Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Trojan: Help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 magentadream

magentadream

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 08 July 2013 - 08:11 AM

Please help!  My computer has been taken over by a ZeroAccess Trojan.  

 

1.  McAfee is in a continuous cycle of posting removal/quarantine of  ZeroAccess, ZeroAccess.ii, and ZeroAccess.hu.  Every time the alert shows that McAfee "detected and automatically removed a Trojan", and I click OK, another alert pops up.  If I don't click on the alert and it fades away by itself, then whatever I am doing--like typing this message-- is interrupted.  Another McAfee window with a different version of ZeroAcess then pops into view.

 

2.  A thorough McAfee scan detected the following that McAfee is unable to remove:  C://Windows\assembly\GAC_64\Desktop.ini.  I am unable to locate this file so can't follow McAfee's "steps" for possible manual removal.  

 

3.  Access to internet has slowed way down and is interrupted by the alerts.  Lots of "Not Responding" messages.  Search function interrupted/not functional at times.

 

4.  Some program files do not open.

 

5.  CPU usage is spiking.

 

5.  System Restore hangs on initialization, requiring a forced restart, with a "nothing changed" message from System Restore when computer restarts.

 

6.  I have followed the preliminary steps listed in your Preparation Guide.  My firewall is McAfee.  Here's the log file from DDStxt.  I am attaching the attach.txt file as well.

 

Thank you for your help!  I am ready to throw this laptop through the window!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_33
Run by Dottie at 8:02:35 on 2013-07-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1172 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\HPSIsvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Dottie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/neo/launch?reason=ignore&rs=1
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120803193937.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Dottie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Dottie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dottie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableStartupSound = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1182CDAF-54B8-4E09-AED5-CE39F3FC12D6} : DHCPNameServer = 12.27.240.3 12.106.80.10 12.166.24.72
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\275637964656E6365696E6E6765756374777962756C6563737 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\45749402642796461697370275966496 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\55E6F637348696361676F6742796C6C6 : DHCPNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\7596E676164756 : DHCPNameServer = 66.192.125.46 71.244.114.151
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\8484F4E4F42535 : DHCPNameServer = 12.27.240.3 12.106.80.10 12.166.24.72
TCP: Interfaces\{6203A512-5896-48C7-9068-C561844B8D38}\86F64756C6F57657563747 : DHCPNameServer = 10.71.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120803193936.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://saml.oakland.edu/OUSAMLSSO/?SAMLRequest=fVLJTsMwEL0j8Q%2BW79mKWGQ1qQoIUYklooEDN9eZNgbHEzxOC3%2BPm4KAA%2FXx%2Bfkt4xlP3lvD1uBIo815FqecgVVYa7vK%2BWN1FZ3xSXF4MCbZmk5Me9%2FYB3jrgTwLLy2J4SLnvbMCJWkSVrZAwisxn97eiFGcis6hR4WGs9llzpWuu1cL4Si70Ga5QI0dwMo0L2j1SwOdaVAb5OzpO9ZoG2tG1MPMkpfWByjNsig9iUanVXYi0iMxOn7mrPxyOtd212BfrMWOROK6qsqovJ9Xg8Ba1%2BDuAjvnK8SVgVhhu7UvJZFeB3gpDQFnUyJwPgS8QEt9C24Obq0VPD7c5LzxviORJJvNJv6RSWSC8tVIW8dQ94lUxIthtGJo537NdH92%2Be3Nix%2F1cfJLqvj6sm2T2WWJRqsPNjUGNxcOpA81vOtDiyt0rfT%2Fu2VxNiC6jpYDVfSWOlB6qaHmLCl2rn93I2zMJw%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Foakland.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fa%252Foakland.edu%252F%26bsv%3Dllya694le36z%26ss%3D1%26ltmpl%3Ddefault%26ltmplcache%3D2%26from%3Dlogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPOpf.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Dottie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-01-11 06:50; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-05-06 09:56; 14ffxtbr@TotalRecipeSearch_14.com; C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-14 771536]
R1 Eve;EVE Protocol Driver;C:\Windows\System32\drivers\eve.sys [2013-5-4 41304]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-14 340216]
R3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2011-3-18 15728]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-4 172704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-14 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-14 515968]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-14 70112]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-18 48488]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-14 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-14 106552]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-9-2 20480]
.
=============== Created Last 30 ================
.
2013-07-07 20:19:40 -------- d-----w- C:\Users\Dottie\AppData\Roaming\PassionFruit Games
2013-07-03 20:49:07 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-25 09:57:24 -------- d-----w- C:\Users\Dottie\AppData\Local\{7126830A-5B19-48CA-9DBB-F41A15FB8251}
2013-06-13 07:03:18 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 12:16:31 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 12:16:29 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 12:16:29 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 12:16:17 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 12:16:17 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-08 16:25:06 -------- d-----w- C:\Program Files\iPod
2013-06-08 16:25:05 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 16:25:05 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M  ====================
.
2013-06-12 08:05:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:05:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-07 12:45:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-05-07 12:45:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH:  8:04:30.87 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 08 July 2013 - 10:42 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 08 July 2013 - 03:38 PM

