08:54:12 PM) (Source: Disk) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Harddisk1\DR9.</p><p>Error: (11/04/2014 03:41:41 PM) (Source: Disk) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Harddisk1\DR7.</p><p>Error: (11/04/2014 11:40:42 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {209500FC-6B45-4693-8871-6296C4843751}</p><p>Error: (11/03/2014 11:31:23 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {209500FC-6B45-4693-8871-6296C4843751}</p><p>Error: (11/03/2014 09:20:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.</p><p>Error: (11/03/2014 09:19:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.</p><p>Error: (11/01/2014 06:39:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The Windows Firewall service terminated with service-specific error %%5.</p><p>Error: (11/01/2014 05:39:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )</p><p>Description: The Windows Update service hung on starting.</p><p>Error: (11/01/2014 05:34:08 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (03/12/2014 07:44:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 72389 seconds with 420 seconds of active time. This session ended with a crash.</p><p></p><p>==================== Memory info ===========================</p><p>Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz</p><p>Percentage of memory in use: 26%</p><p>Total physical RAM: 8174.45 MB</p><p>Available physical RAM: 5984.67 MB</p><p>Total Pagefile: 16347.07 MB</p><p>Available Pagefile: 13816.75 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p>==================== Drives ================================</p><p>Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:1231.65 GB) NTFS</p><p>==================== MBR & Partition Table ==================</p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: E8BECE66)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)</p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="JakeStone, post: 294898, member: 30408"] Thank you!! Malwarebytes Anti-Rootkit BETA 1.08.0.1001 [URL='http://www.malwarebytes.org']www.malwarebytes.org[/URL] Database version: v2014.11.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 gem331 :: GEM331-PC [administrator] 11/8/2014 9:39:35 AM mbar-log-2014-11-08 (09-39-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 326335 Time elapsed: 15 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 4 C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKU\S-1-5-21-3145682528-433039331-1199355789-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zxkdocaukehh (Trojan.Agent) -> Data: regsvr32.exe /s "C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll" -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\gem331\AppData\Local\Temp\F505.tmp (Backdoor.Bot) -> Delete on reboot. [77db1326d5a76fc771f0835ca8591ae6] C:\Users\gem331\AppData\Local\Temp\F5FE.tmp (Backdoor.Bot) -> Delete on reboot. [0e44bd7c9ddf4ee8412014cb0ef3d22e] C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll (Trojan.Agent) -> Delete on reboot. [58fa2910304c22145bd08159d92a55ab] Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.392000 GHz Memory total: 8571527168, free: 4351533056 Downloaded database version: v2014.11.08.02 Downloaded database version: v2014.11.01.02 ======================================= Initializing... ------------ Kernel report ------------ 11/08/2014 09:39:28 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\wacomvhid.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\WacomVKHid.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\wacommousefilter.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\mfencbdc.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\cfwids.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\sechost.dll \Windows\System32\urlmon.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\wininet.dll \Windows\System32\iertutil.dll \Windows\System32\ole32.dll \Windows\System32\difxapi.dll \Windows\System32\comdlg32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\nsi.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\advapi32.dll \Windows\System32\gdi32.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\userenv.dll \Windows\System32\devobj.