Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown & Undetected Virus now created Authorized User Permissions


  • This topic is locked This topic is locked
93 replies to this topic

#1 Quikslvrgrl

Quikslvrgrl

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 01 September 2013 - 07:43 PM

Unknown virus (not detected by Kaspersky Internet Security or Bitdefender Total Security 2014) entered my computer via Windows Mail in May, deleted all my contacts, and began sending bogus emails to me from Facebook contacts that were not in my Windows contacts.  Now it is putting "desktop.ini" files on my Desktop.  It has now created its own User name in the User Accounts and in file Properties I see they are creating and changing file authorizations.  This is beyond out of control.  I don't know what kind of virus it is.  I don't know what I can send you or show you to prove it is there when the 2 top rated virus protection programs cannot find it.   

Running:  Windows VISTA 32-bit, Service Pack 2 (cannot update Windows-process is being blocked by virus),  Malwarebytes, Bitdfender Total Security 2014, Carbonite Home Online Backup. (Deleted licensed copy of Kaspersky Internet Security 2013 today to download 30-day trial of Bitdefender-ran full scan-showed no virus) 

Attaching two files that "appeared" on my desktop yesterday 8/31/13.  I don't know what they mean.

Would gladly post any logs if someone would tell me what logs to provide.  Thank you for any help.

Attached Files


Edited by Quikslvrgrl, 02 September 2013 - 12:04 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 06 September 2013 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506405 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 09 September 2013 - 04:33 PM

Thank you for responding. Since my post, the virus has blocked my access to the Internet. Checked with provider and DSL line is functioning fine. Windows Network Diagnosis window opens with message:
"There are hardware or driver problems with the network adapter." The required drivers are still there. Registry showed yesterday (but not today) Lanman and the entry was written in what looked like French. Made reference to "rhine.com" in redirect commands. I should have written it all down [duh]... but I thought I was going to have to reinstall Windows at that point so I deleted it.
So I can't attach any downloads but I do have the original Reinstallation DVD from Dell for WINDOWS
Vista Home Premium 32 bit, SP1.

#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 09 September 2013 - 07:50 PM

Hello Quikslvrgrl, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center  of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========
 

Since you've lost internet access on the infected computer, download these to a usb drive and drag and drop them to the Desktop of the infected computer.

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

 

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control http://www.bleepingcomputer.com/forums/topic114351.html

==========

Please download aswMBR
( 511KB ) from here: http://public.avast.com/~gmerek/aswMBR.exe
to your desktop.

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Things I need to see in your next reply:

  • checkup.txt
  • DDS.txt
  • Attach.txt
  • aswMBR log

 

 

 


Best Regards,
oneof4.


#5 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 10 September 2013 - 05:31 PM

checkup.txt
Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
COMODO Antivirus                
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender bdapppassmgr.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Debbie at 15:15:33 on 2013-09-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.1763 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
 