Hello, Marius,

 

Here are the results from running Malwarebytes Anti-Root Kit:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Dottie :: DOTTIE-PC [administrator]

7/8/2013 1:28:08 PM
mbar-log-2013-07-08 (13-28-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 258016
Time elapsed: 51 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\SkyMedia (Adware.SkyMedia) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L (Backdoor.0Access) -> No action taken.
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\U (Backdoor.0Access) -> No action taken.

Files Detected: 15
c:\Windows\System32\services.exe (Rootkit.0Access) -> No action taken.
c:\$recycle.bin\s-1-5-21-3689854612-3507518939-1925608879-1001\$rf169190a (Trojan.FakeMS) -> No action taken.
c:\Users\Dottie\Downloads\Granny's Brat Cat's.exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\Scads of Monkey's!.exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\Revenge.exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\Why Not!!!.exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\A Few of My Favorite Things! (1).exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\A Few of My Favorite Things!.exe (Spyware.Passwords) -> No action taken.
c:\Users\Dottie\Downloads\Are We in Kansas!!.exe (Spyware.Passwords) -> No action taken.
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\@ (Backdoor.0Access) -> No action taken.
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L\00000004.@ (Backdoor.0Access) -> No action taken.
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> No action taken.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> No action taken.
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L\201d3dde (Backdoor.0Access) -> No action taken.
c:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L\76603ac3 (Backdoor.0Access) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Thank you for looking at my case so quickly!



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 09 July 2013 - 12:45 AM

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 09 July 2013 - 01:04 PM

Hello, Marius,

 

Here is the latest mbar-log.txt.  Regarding machine behavior, the McAfee Firewall is now turned on and stays on.  Internet Explorer,  word documents, and games seem to be loading faster and no error messages so far.  According to the Task Manager, CPU usage is still spiking but not as frequently.

 

What next?

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Dottie :: DOTTIE-PC [administrator]

7/9/2013 12:29:03 PM
mbar-log-2013-07-09 (12-29-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 257653
Time elapsed: 22 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Thank you!



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 10 July 2013 - 01:12 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 10 July 2013 - 08:31 AM

Hello, Marius,

I ran Combofix, and now am not able to access much of anything on my computer except for pictures. All links to the internet--Internet Explorer, Mozilla Firefox, and Safari--are not operational. I am sending you this message via my iPad as I can't access the internet via the computer I am trying to fix. So I also can't send you the txt file from Combofix.

Almost everything I try to open--MS Word, Powerpoint, Adobe Acrobat, all my own files except pictures--won't open. The Dell Dock that contains links to my most-used programs and files is gone.

This is the message I get when I try to access most features: "Illegal operation on a key that has been marked for deletion."

I checked System Restore, and the most recent restore point is 7/9/2013, Malwarebytes Anti-Rootkit Restore Point. If I restore to that point, will I have to run Malwarebytes again?

Thank you for your help! I now have no idea what to do from here.

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 10 July 2013 - 09:26 AM

Simply restart the computer, this will fix the issue.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 10 July 2013 - 11:39 AM

Hello,

 

Combofix restarted the computer as part of its machinations.  I didn't think to do it again.  Computer connections are working again--seem a bit slower than after Malwarebytes got through.