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800a26d060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008c\ Lower Device Object: 0xfffffa800a882b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800a26a060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xfffffa800adcb750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800a26f060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008a\ Lower Device Object: 0xfffffa800a875b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800add4790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000089\ Lower Device Object: 0xfffffa800adcb060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8009416060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800784a050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800922e8c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800784a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E8BECE66 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 27783168 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 27865088 Numsec = 2902409216 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1500301910016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800add4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a8702e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800add4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800adcb060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800a26f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800aa5fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a26f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a875b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800a26a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a26fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a26a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800adcb750, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800a26d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a26ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a26d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a882b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: C:\Users\gem331\AppData\Local\Temp\F505.tmp --> [Backdoor.Bot] Infected: C:\Users\gem331\AppData\Local\Temp\F5FE.tmp --> [Backdoor.Bot] Infected: HKU\S-1-5-21-3145682528-433039331-1199355789-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zxkdocaukehh --> [Trojan.Agent] Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent] Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent] Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent] Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent] Infected: C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9}\zxkdocaukehh.dll --> [Trojan.Agent] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01 Ran by gem331 (administrator) on GEM331-PC on 08-11-2014 10:05:41 Running from C:\Users\gem331\Downloads Loaded Profile: gem331 (Available profiles: gem331) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Akamai Technologies, Inc.) C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\Run: [Akamai NetSession Interface] => C:\Users\gem331\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\MountPoints2: {975c8cbb-636c-11e4-afa9-180373d27f7d} - I:\LaunchU3.exe -a HKU\S-1-5-21-3145682528-433039331-1199355789-1000\...\MountPoints2: {be056ec8-f5f3-11e0-9606-806e6f6e6963} - D:\GW_Start.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://g.msn.com/USCON/1[/url] SearchScopes: HKCU - DefaultScope {411D77DA-5E4B-48B7-B8FA-0445AC1A2DD8} URL = [url]https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms[/url]} SearchScopes: HKCU - {411D77DA-5E4B-48B7-B8FA-0445AC1A2DD8} URL = [url]https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms[/url]} SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [[email]msktbird@mcafee.com[/email]] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 0127631414377148mcinstcleanup; C:\Windows\TEMP\012763~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) S3 RDID1087; C:\Windows\System32\Drivers\rdwm1087.sys [81920 2009-09-18] (Roland Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-08 10:05 - 2014-11-08 10:06 - 00015462 _____ () C:\Users\gem331\Downloads\FRST.txt 2014-11-08 10:05 - 2014-11-08 10:05 - 02115584 _____ (Farbar) C:\Users\gem331\Downloads\FRST64.exe 2014-11-08 10:05 - 2014-11-08 10:05 - 00000000 ____D () C:\FRST 2014-11-08 10:03 - 2014-11-08 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-11-08 09:39 - 2014-11-08 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-08 09:38 - 2014-11-08 09:56 - 00000000 ____D () C:\Users\gem331\Desktop\mbar 2014-11-08 09:37 - 2014-11-08 09:37 - 14439144 _____ (Malwarebytes Corp.) C:\Users\gem331\Desktop\mbar-1.08.0.1001.exe 2014-11-08 08:27 - 2014-11-08 08:27 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6E9FAC9B-41B7-4491-8FFB-AEA6543EE021} 2014-11-07 07:16 - 2014-11-07 07:17 - 00000000 ____D () C:\Users\gem331\AppData\Local\{30503B1B-0BCD-495E-8416-0BFCD85AADB3} 2014-11-06 09:17 - 2014-11-06 09:17 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6288C66B-720A-4FA1-BE2A-7E37122EEE50} 2014-11-05 20:53 - 2014-11-05 20:56 - 00000000 ____D () C:\Users\gem331\Documents\Legal Writing Course Backup Nov 2014 2014-11-05 20:10 - 2014-11-05 20:10 - 00000000 ____D () C:\Users\gem331\AppData\Local\{86E1F00A-59CF-47A9-BDFB-7C750683C7D5} 2014-11-05 07:06 - 2014-11-05 07:06 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2A4280EC-EB53-4EED-B470-016798B52591} 2014-11-04 10:56 - 2014-11-08 09:39 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-04 10:55 - 2014-11-08 09:38 