DDS.txt
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\CISVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\locator.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: SelectionLinksBHO Class: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - 
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Fast Browser Search: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - 
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - 
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - 
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\users\debbie\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ECC3BA38-FF24-422D-98DD-8751265CB737} : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{ECC3BA38-FF24-422D-98DD-8751265CB737} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-9-5 640560]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-9-6 162976]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-31 37664]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-9-5 72704]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-5-30 1851088]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-9-1 242504]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-9-6 78144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-9-6 54424]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2011-3-29 12048]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-9-5 490144]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-9-1 66832]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-5-12 21744]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-3 217088]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-9-6 68344]
S4 CLPSLauncher;COMODO LPS Launcher;"c:\program files\common files\comodo\launcher_service.exe" --> c:\program files\common files\comodo\launcher_service.exe [?]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2013-9-5 81704]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-08 06:10:47 -------- d-----w- c:\program files\Comodo
2013-09-08 02:22:13 -------- d-----w- c:\program files\SupportSoft
2013-09-08 00:20:26 -------- d-----w- c:\users\debbie\appdata\roaming\Bitdefender
2013-09-08 00:20:12 -------- d-----w- c:\programdata\Bitdefender
2013-09-07 16:56:51 -------- d-----w- c:\windows\system32\eventlog
2013-09-07 16:37:21 242676 ----a-w- c:\programdata\1378571614.bdinstall.bin
2013-09-06 18:16:45 465269 ----a-w- c:\programdata\1378491215.bdinstall.bin
2013-09-06 18:15:31 -------- d-----w- c:\users\debbie\{d9233c56-463b-4e04-816b-340485f2b2d7}
2013-09-06 18:14:18 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-06 18:14:17 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-09-06 08:15:11 813824 ----a-w- c:\programdata\1378425328.bdinstall.bin
2013-09-06 06:36:57 -------- d-----w- c:\programdata\BDLogging(10)
2013-09-06 06:36:47 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-09-06 06:36:20 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-09-06 06:36:19 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-09-06 06:26:47 -------- d-----w- c:\program files\Bitdefender
2013-09-05 20:21:14 43954 ----a-w- c:\programdata\1378412473.bdinstall.bin
2013-09-05 20:21:12 43954 ----a-w- c:\programdata\1378412466.bdinstall.bin
2013-09-05 20:19:14 72203 ----a-w- c:\programdata\1378412351.4420.bin
2013-09-05 20:19:14 6347 ----a-w- c:\programdata\1378412351.5356.bin
2013-09-05 20:19:14 3473 ----a-w- c:\programdata\1378412351.4308.bin
2013-09-05 20:19:13 14911 ----a-w- c:\programdata\1378412351.5480.bin
2013-09-05 20:19:11 93276 ----a-w- c:\programdata\1378412351.4392.bin
2013-09-05 20:19:11 84950 ----a-w- c:\programdata\1378412349.bdinstall.bin
2013-09-05 20:18:10 9966 ----a-w- c:\programdata\1378412287.3780.bin
2013-09-05 20:18:10 72203 ----a-w- c:\programdata\1378412287.4124.bin
2013-09-05 20:18:10 3473 ----a-w- c:\programdata\1378412287.6024.bin
2013-09-05 20:18:09 14911 ----a-w- c:\programdata\1378412287.3196.bin
2013-09-05 20:18:07 93168 ----a-w- c:\programdata\1378412287.2180.bin
2013-09-05 20:18:07 84950 ----a-w- c:\programdata\1378412285.bdinstall.bin
2013-09-05 20:16:13 72466 ----a-w- c:\programdata\1378412171.332.bin
2013-09-05 20:16:13 3473 ----a-w- c:\programdata\1378412171.4492.bin
2013-09-05 20:16:13 33522 ----a-w- c:\programdata\1378412171.4724.bin
2013-09-05 20:16:13 13216 ----a-w- c:\programdata\1378412171.4956.bin
2013-09-05 20:16:11 93105 ----a-w- c:\programdata\1378412171.4708.bin
2013-09-05 19:08:30 44083 ----a-w- c:\programdata\1378408104.bdinstall.bin
2013-09-03 23:13:38 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2013-09-03 23:12:50 -------- d-----w- c:\users\debbie\appdata\local\PackageAware
2013-09-03 23:11:52 13419112 ----a-w- C:\DellDock16a_setup_ENG.exe
2013-09-03 20:25:12 -------- d-----w- C:\shexview
2013-09-03 17:51:35 -------- d-----w- c:\program files\common files\COMODO
2013-09-03 12:29:40 72365 ----a-w- c:\programdata\1378211369.5148.bin
2013-09-03 12:29:40 3473 ----a-w- c:\programdata\1378211369.1780.bin
2013-09-03 12:29:40 10055 ----a-w- c:\programdata\1378211369.5856.bin
2013-09-03 12:29:37 11982 ----a-w- c:\programdata\1378211369.3144.bin
2013-09-03 12:29:29 93167 ----a-w- c:\programdata\1378211369.5048.bin