 

Here is the log for Combofix:

 

ComboFix 13-07-09.01 - Dottie 07/10/2013   8:11.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1575 [GMT -4:00]
Running from: c:\users\Dottie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DailyFitnessCenter_53EI
c:\program files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EIPlug.dll
c:\program files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EZSETP.dll
c:\program files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll
c:\program files (x86)\Retrogamer_2zEI
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14html.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\programdata\c1972b1a7030edbaa8a0231998d2d434906484f2
c:\users\Dottie\AppData\Roaming\c1972b1a7030edbaa8a0231998d2d434906484f2
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\searchplugins\bing-zugo.xml
c:\users\Dottie\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_TotalRecipeSearch_14Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))
.
.
2013-07-10 12:36 . 2013-07-10 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 16:28 . 2013-07-09 17:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-07 20:19 . 2013-07-07 20:19 -------- d-----w- c:\users\Dottie\AppData\Roaming\PassionFruit Games
2013-07-03 20:49 . 2013-07-03 20:49 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-13 07:03 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 12:16 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 12:16 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 12:16 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 12:16 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 12:16 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 07:04 . 2010-02-02 11:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 08:05 . 2012-05-26 13:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 08:05 . 2011-06-16 17:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 12:45 . 2013-05-07 12:45 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-05-07 12:45 . 2013-05-07 12:45 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-23 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-23 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-23 13:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-23 13:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-23 13:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-23 13:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:32 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-01 39408]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-05-07 295512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-28 560128]
.
c:\users\Dottie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Dottie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0056621372943098mcinstcleanup;McAfee Application Installer Cleanup (0056621372943098);c:\windows\TEMP\005662~1.EXE;c:\windows\TEMP\005662~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1caa3491559dd55;Google Update Service (gupdate1caa3491559dd55);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\scrcamhrdrv_x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
HPHNDUService REG_MULTI_SZ    HPHNDUSVC
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 18:24 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 08:05]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 14:15]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 14:15]
.
2013-07-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-01-22 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg2.mail.yahoo.com/neo/launch?reason=ignore&rs=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://saml.oakland.edu/OUSAMLSSO/?SAMLRequest=fVLJTsMwEL0j8Q%2BW79mKWGQ1qQoIUYklooEDN9eZNgbHEzxOC3%2BPm4KAA%2FXx%2Bfkt4xlP3lvD1uBIo815FqecgVVYa7vK%2BWN1FZ3xSXF4MCbZmk5Me9%2FYB3jrgTwLLy2J4SLnvbMCJWkSVrZAwisxn97eiFGcis6hR4WGs9llzpWuu1cL4Si70Ga5QI0dwMo0L2j1SwOdaVAb5OzpO9ZoG2tG1MPMkpfWByjNsig9iUanVXYi0iMxOn7mrPxyOtd212BfrMWOROK6qsqovJ9Xg8Ba1%2BDuAjvnK8SVgVhhu7UvJZFeB3gpDQFnUyJwPgS8QEt9C24Obq0VPD7c5LzxviORJJvNJv6RSWSC8tVIW8dQ94lUxIthtGJo537NdH92%2Be3Nix%2F1cfJLqvj6sm2T2WWJRqsPNjUGNxcOpA81vOtDiyt0rfT%2Fu2VxNiC6jpYDVfSWOlB6qaHmLCl2rn93I2zMJw%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Foakland.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fa%252Foakland.edu%252F%26bsv%3Dllya694le36z%26ss%3D1%26ltmpl%3Ddefault%26ltmplcache%3D2%26from%3Dlogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-01-11 06:50; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-05-06 09:56; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{a0154e07-2b48-475c-a82a-80efd84ea33e} - c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe Connect Add-in - c:\users\Dottie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2013-07-10  08:49:59 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-10 12:49
.
Pre-Run: 74,478,182,400 bytes free
Post-Run: 73,693,302,784 bytes free
.
- - End Of File - - FA80B1E39AAE45E0F9F849DFC035C397
CDB4DE4BBD714F152979DA2DCBEF57EB
 

Thanks!



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 10 July 2013 - 11:33 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Full System Scan with Malwarebytes Antimalware

  • If not existing, please download %5BB%5DMalwarebytes' Anti-Malware[/b] to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Edited by TB-Psychotic, 10 July 2013 - 11:33 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 11 July 2013 - 04:54 PM

Hello,

 

Here is the latest Combofix.txt file.  After that you will see the MalwareBytes Anti-Malware log.