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-04 10:55 - 2014-11-04 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-04 10:55 - 2014-11-04 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-04 10:55 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-04 10:55 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-04 07:57 - 2014-11-04 07:58 - 00000000 ____D () C:\Users\gem331\AppData\Local\{52499621-7079-4A69-A05F-2A79E208F484} 2014-11-03 09:21 - 2014-11-03 09:21 - 00000000 ____D () C:\Users\gem331\AppData\Local\{29E607CB-C851-4706-A808-0D3B449EB4ED} 2014-11-01 18:55 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-01 18:55 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-01 18:55 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-01 18:55 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-01 18:55 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-01 18:55 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-01 18:55 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-01 18:55 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-01 18:55 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-01 18:55 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-01 18:55 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-01 18:55 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-01 18:55 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-01 18:55 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-01 18:55 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-01 18:55 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-01 18:55 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-01 18:55 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-01 18:55 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-01 18:55 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-01 18:55 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-01 18:55 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-01 18:55 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-01 18:55 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-01 18:55 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-01 18:55 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-01 18:55 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-01 18:55 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-01 18:55 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-01 18:55 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-01 18:55 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-01 18:55 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-01 18:55 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-01 18:55 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-01 18:55 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-01 18:55 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-01 18:55 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-01 18:55 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-01 18:55 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-01 18:55 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-01 18:55 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-01 18:55 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-01 18:55 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-01 18:55 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-01 18:55 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-01 18:55 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-01 18:55 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-01 18:55 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-01 18:55 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-01 18:55 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-01 18:55 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-01 18:55 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-01 18:55 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-01 18:55 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-01 18:55 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-01 18:55 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-01 18:55 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-01 18:55 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-01 18:55 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-01 18:55 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-11-01 18:55 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-11-01 18:55 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-11-01 18:55 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-11-01 18:55 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-11-01 18:55 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-11-01 18:55 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-11-01 18:55 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-11-01 18:55 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-11-01 18:55 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-11-01 