2013-09-03 12:20:45 -------- d-----w- c:\program files\Your Uninstaller! 7
2013-09-03 12:18:51 -------- d-----w- c:\users\debbie\appdata\roaming\URSoft
2013-09-03 12:09:22 3473 ----a-w- c:\programdata\1378210156.5800.bin
2013-09-03 12:09:21 72325 ----a-w- c:\programdata\1378210156.5492.bin
2013-09-03 12:09:21 11216 ----a-w- c:\programdata\1378210156.6104.bin
2013-09-03 12:09:20 11982 ----a-w- c:\programdata\1378210156.1028.bin
2013-09-03 12:09:16 93725 ----a-w- c:\programdata\1378210156.4108.bin
2013-09-03 10:35:15 7948 ----a-w- c:\programdata\1378204512.4456.bin
2013-09-03 10:35:15 72491 ----a-w- c:\programdata\1378204512.4244.bin
2013-09-03 10:35:15 3473 ----a-w- c:\programdata\1378204512.5356.bin
2013-09-03 10:35:14 11976 ----a-w- c:\programdata\1378204512.1420.bin
2013-09-03 10:35:12 93167 ----a-w- c:\programdata\1378204512.5212.bin
2013-09-03 10:34:55 72491 ----a-w- c:\programdata\1378204492.4836.bin
2013-09-03 10:34:55 6967 ----a-w- c:\programdata\1378204492.6024.bin
2013-09-03 10:34:55 3473 ----a-w- c:\programdata\1378204492.5460.bin
2013-09-03 10:34:55 11976 ----a-w- c:\programdata\1378204492.5272.bin
2013-09-03 10:34:52 93709 ----a-w- c:\programdata\1378204492.1396.bin
2013-09-03 10:28:48 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-09-03 09:13:37 72491 ----a-w- c:\programdata\1378199614.5892.bin
2013-09-03 09:13:37 6611 ----a-w- c:\programdata\1378199614.1724.bin
2013-09-03 09:13:37 3473 ----a-w- c:\programdata\1378199614.3872.bin
2013-09-03 09:13:36 14905 ----a-w- c:\programdata\1378199614.4564.bin
2013-09-03 09:13:34 93166 ----a-w- c:\programdata\1378199614.304.bin
2013-09-03 09:11:46 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-03 07:20:57 72199 ----a-w- c:\programdata\1378192853.3112.bin
2013-09-03 07:20:57 5902 ----a-w- c:\programdata\1378192853.1940.bin
2013-09-03 07:20:57 3473 ----a-w- c:\programdata\1378192853.3688.bin
2013-09-03 07:20:56 14905 ----a-w- c:\programdata\1378192853.3788.bin
2013-09-03 07:20:53 93251 ----a-w- c:\programdata\1378192853.2988.bin
2013-09-03 07:14:46 72302 ----a-w- c:\programdata\1378192484.2008.bin
2013-09-03 07:14:46 6273 ----a-w- c:\programdata\1378192484.176.bin
2013-09-03 07:14:46 3473 ----a-w- c:\programdata\1378192484.4432.bin
2013-09-03 07:14:46 14895 ----a-w- c:\programdata\1378192484.2532.bin
2013-09-03 07:14:44 93104 ----a-w- c:\programdata\1378192484.364.bin
2013-09-03 07:12:56 72301 ----a-w- c:\programdata\1378192373.204.bin
2013-09-03 07:12:56 7149 ----a-w- c:\programdata\1378192373.1104.bin
2013-09-03 07:12:56 3473 ----a-w- c:\programdata\1378192373.5600.bin
2013-09-03 07:12:56 11976 ----a-w- c:\programdata\1378192373.6128.bin
2013-09-03 07:12:53 93105 ----a-w- c:\programdata\1378192373.4304.bin
2013-09-03 07:10:42 9743 ----a-w- c:\programdata\1378192239.5608.bin
2013-09-03 07:10:42 72302 ----a-w- c:\programdata\1378192239.5996.bin
2013-09-03 07:10:42 3473 ----a-w- c:\programdata\1378192239.4732.bin
2013-09-03 07:10:42 11966 ----a-w- c:\programdata\1378192239.3728.bin
2013-09-03 07:10:39 93105 ----a-w- c:\programdata\1378192239.1128.bin
2013-09-03 07:09:44 8410 ----a-w- c:\programdata\1378192181.4256.bin
2013-09-03 07:09:44 72302 ----a-w- c:\programdata\1378192181.1172.bin
2013-09-03 07:09:44 3473 ----a-w- c:\programdata\1378192181.1460.bin
2013-09-03 07:09:44 11966 ----a-w- c:\programdata\1378192181.1872.bin
2013-09-03 07:09:41 93415 ----a-w- c:\programdata\1378192181.2432.bin
2013-09-03 07:00:53 9269 ----a-w- c:\programdata\1378191650.1104.bin
2013-09-03 07:00:53 72302 ----a-w- c:\programdata\1378191650.5336.bin
2013-09-03 07:00:53 3473 ----a-w- c:\programdata\1378191650.4244.bin
2013-09-03 07:00:53 11976 ----a-w- c:\programdata\1378191650.1088.bin
2013-09-03 07:00:50 93229 ----a-w- c:\programdata\1378191650.4152.bin
2013-09-03 06:02:23 72302 ----a-w- c:\programdata\1378188139.5548.bin
2013-09-03 06:02:23 6100 ----a-w- c:\programdata\1378188139.2716.bin
2013-09-03 06:02:23 3473 ----a-w- c:\programdata\1378188139.4168.bin
2013-09-03 06:02:22 11976 ----a-w- c:\programdata\1378188139.4256.bin
2013-09-03 06:02:19 93415 ----a-w- c:\programdata\1378188139.5876.bin
2013-09-03 05:45:52 8973 ----a-w- c:\programdata\1378187150.1032.bin
2013-09-03 05:45:52 72301 ----a-w- c:\programdata\1378187150.820.bin
2013-09-03 05:45:52 3473 ----a-w- c:\programdata\1378187150.5040.bin
2013-09-03 05:45:52 11976 ----a-w- c:\programdata\1378187150.5324.bin
2013-09-03 05:45:50 93105 ----a-w- c:\programdata\1378187150.1916.bin
2013-09-03 05:45:02 9597 ----a-w- c:\programdata\1378187099.4216.bin
2013-09-03 05:45:02 72302 ----a-w- c:\programdata\1378187099.5888.bin
2013-09-03 05:45:02 3473 ----a-w- c:\programdata\1378187099.5320.bin
2013-09-03 05:45:01 11976 ----a-w- c:\programdata\1378187099.4356.bin
2013-09-03 05:44:59 93166 ----a-w- c:\programdata\1378187099.924.bin
2013-09-03 05:43:59 72302 ----a-w- c:\programdata\1378187036.4512.bin
2013-09-03 05:43:59 6493 ----a-w- c:\programdata\1378187036.4940.bin
2013-09-03 05:43:59 3473 ----a-w- c:\programdata\1378187036.5392.bin
2013-09-03 05:43:58 14905 ----a-w- c:\programdata\1378187036.5656.bin
2013-09-03 05:43:56 93167 ----a-w- c:\programdata\1378187036.3308.bin
2013-09-03 05:26:09 9670 ----a-w- c:\programdata\1378185966.5648.bin