 

 ComboFix 13-07-09.01 - Dottie 07/11/2013   9:06.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1831 [GMT -4:00]
Running from: c:\users\Dottie\Desktop\ComboFix.exe
Command switches used :: c:\users\Dottie\Desktop\Combofix\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\TEMP\005662~1.EXE"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0056621372943098mcinstcleanup
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  )))))))))))))))))))))))))))))))
.
.
2013-07-11 13:28 . 2013-07-11 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-11 07:14 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-07-11 07:14 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-07-11 07:14 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-11 07:14 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-11 06:20 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 06:20 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 16:28 . 2013-07-09 17:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-07 20:19 . 2013-07-07 20:19 -------- d-----w- c:\users\Dottie\AppData\Roaming\PassionFruit Games
2013-07-03 20:49 . 2013-07-03 20:49 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-12 12:16 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 12:16 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 12:16 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 12:16 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 07:18 . 2010-02-02 11:06 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 08:05 . 2012-05-26 13:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 08:05 . 2011-06-16 17:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-11 07:14 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-07 12:45 . 2013-05-07 12:45 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-05-07 12:45 . 2013-05-07 12:45 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-05-06 04:56 . 2013-07-11 06:21 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-26 04:55 . 2013-06-12 12:16 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-17 07:02 . 2013-06-12 12:15 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-04-13 05:49 . 2013-05-23 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-23 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-23 13:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-23 13:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-23 13:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-23 13:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:32 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a0154e07-2b48-475c-a82a-80efd84ea33e}"= "c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a0154e07-2b48-475c-a82a-80efd84ea33e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-01 39408]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-05-07 295512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-28 560128]
.
c:\users\Dottie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Dottie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1caa3491559dd55;Google Update Service (gupdate1caa3491559dd55);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\scrcamhrdrv_x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
HPHNDUService REG_MULTI_SZ    HPHNDUSVC
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-11 01:29 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 08:05]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 14:15]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 14:15]
.
2013-07-11 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-01-22 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Dottie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg2.mail.yahoo.com/neo/launch?reason=ignore&rs=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://saml.oakland.edu/OUSAMLSSO/?SAMLRequest=fVLJTsMwEL0j8Q%2BW79mKWGQ1qQoIUYklooEDN9eZNgbHEzxOC3%2BPm4KAA%2FXx%2Bfkt4xlP3lvD1uBIo815FqecgVVYa7vK%2BWN1FZ3xSXF4MCbZmk5Me9%2FYB3jrgTwLLy2J4SLnvbMCJWkSVrZAwisxn97eiFGcis6hR4WGs9llzpWuu1cL4Si70Ga5QI0dwMo0L2j1SwOdaVAb5OzpO9ZoG2tG1MPMkpfWByjNsig9iUanVXYi0iMxOn7mrPxyOtd212BfrMWOROK6qsqovJ9Xg8Ba1%2BDuAjvnK8SVgVhhu7UvJZFeB3gpDQFnUyJwPgS8QEt9C24Obq0VPD7c5LzxviORJJvNJv6RSWSC8tVIW8dQ94lUxIthtGJo537NdH92%2Be3Nix%2F1cfJLqvj6sm2T2WWJRqsPNjUGNxcOpA81vOtDiyt0rfT%2Fu2VxNiC6jpYDVfSWOlB6qaHmLCl2rn93I2zMJw%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Foakland.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fa%252Foakland.edu%252F%26bsv%3Dllya694le36z%26ss%3D1%26ltmpl%3Ddefault%26ltmplcache%3D2%26from%3Dlogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-01-11 06:50; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-05-06 09:56; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2013-07-11  09:48:59 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-11 13:48
ComboFix2.txt  2013-07-10 12:50
.
Pre-Run: 71,627,538,432 bytes free
Post-Run: 71,440,175,104 bytes free
.
- - End Of File - - AD057E1FDF3FC7FF81BB7CD80EEE8F15
CDB4DE4BBD714F152979DA2DCBEF57EB
 

The MalwareBytes Anti-Malware log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dottie :: DOTTIE-PC [administrator]