18:55 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-11-01 18:55 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-11-01 18:55 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-11-01 18:55 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-11-01 18:54 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-01 18:54 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-01 18:53 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-11-01 18:52 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-01 18:52 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-01 18:52 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-01 18:52 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-11-01 18:52 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-11-01 18:52 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-11-01 18:52 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-11-01 18:52 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-01 18:52 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-01 18:52 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-11-01 18:52 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-11-01 18:51 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-01 18:51 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-01 17:37 - 2014-11-01 17:37 - 00000278 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-11-01 16:32 - 2014-11-01 17:33 - 00000424 _____ () C:\ProgramData\@system.temp 2014-11-01 16:32 - 2014-11-01 17:33 - 00000160 ____H () C:\ProgramData\@system3.att 2014-11-01 16:32 - 2014-11-01 16:32 - 00000896 ____H () C:\Users\gem331\AppData\Roaming\麽鎒駓覜 2014-11-01 06:58 - 2014-11-01 06:58 - 00000000 ____D () C:\Users\gem331\AppData\Local\{13B9259C-8B09-465E-80B7-D59CD3F386D1} 2014-10-31 09:32 - 2014-11-05 12:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\Idsoft 2014-10-31 09:32 - 2014-11-05 12:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\Eljtion 2014-10-31 05:59 - 2014-10-31 05:59 - 00000000 ____D () C:\Users\gem331\AppData\Local\{3E8C0C27-013A-458C-8EAD-5984FCE46C00} 2014-10-30 08:04 - 2014-10-30 08:04 - 00000000 ____D () C:\Users\gem331\AppData\Local\{C2764EF1-C84F-4ECD-88B3-48B7CF1D4216} 2014-10-29 19:24 - 2014-10-29 19:25 - 00000000 ____D () C:\Users\gem331\AppData\Local\{5F07EBF4-966A-49BE-8D98-3398D5B5EB19} 2014-10-29 05:45 - 2014-10-29 05:45 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2843912C-9623-4B64-BF15-9B191F6325E1} 2014-10-28 08:47 - 2014-10-28 08:47 - 00000000 ____D () C:\Users\gem331\AppData\Local\{580CE6C9-B84F-4B34-AB1A-80CAF8C47F2E} 2014-10-27 18:59 - 2014-10-27 19:00 - 00000000 ____D () C:\Users\gem331\AppData\Local\{6AED27B9-0556-4022-BFA3-79FB6B2015E1} 2014-10-27 06:59 - 2014-10-27 06:59 - 00000000 ____D () C:\Users\gem331\AppData\Local\{0D14DF02-A5A3-4C07-9F15-F1DAD5DB55C2} 2014-10-26 12:59 - 2014-10-26 12:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-26 12:59 - 2014-10-26 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-26 12:59 - 2014-10-26 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-26 12:59 - 2014-10-26 12:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-26 11:05 - 2014-10-26 11:05 - 00007606 _____ () C:\Users\gem331\AppData\Local\Resmon.ResmonCfg 2014-10-26 10:48 - 2014-10-26 10:48 - 00000000 ____D () C:\Users\gem331\AppData\Local\{937C637A-5591-4F6D-8A60-41D442F4CA1F} 2014-10-25 07:28 - 2014-10-25 07:28 - 00000000 ____D () C:\Users\gem331\AppData\Local\{5FCFC80F-7105-4242-B664-7C18EDD48A52} 2014-10-24 06:38 - 2014-10-24 06:38 - 00000000 ____D () C:\Users\gem331\AppData\Local\{67B6727E-008E-4144-A660-8B4CC726ABF1} 2014-10-23 04:10 - 2014-10-23 04:10 - 00000000 ____D () C:\Users\gem331\AppData\Local\{F701A27E-BD51-4E8F-8FC6-6AA70B3C3770} 2014-10-22 17:48 - 2014-10-26 12:50 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-10-22 06:28 - 2014-10-22 06:28 - 00000000 ____D () C:\Users\gem331\AppData\Local\{24618734-49BA-448E-818E-EF010B2E58B6} 2014-10-21 08:43 - 2014-10-21 08:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{9A1A05A1-0E48-464C-9E1A-BE8DCA5D88AD} 2014-10-20 20:43 - 2014-10-20 20:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{D205F36A-4962-4B6A-8063-017EFDD52BDD} 2014-10-20 08:43 - 2014-10-20 08:43 - 00000000 ____D () C:\Users\gem331\AppData\Local\{2DBF80D5-B7C0-4495-87AC-1CDC7FA7DCB2} 2014-10-16 03:40 - 2014-10-16 03:41 - 00000000 ____D () C:\Users\gem331\AppData\Local\{96E05496-5377-4A41-A9C3-C28CBC0874AC} 2014-10-15 15:39 - 2014-10-15 15:40 - 00000000 ____D () C:\Users\gem331\AppData\Local\{808FD0BA-2954-4AF0-B729-C60774953B28} 2014-10-15 04:56 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 03:39 - 2014-10-15 03:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{4481E1AE-C998-4EBE-8636-A315D253DB4B} 2014-10-14 06:30 - 2014-10-14 06:30 - 00000000 ____D () C:\Users\gem331\AppData\Local\{3D2868F4-CFA4-4D55-85DA-E36FA64D7B74} 2014-10-13 06:32 - 2014-10-13 06:32 - 00000000 ____D () C:\Users\gem331\AppData\Local\{95EEF9BD-E48C-4B73-A371-C2E328DC12D4} 2014-10-12 07:00 - 2014-10-12 07:01 - 00000000 ____D () C:\Users\gem331\AppData\Local\{673EDE01-2603-4E61-9363-726296999E07} 2014-10-11 18:39 - 2014-10-11 18:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{37405407-2CB1-4901-858C-6B4AC9329085} 2014-10-11 06:38 - 2014-10-11 06:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\{72613B2A-4D82-437E-ABA3-D8D37EA8BAE7} 2014-10-10 18:23 - 2014-10-10 18:24 - 00000000 ____D () C:\Users\gem331\AppData\Local\{1F6EC818-989D-4830-888F-D5627B60F1B3} 2014-10-10 06:22 - 2014-10-10 06:22 - 00000000 ____D () C:\Users\gem331\AppData\Local\{8E913B29-6AD7-408E-B955-D4855A12D170} 2014-10-09 16:31 - 2014-10-09 16:31 - 00000000 ____D () C:\Users\gem331\AppData\Local\{E59D85C1-D528-4E01-B9E2-D432C578F32D} 2014-10-09 03:32 - 2014-10-09 03:32 - 00000000 ____D () C:\Users\gem331\AppData\Local\{DC1FEA68-0374-4DFA-9E3E-77D18947B052} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-08 10:05 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-08 10:05 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-08 10:02 - 2011-10-13 15:38 - 01661686 _____ () C:\Windows\WindowsUpdate.log 2014-11-08 10:02 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-08 09:58 - 2013-12-03 21:34 - 00000000 ____D () C:\Users\gem331\AppData\Local\{8D0DF7B4-594E-43F8-A24B-5C14FABB51D9} 2014-11-08 09:58 - 2011-10-13 16:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-11-08 09:58 - 2011-10-13 16:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-11-08 09:58 - 2011-10-13 15:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-11-08 09:58 - 2010-11-20 21:47 - 00257704 _____ () C:\Windows\PFRO.log 2014-11-08 09:58 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\addins 2014-11-08 09:58 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-08 09:58 - 2009-07-13 22:51 - 00071100 _____ () C:\Windows\setupact.log 2014-11-08 09:49 - 2012-04-27 08:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-07 18:38 - 2013-04-14 07:24 - 00000000 ____D () C:\Users\gem331\AppData\Local\Google 2014-11-07 10:48 - 2013-05-21 16:35 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-11-05 13:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-11-05 12:00 - 2014-09-01 20:48 - 00000000 ____D () C:\Users\gem331\.pdftool 2014-11-05 12:00 - 2013-01-24 15:11 - 00000000 ____D () C:\Users\gem331\AppData\Local\Akamai 2014-11-05 12:00 - 2011-11-20 10:31 - 00000000 ____D () C:\Users\gem331\AppData\Local\Apple Computer 2014-11-05 12:00 - 2011-11-15 14:39 - 00000000 ____D () C:\Users\gem331\AppData\Local\Dell 2014-11-05 11:59 - 2011-10-13 16:05 - 00000000 ____D () C:\ProgramData\Sonic 2014-11-05 11:59 - 2011-10-13 15:52 - 00000000 ____D () C:\ProgramData\Skype 2014-11-04 12:34 - 2012-09-17 13:16 - 00000000 ____D () C:\Users\gem331\Documents\Legal Writing 2014-11-04 11:08 - 2014-07-11 06:46 - 00000000 ____D () C:\Users\gem331\AppData\Roaming\Search Protection 2014-11-03 09:18 - 2009-07-13 22:45 - 00357504 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-03 09:17 - 2014-05-06 15:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-01 19:55 - 2011-11-15 15:14 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-01 19:51 - 2013-08-17 13:51 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-01 19:48 - 2011-11-15 14:47 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-01 18:39 - 2011-11-15 14:35 - 00000000 ____D () C:\Users\gem331 2014-11-01 18:34 - 2014-09-24 16:07 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-11-01 18:34 - 2014-08-30 13:55 - 00000000 ____D () C:\Windows\system32\WTablet 2014-11-01 18:34 - 2013-11-02 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-01 18:34 - 2011-11-20 10:30 - 00000000 ____D () C:\Program Files\Bonjour 2014-11-01 18:34 - 2011-10-13 16:07 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-01 18:34 - 2011-10-13 15:48 - 00000000 ____D () C:\Program Files (x86)\Multimedia Card Reader(9106) 2014-11-01 18:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat 2014-11-01 18:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-11-01 18:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration 2014-10-27 02:23 - 2013-04-14 07:24 - 00000000 ____D () C:\Program Files\Google 2014-10-27 02:23 - 2013-04-14 07:24 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-26 12:59 - 2013-11-02 08:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-26 12:59 - 2011-10-13 15:46 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-26 12:50 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-26 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-26 12:43 - 2012-12-17 07:41 - 00000000 ____D () C:\Users\gem331\AppData\Local\{1A5E79B2-D5FF-4346-A149-DC16864A4CB7} Some content of TEMP: ==================== C:\Users\gem331\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\gem331\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 13:42 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01 Ran by gem331 at 2014-11-08 10:07:03 Running from C:\Users\gem331\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden Audio Creator LE 1.5 (HKLM-x32\...