2013-09-03 05:26:09 72302 ----a-w- c:\programdata\1378185966.4256.bin
2013-09-03 05:26:09 3472 ----a-w- c:\programdata\1378185966.876.bin
2013-09-03 05:26:09 11976 ----a-w- c:\programdata\1378185966.4704.bin
2013-09-03 05:26:06 93167 ----a-w- c:\programdata\1378185966.4748.bin
2013-09-03 05:25:38 8357 ----a-w- c:\programdata\1378185934.5300.bin
2013-09-03 05:25:38 72302 ----a-w- c:\programdata\1378185934.1820.bin
2013-09-03 05:25:38 3473 ----a-w- c:\programdata\1378185934.4908.bin
2013-09-03 05:25:37 11976 ----a-w- c:\programdata\1378185934.5228.bin
2013-09-03 05:25:34 93105 ----a-w- c:\programdata\1378185934.1696.bin
2013-09-03 05:25:02 7968 ----a-w- c:\programdata\1378185899.3520.bin
2013-09-03 05:25:02 72295 ----a-w- c:\programdata\1378185899.2980.bin
2013-09-03 05:25:02 3473 ----a-w- c:\programdata\1378185899.4356.bin
2013-09-03 05:25:01 11966 ----a-w- c:\programdata\1378185899.4948.bin
2013-09-03 05:24:59 93105 ----a-w- c:\programdata\1378185899.5740.bin
2013-09-03 05:22:42 9415 ----a-w- c:\programdata\1378185759.5996.bin
2013-09-03 05:22:42 72302 ----a-w- c:\programdata\1378185759.5904.bin
2013-09-03 05:22:42 3473 ----a-w- c:\programdata\1378185759.4080.bin
2013-09-03 05:22:42 11976 ----a-w- c:\programdata\1378185759.5960.bin
2013-09-03 05:22:39 93415 ----a-w- c:\programdata\1378185759.6088.bin
2013-09-03 05:21:04 72302 ----a-w- c:\programdata\1378185661.3528.bin
2013-09-03 05:21:04 6047 ----a-w- c:\programdata\1378185661.5308.bin
2013-09-03 05:21:04 3473 ----a-w- c:\programdata\1378185661.5984.bin
2013-09-03 05:21:04 14895 ----a-w- c:\programdata\1378185661.6104.bin
2013-09-03 05:21:01 93105 ----a-w- c:\programdata\1378185661.4128.bin
2013-09-03 05:20:21 8187 ----a-w- c:\programdata\1378185619.6028.bin
2013-09-03 05:20:21 72302 ----a-w- c:\programdata\1378185619.2636.bin
2013-09-03 05:20:21 3472 ----a-w- c:\programdata\1378185619.264.bin
2013-09-03 05:20:21 11966 ----a-w- c:\programdata\1378185619.1980.bin
2013-09-03 05:20:19 93167 ----a-w- c:\programdata\1378185619.5232.bin
2013-09-03 04:48:31 8215 ----a-w- c:\programdata\1378183709.3196.bin
2013-09-03 04:48:31 72302 ----a-w- c:\programdata\1378183709.5336.bin
2013-09-03 04:48:31 3473 ----a-w- c:\programdata\1378183709.5144.bin
2013-09-03 04:48:31 11966 ----a-w- c:\programdata\1378183709.3232.bin
2013-09-03 04:48:29 93104 ----a-w- c:\programdata\1378183709.588.bin
2013-09-03 04:47:34 7891 ----a-w- c:\programdata\1378183651.3304.bin
2013-09-03 04:47:34 72302 ----a-w- c:\programdata\1378183651.4488.bin
2013-09-03 04:47:34 3473 ----a-w- c:\programdata\1378183651.5008.bin
2013-09-03 04:47:33 11966 ----a-w- c:\programdata\1378183651.5472.bin
2013-09-03 04:47:31 93167 ----a-w- c:\programdata\1378183651.5144.bin
2013-09-03 04:47:11 7940 ----a-w- c:\programdata\1378183629.2288.bin
2013-09-03 04:47:11 72302 ----a-w- c:\programdata\1378183629.5608.bin
2013-09-03 04:47:11 3472 ----a-w- c:\programdata\1378183629.820.bin
2013-09-03 04:47:11 11976 ----a-w- c:\programdata\1378183629.5656.bin
2013-09-03 04:47:09 93291 ----a-w- c:\programdata\1378183629.2732.bin
2013-09-03 04:36:20 9285 ----a-w- c:\programdata\1378182977.3940.bin
2013-09-03 04:36:20 72302 ----a-w- c:\programdata\1378182977.3232.bin
2013-09-03 04:36:20 3473 ----a-w- c:\programdata\1378182977.5596.bin
2013-09-03 04:36:19 11976 ----a-w- c:\programdata\1378182977.2560.bin
2013-09-03 04:36:17 93229 ----a-w- c:\programdata\1378182977.4448.bin
2013-09-03 04:32:54 72302 ----a-w- c:\programdata\1378182771.4540.bin
2013-09-03 04:32:54 6428 ----a-w- c:\programdata\1378182771.5352.bin
2013-09-03 04:32:54 3473 ----a-w- c:\programdata\1378182771.5804.bin
2013-09-03 04:32:54 14905 ----a-w- c:\programdata\1378182771.1588.bin
2013-09-03 04:32:51 93229 ----a-w- c:\programdata\1378182771.4012.bin
2013-09-03 04:31:44 8349 ----a-w- c:\programdata\1378182701.1248.bin
2013-09-03 04:31:44 72302 ----a-w- c:\programdata\1378182701.5512.bin
2013-09-03 04:31:44 3473 ----a-w- c:\programdata\1378182701.4492.bin
2013-09-03 04:31:43 11965 ----a-w- c:\programdata\1378182701.292.bin
2013-09-03 04:31:41 93415 ----a-w- c:\programdata\1378182701.1708.bin
2013-09-03 04:30:33 72302 ----a-w- c:\programdata\1378182630.4124.bin
2013-09-03 04:30:33 6975 ----a-w- c:\programdata\1378182630.3272.bin
2013-09-03 04:30:33 3473 ----a-w- c:\programdata\1378182630.6028.bin
2013-09-03 04:30:32 11976 ----a-w- c:\programdata\1378182630.3504.bin
2013-09-03 04:30:30 93167 ----a-w- c:\programdata\1378182630.1184.bin
2013-09-03 04:29:44 9707 ----a-w- c:\programdata\1378182581.2560.bin
2013-09-03 04:29:44 72216 ----a-w- c:\programdata\1378182581.4116.bin
2013-09-03 04:29:44 3473 ----a-w- c:\programdata\1378182581.4268.bin
2013-09-03 04:29:44 11966 ----a-w- c:\programdata\1378182581.4624.bin
2013-09-03 04:29:41 93167 ----a-w- c:\programdata\1378182581.5784.bin
2013-09-03 04:26:31 72129 ----a-w- c:\programdata\1378182388.4800.bin
2013-09-03 04:26:31 35983 ----a-w- c:\programdata\1378182388.4432.bin
2013-09-03 04:26:31 3473 ----a-w- c:\programdata\1378182388.5860.bin
2013-09-03 04:26:31 13199 ----a-w- c:\programdata\1378182388.5876.bin
2013-09-03 04:26:28 93725 ----a-w- c:\programdata\1378182388.4400.bin