7/11/2013 1:02:06 PM
mbam-log-2013-07-11 (13-02-06).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 889042
Time elapsed: 4 hour(s), 43 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 332
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Documents\Granny\A Few of My Favorite Things!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Documents\Granny\A Frustrated Granny! [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Documents\Granny\Weekend Bonanza.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Documents\Granny\Why Not!!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\A Few of My Favorite Things! (1).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\A Few of My Favorite Things!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Are We in Kansas!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Granny's Brat Cat's.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Revenge.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Scads of Monkey's!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Why Not!!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\100 Pieces of Gold Coins.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Critter Free Puzzles #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Critter Free Puzzles #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Diabolical Playground.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Double Whammy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Extreme Madness (1).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Extreme Madness.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Freeze Dried (1).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Freeze Dried (2).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Freeze Dried.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Get Em Granny.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny as the.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny Fun 1 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny Story.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny Vee SG4 Set 1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny's Challenge.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Granny's Weapon.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Greek Alphabet.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Hannah1(2).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Hopelessly Lost #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\It Only Gets Worst #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\It Only Gets Worst #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Kiss m'blarney stone.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Kitty Hunt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Kung Hay Fat Choy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Magnolia (8).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Max Score Challenge.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Mini.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\NO MERCY Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Perfect Counterpart.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\POPPIN GRANNY.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Run Granny Run.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\SGrannyHLG01.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\SGrannyHLG02.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\SGrannyHLG03.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #010 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #030 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #067 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #068 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #069 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #075 [10].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #076 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #081 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #082 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #088 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #089 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #090 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #091 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #092 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #093 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #094 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #095 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #096 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #097 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #098 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #099 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #100 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #101 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #102 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #103 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #104 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #105 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #106 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #107 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #108 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #109 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #110 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #111 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #112 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #113 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #114 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #115 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #116 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #117[20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #118.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #119 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #120 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #121 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #122 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #123 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #124 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #125 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #126 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #127 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #128 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #129 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #130 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #131 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #132 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #133 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #134 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #135 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #136 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #137 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #138 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #139 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #140 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #141 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #142 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #143 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #144 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #145 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #146 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #147[20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #148 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #149 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #150 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #151 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #152 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #153 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #154 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #155 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #156 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #157 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #158 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #159 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #160 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #161 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #162 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #163 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #164 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #165 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #166 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #167 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #168 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #169 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #170 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #171 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #172 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #173 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #174 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #175 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirks #176 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Shirley - Poor Granny (23).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Slaughter the Monkey's!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Slippery When Wet!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Slippin By!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Snap to It.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Spring.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Stressful.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Taxing Granny #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Taxing Granny #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\The Chase!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\The Chase.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\The End of the Road!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Top Dogs Members Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Top Dogs Only #1 Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Top Dogs Only #3 Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Tricks Granny Do #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Tricks Granny Do #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Valentine Special.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Verboten.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Wander.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\What Granny Says.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Whatever.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Where's  My Skates.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\WHO LET THE DOGS OUT.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Super Granny\Why Not!!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Documents\Granny\A Few of My Favorite Things!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Documents\Granny\A Few of My Favorite Things!.exe.58tjk8w.partial (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Documents\Granny\A Frustrated Granny! [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Documents\Granny\Weekend Bonanza.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Documents\Granny\Why Not!!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\100 Pieces of Gold Coins.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Critter Free Puzzles #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Critter Free Puzzles #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Diabolical Playground.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Double Whammy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Extreme Madness (1).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Extreme Madness.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Freeze Dried (1).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Freeze Dried (2).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Freeze Dried.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Get Em Granny.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny as the.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny Fun 1 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny Story.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny Vee SG4 Set 1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny's Challenge.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Granny's Weapon.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Greek Alphabet.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Hannah1(2).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Hopelessly Lost #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\It Only Gets Worst #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\It Only Gets Worst #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Kiss m'blarney stone.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Kitty Hunt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Kung Hay Fat Choy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Magnolia (8).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Max Score Challenge.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Mini.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\NO MERCY Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Perfect Counterpart.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\POPPIN GRANNY.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Run Granny Run.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\SGrannyHLG01.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\SGrannyHLG02.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\SGrannyHLG03.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #010 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #030 (10).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #067 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #068 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #069 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #075 [10].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #076 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #081 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #082 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #088 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #089 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #090 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #091 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #092 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #093 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #094 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #095 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #096 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #097 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #098 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #099 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #100 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #101 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #102 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #103 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #104 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #105 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #106 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #107 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #108 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #109 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #110 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #111 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #112 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #113 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #114 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #115 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #116 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #117[20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #118.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #119 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #120 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #121 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #122 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #123 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #124 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #125 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #126 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #127 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #128 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #129 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #130 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #131 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #132 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #133 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #134 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #135 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #136 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #137 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #138 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #139 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #140 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #141 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #142 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #143 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #144 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #145 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #146 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #147[20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #148 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #149 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #150 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #151 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #152 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #153 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #154 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #155 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #156 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #157 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #158 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #159 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #160 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #161 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #162 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #163 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #164 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #165 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #166 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #167 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #168 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #169 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #170 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #171 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #172 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #173 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #174 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #175 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirks #176 [20].exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Shirley - Poor Granny (23).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Slaughter the Monkey's!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Slippery When Wet!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Slippin By!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Snap to It.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Spring.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Stressful.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Taxing Granny #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Taxing Granny #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\The Chase!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\The Chase.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\The End of the Road!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Top Dogs Members Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Top Dogs Only #1 Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Top Dogs Only #3 Lite.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Tricks Granny Do #1.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Tricks Granny Do #2.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Valentine Special.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Verboten.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Wander.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\What Granny Says.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Whatever.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Where's  My Skates.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\WHO LET THE DOGS OUT.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Dottie\Downloads\Super Granny\Why Not!!!.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