\AudioCreator_is1) (Version: 1.5 - Cakewalk Music Software) Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.) Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dimension Pro (HKLM-x32\...\Cakewalk Dimension Pro_is1) (Version: 1.0 - Cakewalk Music Software) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.) Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.0 - EZ Freeware) Guru (HKLM-x32\...\Guru) (Version: "1.0.0" - "FXpansion") Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden JUNO Series Driver (HKLM\...\RolandRDID0087) (Version: - Roland Corporation) K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) KTGranulator 1.2 (HKLM-x32\...\KTGranulator_is1) (Version: 1.2 - Koen Tanghe for Smartelectronix) LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog) LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden LeapFrog Leapster Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC) Pen Tablet (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) SONAR Home Studio 7 (HKLM-x32\...\SONARHome7_is1) (Version: 17.0 - Cakewalk Music Software) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - ) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 02-11-2014 00:07:34 Restore Operation 02-11-2014 01:47:46 Windows Update 08-11-2014 15:55:50 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AA287C3-1423-48D5-954D-C042A4A1B606} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {6E70FB4A-65D0-4825-B0A7-E08AA4E92EC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {AF4DF9B4-E66B-4538-A869-7E79A17D68B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {CB25AFA1-6110-40E6-8AF9-1C628313745A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E560F6E3-21AA-420A-9890-4C4945EFED6D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {EA97AAD7-5A15-4715-B47B-21985BC9A3DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-06-06 08:20 - 2010-06-06 08:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll 2011-10-13 15:51 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-11-04 15:40 - 2014-11-04 15:40 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-10-13 15:46 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3145682528-433039331-1199355789-500 - Administrator - Disabled) gem331 (S-1-5-21-3145682528-433039331-1199355789-1000 - Administrator - Enabled) => C:\Users\gem331 Guest (S-1-5-21-3145682528-433039331-1199355789-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/08/2014 10:00:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 08:43:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Zdkcbkh.exe, version: 36.0.1985.143, time stamp: 0x53e2e515 Faulting module name: zxkdocaukehh.dll, version: 7.0.4.453, time stamp: 0x545cc1c5 Exception code: 0xc0000005 Fault offset: 0x000140fb Faulting process id: 0x2978 Faulting application start time: 0xZdkcbkh.exe0 Faulting application path: Zdkcbkh.exe1 Faulting module path: Zdkcbkh.exe2 Report Id: Zdkcbkh.exe3 Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8002 Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8002 Error: (11/07/2014 08:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7004 Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7004 Error: (11/07/2014 08:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/07/2014 08:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (11/07/2014 08:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 System errors: ============= Error: (11/05/2014 08:54:13 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR9. Error: (11/05/2014 08:54:12 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR9. Error: (11/04/2014 03:41:41 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR7. Error: (11/04/2014 11:40:42 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (11/03/2014 11:31:23 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (11/03/2014 09:20:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (11/03/2014 09:19:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (11/01/2014 06:39:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%5. Error: (11/01/2014 05:39:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (11/01/2014 05:34:08 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (03/12/2014 07:44:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 72389 seconds with 420 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 26% Total physical RAM: 8174.45 MB Available physical RAM: 5984.67 MB Total Pagefile: 16347.07 MB Available Pagefile: 13816.75 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:1231.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: E8BECE66) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top