2013-09-03 02:31:51 1090 ----a-w- c:\programdata\1378175106.3912.bin
2013-09-03 02:31:51 1090 ----a-w- c:\programdata\1378175106.3420.bin
2013-09-03 02:28:32 225567 ----a-w- c:\programdata\1378175106.4332.bin
2013-09-03 02:28:20 16763 ----a-w- c:\programdata\1378175106.4336.bin
2013-09-03 02:27:23 5217 ----a-w- c:\programdata\1378175106.5588.bin
2013-09-03 02:25:06 94706 ----a-w- c:\programdata\1378175106.4528.bin
2013-09-03 02:20:25 26355 ----a-w- c:\programdata\1378174790.3604.bin
2013-09-03 02:19:56 930 ----a-w- c:\programdata\1378174790.2640.bin
2013-09-03 02:19:56 3502 ----a-w- c:\programdata\1378174790.2192.bin
2013-09-03 02:19:50 93715 ----a-w- c:\programdata\1378174790.5544.bin
2013-09-02 22:54:39 -------- d-----w- c:\users\debbie\appdata\local\deb.chase
2013-09-02 19:17:02 -------- d-----w- c:\programdata\Dumps
2013-09-02 17:06:04 -------- d-----w- c:\users\debbie\appdata\local\Deployment
2013-09-01 23:34:20 -------- d-----w- c:\programdata\PCDr
2013-09-01 20:42:12 1055038 ----a-w- c:\programdata\1378066756.bdinstall.bin
2013-09-01 20:38:19 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-09-01 20:37:41 511328 ----a-w- c:\windows\capicom.dll
2013-09-01 20:37:39 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-09-01 20:37:10 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-09-01 20:19:16 -------- d-----w- c:\users\debbie\appdata\roaming\QuickScan
2013-09-01 20:08:10 -------- d-----w- c:\program files\common files\Bitdefender
2013-09-01 01:25:59 -------- d-----w- c:\programdata\Malwarebytes
2013-09-01 01:24:21 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-01 01:23:33 -------- d--h--w- c:\programdata\Common Files
2013-08-27 18:39:39 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 03:29:48 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 03:29:48 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 03:29:47 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 03:29:47 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 03:29:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 03:29:37 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 03:29:36 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 03:29:36 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 03:29:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 03:29:33 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 03:29:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 03:29:33 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 03:29:33 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
==================== Find3M  ====================
.
2013-09-10 21:58:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 21:58:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-20 16:57:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-20 16:57:44 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-20 16:57:44 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 06:09:14 55496 ----a-w- c:\windows\system32\offreg.dll
2011-05-26 05:56:37 39276256 ----a-w- c:\program files\R180772.exe
2011-05-26 05:55:41 16776768 ----a-w- c:\program files\R167384.EXE
2011-05-26 05:54:42 2192630 ----a-w- c:\program files\R154069.exe
2011-05-26 05:53:56 534296 ----a-w- c:\program files\R169419.EXE
.
============= FINISH: 15:16:15.98 ===============
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 8/4/2008 7:14:09 AM
System Uptime: 9/10/2013 2:57:44 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Core™2 Duo CPU     E8300  @ 2.83GHz | Socket 775 | 2831/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 196.971 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.582 GiB free.
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: BitDefender AVC HV
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: BitDefender AVC HV
PNP Device ID: ROOT\SYSTEM\0003
Service: avchv
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.7)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
Bitdefender Total Security
Bonjour
BufferChm
C309a
Carbonite
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Dell Dock
Dell Support Center
Dell Support Center (Support Software)
DesignPro 5
Destinations
DeviceDiscovery
DocProc
eReg
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GPS Image Tracker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® PRO Network Connections 12.1.11.0
iTunes
Java 7 Update 25
Java Auto Updater
MarketResearch
Media Manager for WALKMAN 1.2
Metafile Companion 1.10
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NEC DISPLAY SOLUTIONS NaViSet
NEC DISPLAY SOLUTIONS: Desktop Monitor Installer
Network
OCR Software by I.R.I.S. 14.0
OGA Notifier 2.0.0048.0
OLYMPUS CAMEDIA Master 4.1
onOne Essentials 2.0
OVT Scanner X86
Picture Package Music Transfer
Post-it® Software Notes Lite
PS_AIO_05_C309_Software_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SelectionLinks
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sony Picture Utility
Status
System Requirements Lab for Intel
Toolbox
TrayApp
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Uninstall OVT Scanner
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
WYO Home Inventory 4.13
Your Uninstaller! 7
.
==== End Of File ===========================
 