(end)

 

Regards.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 12 July 2013 - 03:09 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 July 2013 - 04:40 PM

From ESET Scanner:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EIPlug.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EZSETP.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14html.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EIPlug.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\53EZSETP.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\AppData\Roaming\OpenCandy\B0F1456E413743688600CBC69EE74010\TuneUp_PC_2.4.6.4_CPMID_347.exe Win32/OpenCandy application
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Desktop\pf7-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Dottie\Downloads\Retrogamer.exe a variant of Win32/AdInstaller application
C:\Users\Dottie\AppData\Roaming\Auslogics\Rescue\Boost Speed\130529092205668.rsc a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Dottie\AppData\Roaming\OpenCandy\B0F1456E413743688600CBC69EE74010\TuneUp_PC_2.4.6.4_CPMID_347.exe Win32/OpenCandy application
C:\Users\Dottie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\Users\Dottie\Desktop\pf7-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Dottie\Downloads\Retrogamer.exe a variant of Win32/AdInstaller application
F:\DOTTIE-PC\Backup Set 2013-07-08 084513\Backup Files 2013-07-08 084513\Backup files 28.zip a variant of Win32/Bundled.Toolbar.Ask application
F:\DOTTIE-PC\Backup Set 2013-07-08 084513\Backup Files 2013-07-08 084513\Backup files 47.zip a variant of Win32/Bundled.Toolbar.Ask application
 

Regards.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 14 July 2013 - 08:21 AM

C:\Users\Dottie\AppData\Roaming\Auslogics\Rescue\Boost Speed\130529092205668.rsc a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Dottie\AppData\Roaming\OpenCandy\B0F1456E413743688600CBC69EE74010\TuneUp_PC_2.4.6.4_CPMID_347.exe Win32/OpenCandy application
C:\Users\Dottie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\Users\Dottie\Desktop\pf7-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Dottie\Downloads\Retrogamer.exe a variant of Win32/AdInstaller application

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 magentadream

magentadream
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 14 July 2013 - 07:12 PM

I deleted the 5 files you indicated.  Here is the log file from adwCleaner. 

 

# AdwCleaner v2.305 - Logfile created 07/14/2013 at 19:39:15
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dottie - DOTTIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dottie\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Dottie\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dottie\AppData\Roaming\iWin
Folder Deleted : C:\Users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
Folder Deleted : C:\Users\Dottie\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Dottie\AppData\Roaming\Mozilla\Firefox\Profiles\p1cdh2uy.default\prefs.js

Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Dottie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7017 octets] - [14/07/2013 19:39:15]

########## EOF - C:\AdwCleaner[S1].txt - [7077 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users