aswMBR.log

swMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-10 15:28:11
-----------------------------
15:28:11.642    OS Version: Windows 6.0.6002 Service Pack 2
15:28:11.642    Number of processors: 2 586 0x1706
15:28:11.643    ComputerName: HOME-PC  UserName: Debbie
15:28:13.366    Initialize success
15:28:23.307    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:28:23.309    Disk 0 Vendor: WDC_WD3200AAKS-75B3A0 01.03A01 Size: 305245MB BusType: 3
15:28:23.453    Disk 0 MBR read successfully
15:28:23.455    Disk 0 MBR scan
15:28:23.457    Disk 0 Windows VISTA default MBR code
15:28:23.514    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       62 MB offset 63
15:28:23.555    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 129024
15:28:23.623    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       294941 MB offset 21100544
15:28:23.637    Disk 0 scanning sectors +625139712
15:28:23.838    Disk 0 scanning C:\Windows\system32\drivers
15:28:30.556    Service scanning
15:28:34.627    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
15:28:34.671    Service bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys **LOCKED** 5
15:28:38.899    Service MpKsl2004a94b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{467E2E10-ADA3-4503-B045-BFCBC169A9DC}\MpKsl2004a94b.sys **LOCKED** 32
15:28:45.463    Modules scanning
15:28:52.163    Disk 0 trace - called modules:
15:28:52.216    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 
15:28:52.223    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abc2ac8]
15:28:52.230    3 CLASSPNP.SYS[8ffa28b3] -> nt!IofCallDriver -> [0x8a2db860]
15:28:52.237    5 acpi.sys[8f69c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8a2e1b98]
15:28:52.244    Scan finished successfully
15:29:20.110    Disk 0 MBR has been saved successfully to "C:\Users\Debbie\Desktop\MBR.dat"
15:29:20.117    The log file has been saved successfully to "C:\Users\Debbie\Desktop\aswMBR.txt"
 
Here are the 4 logs you requested I post.  I hope I did it correctly.  Thank you again.

 

 

 



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 10 September 2013 - 07:44 PM

Hello :)

 

Very well done on the requested scans. :thumbup2:

 

I do need to give you the following warning:

 

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened, again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Comodo Antivirus.

 

==========

 

After removing one of the above antivirus products, please proceed with the following:

 

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

==========

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

==========

 

Please download and Run ComboFix. To do so, please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

 

 


Best Regards,
oneof4.


#7 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 11 September 2013 - 12:48 PM

I've tried everything to my ability to delete all traces of COMODO antivirus but I cannot get rid of C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe      :hysterical:

It's a separate service from the antivirus program.  LIke a fool, I paid extra to have online help from them but they are worthless ~~GeekBuddy Remote Screen Protocol Server.

 

As far as deleting Microsoft Security Essentials, am told I  "need permission".  HELP!

 

No logs attached because I haven't been able to remove ONE (1) of these antivirus programs.   Sorry.

 

I will be keeping BitDefender as my only antivirus/internet security program and I have paid for the full program.  

 

Thanks once again!


Edited by Quikslvrgrl, 11 September 2013 - 12:56 PM.


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 11 September 2013 - 04:13 PM

Okay, how are you going about "deleting" these programs?  You are using "Add/Remove Programs" through Windows Control Panel, correct?  If not, then therein lies our problem.  Reply back and confirm the method you used and we'll go from there.

 

 

 

 


Best Regards,
oneof4.


#9 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 11 September 2013 - 05:38 PM

Dear oneof4,

Neither program appeared in Add/Remove Programs in Control Panel.  I had already removed them from there before I downloaded BitDefender Internet Security.  So I went to C:/Program Files to delete anything else related to COMODO.  In the 4 logs I submitted yesterday, C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe showed up so I tried to delete it there but cannot.  Same with

Microsoft Security Essentials.

 

sorry  :orange: 



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 11 September 2013 - 10:03 PM

Okay, go ahead and run the scans from my previous post.  The leftovers from Comodo & MSE shouldn't pose a problem with the running of the scans.


Best Regards,
oneof4.


#11 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 12 September 2013 - 02:16 AM

Hi again,
Here are two of the three scans:
 
ADWARE CLEANER SCAN
# AdwCleaner v3.003 - Report created 11/09/2013 at 22:46:55
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Debbie - HOME-PC
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Folder Found C:\Users\Debbie\AppData\Local\PackageAware
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SocialBit
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
*************************
 
AdwCleaner[R0].txt - [6570 octets] - [11/09/2013 22:46:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6630 octets] ##########
 
JUNK REMOVAL TOOL SCAN
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Debbie on Wed 09/11/2013 at 23:23:25.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\socialbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.TBSB07183
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.TBSB07183.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07183.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07183.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07183.TBSB07183
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07183.TBSB07183.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/11/2013 at 23:25:05.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

I will send COMBOFIX in next post.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 
 
 
 
 
 
 
 
 
 

 

 

 



#12 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 12 September 2013 - 10:31 AM

Here is ComboFix  Log:

 

ComboFix 13-09-10.03 - Debbie 09/12/2013   0:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.1697 [GMT -7:00]
Running from: c:\users\Debbie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\R154069.exe
c:\program files\R167384.EXE
c:\program files\R169419.EXE
c:\program files\R180772.exe
c:\programdata\1378066756.bdinstall.bin
c:\programdata\1378174790.2192.bin
c:\programdata\1378174790.2640.bin
c:\programdata\1378174790.3604.bin
c:\programdata\1378174790.5544.bin
c:\programdata\1378175106.3420.bin
c:\programdata\1378175106.3912.bin
c:\programdata\1378175106.4332.bin
c:\programdata\1378175106.4336.bin
c:\programdata\1378175106.4528.bin
c:\programdata\1378175106.5588.bin
c:\programdata\1378182388.4400.bin
c:\programdata\1378182388.4432.bin
c:\programdata\1378182388.4800.bin
c:\programdata\1378182388.5860.bin
c:\programdata\1378182388.5876.bin
c:\programdata\1378182581.2560.bin
c:\programdata\1378182581.4116.bin
c:\programdata\1378182581.4268.bin
c:\programdata\1378182581.4624.bin
c:\programdata\1378182581.5784.bin
c:\programdata\1378182630.1184.bin
c:\programdata\1378182630.3272.bin
c:\programdata\1378182630.3504.bin
c:\programdata\1378182630.4124.bin
c:\programdata\1378182630.6028.bin
c:\programdata\1378182701.1248.bin
c:\programdata\1378182701.1708.bin
c:\programdata\1378182701.292.bin
c:\programdata\1378182701.4492.bin
c:\programdata\1378182701.5512.bin
c:\programdata\1378182771.1588.bin
c:\programdata\1378182771.4012.bin
c:\programdata\1378182771.4540.bin
c:\programdata\1378182771.5352.bin
c:\programdata\1378182771.5804.bin
c:\programdata\1378182977.2560.bin
c:\programdata\1378182977.3232.bin
c:\programdata\1378182977.3940.bin
c:\programdata\1378182977.4448.bin
c:\programdata\1378182977.5596.bin
c:\programdata\1378183629.2288.bin
c:\programdata\1378183629.2732.bin
c:\programdata\1378183629.5608.bin
c:\programdata\1378183629.5656.bin
c:\programdata\1378183629.820.bin
c:\programdata\1378183651.3304.bin
c:\programdata\1378183651.4488.bin
c:\programdata\1378183651.5008.bin
c:\programdata\1378183651.5144.bin
c:\programdata\1378183651.5472.bin
c:\programdata\1378183709.3196.bin
c:\programdata\1378183709.3232.bin
c:\programdata\1378183709.5144.bin
c:\programdata\1378183709.5336.bin
c:\programdata\1378183709.588.bin
c:\programdata\1378185619.1980.bin
c:\programdata\1378185619.2636.bin
c:\programdata\1378185619.264.bin
c:\programdata\1378185619.5232.bin
c:\programdata\1378185619.6028.bin
c:\programdata\1378185661.3528.bin
c:\programdata\1378185661.4128.bin
c:\programdata\1378185661.5308.bin
c:\programdata\1378185661.5984.bin
c:\programdata\1378185661.6104.bin
c:\programdata\1378185759.4080.bin
c:\programdata\1378185759.5904.bin
c:\programdata\1378185759.5960.bin
c:\programdata\1378185759.5996.bin
c:\programdata\1378185759.6088.bin
c:\programdata\1378185899.2980.bin
c:\programdata\1378185899.3520.bin
c:\programdata\1378185899.4356.bin
c:\programdata\1378185899.4948.bin
c:\programdata\1378185899.5740.bin
c:\programdata\1378185934.1696.bin
c:\programdata\1378185934.1820.bin
c:\programdata\1378185934.4908.bin
c:\programdata\1378185934.5228.bin
c:\programdata\1378185934.5300.bin
c:\programdata\1378185966.4256.bin
c:\programdata\1378185966.4704.bin
c:\programdata\1378185966.4748.bin
c:\programdata\1378185966.5648.bin
c:\programdata\1378185966.876.bin
c:\programdata\1378187036.3308.bin
c:\programdata\1378187036.4512.bin
c:\programdata\1378187036.4940.bin
c:\programdata\1378187036.5392.bin
c:\programdata\1378187036.5656.bin
c:\programdata\1378187099.4216.bin
c:\programdata\1378187099.4356.bin
c:\programdata\1378187099.5320.bin
c:\programdata\1378187099.5888.bin
c:\programdata\1378187099.924.bin
c:\programdata\1378187150.1032.bin
c:\programdata\1378187150.1916.bin
c:\programdata\1378187150.5040.bin
c:\programdata\1378187150.5324.bin
c:\programdata\1378187150.820.bin
c:\programdata\1378188139.2716.bin
c:\programdata\1378188139.4168.bin
c:\programdata\1378188139.4256.bin
c:\programdata\1378188139.5548.bin
c:\programdata\1378188139.5876.bin
c:\programdata\1378191650.1088.bin
c:\programdata\1378191650.1104.bin
c:\programdata\1378191650.4152.bin
c:\programdata\1378191650.4244.bin
c:\programdata\1378191650.5336.bin
c:\programdata\1378192181.1172.bin
c:\programdata\1378192181.1460.bin
c:\programdata\1378192181.1872.bin
c:\programdata\1378192181.2432.bin
c:\programdata\1378192181.4256.bin
c:\programdata\1378192239.1128.bin
c:\programdata\1378192239.3728.bin
c:\programdata\1378192239.4732.bin
c:\programdata\1378192239.5608.bin
c:\programdata\1378192239.5996.bin
c:\programdata\1378192373.1104.bin
c:\programdata\1378192373.204.bin
c:\programdata\1378192373.4304.bin
c:\programdata\1378192373.5600.bin
c:\programdata\1378192373.6128.bin
c:\programdata\1378192484.176.bin
c:\programdata\1378192484.2008.bin
c:\programdata\1378192484.2532.bin
c:\programdata\1378192484.364.bin
c:\programdata\1378192484.4432.bin
c:\programdata\1378192853.1940.bin
c:\programdata\1378192853.2988.bin
c:\programdata\1378192853.3112.bin
c:\programdata\1378192853.3688.bin
c:\programdata\1378192853.3788.bin
c:\programdata\1378199614.1724.bin
c:\programdata\1378199614.304.bin
c:\programdata\1378199614.3872.bin
c:\programdata\1378199614.4564.bin
c:\programdata\1378199614.5892.bin
c:\programdata\1378204492.1396.bin
c:\programdata\1378204492.4836.bin
c:\programdata\1378204492.5272.bin
c:\programdata\1378204492.5460.bin
c:\programdata\1378204492.6024.bin
c:\programdata\1378204512.1420.bin
c:\programdata\1378204512.4244.bin
c:\programdata\1378204512.4456.bin
c:\programdata\1378204512.5212.bin
c:\programdata\1378204512.5356.bin
c:\programdata\1378210156.1028.bin
c:\programdata\1378210156.4108.bin
c:\programdata\1378210156.5492.bin
c:\programdata\1378210156.5800.bin
c:\programdata\1378210156.6104.bin
c:\programdata\1378211369.1780.bin
c:\programdata\1378211369.3144.bin
c:\programdata\1378211369.5048.bin
c:\programdata\1378211369.5148.bin
c:\programdata\1378211369.5856.bin
c:\programdata\1378408104.bdinstall.bin
c:\programdata\1378412171.332.bin
c:\programdata\1378412171.4492.bin
c:\programdata\1378412171.4708.bin
c:\programdata\1378412171.4724.bin
c:\programdata\1378412171.4956.bin
c:\programdata\1378412285.bdinstall.bin
c:\programdata\1378412287.2180.bin
c:\programdata\1378412287.3196.bin
c:\programdata\1378412287.3780.bin
c:\programdata\1378412287.4124.bin
c:\programdata\1378412287.6024.bin
c:\programdata\1378412349.bdinstall.bin
c:\programdata\1378412351.4308.bin
c:\programdata\1378412351.4392.bin
c:\programdata\1378412351.4420.bin
c:\programdata\1378412351.5356.bin
c:\programdata\1378412351.5480.bin
c:\programdata\1378412466.bdinstall.bin
c:\programdata\1378412473.bdinstall.bin
c:\programdata\1378425328.bdinstall.bin
c:\programdata\1378491215.bdinstall.bin
c:\programdata\1378571614.bdinstall.bin
c:\programdata\ntuser.dat
c:\users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\spsys.log
c:\windows\system32\win.ini
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 07:32 . 2013-09-12 07:36 -------- d-----w- c:\users\Debbie\AppData\Local\temp
2013-09-12 06:41 . 2013-09-12 06:41 -------- d-----w- c:\program files\Comodo
2013-09-12 06:23 . 2013-09-12 06:23 -------- d-----w- c:\windows\ERUNT
2013-09-12 05:42 . 2013-09-12 05:47 -------- d-----w- C:\AdwCleaner
2013-09-11 16:43 . 2013-09-11 16:43 -------- d-----w- c:\users\Debbie\AppData\Roaming\EurekaLab s.a.s
2013-09-08 05:19 . 2013-09-08 05:19 -------- d-----w- c:\users\Default
2013-09-08 00:20 . 2013-09-08 00:21 -------- d-----w- c:\users\Debbie\AppData\Roaming\Bitdefender
2013-09-08 00:20 . 2013-09-08 00:21 -------- d-----w- c:\programdata\Bitdefender
2013-09-07 16:56 . 2013-09-07 16:56 -------- d-----w- c:\windows\system32\eventlog
2013-09-06 18:15 . 2013-09-08 00:17 -------- d-----w- c:\users\Debbie\{d9233c56-463b-4e04-816b-340485f2b2d7}
2013-09-06 18:14 . 2013-05-28 19:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-06 18:14 . 2012-10-04 21:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-09-06 06:36 . 2013-09-06 17:18 -------- d-----w- c:\programdata\BDLogging(10)
2013-09-06 06:36 . 2012-04-17 21:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-09-06 06:36 . 2013-07-20 01:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-09-06 06:36 . 2013-07-20 01:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-09-06 06:26 . 2013-09-08 00:17 -------- d-----w- c:\program files\Bitdefender
2013-09-03 23:13 . 2013-09-03 23:13 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2013-09-03 23:12 . 2013-09-03 23:12 -------- d-----w- c:\users\Debbie\AppData\Local\PackageAware
2013-09-03 23:11 . 2013-09-03 23:12 13419112 ----a-w- C:\DellDock16a_setup_ENG.exe
2013-09-03 20:25 . 2013-09-08 00:59 -------- d-----w- C:\shexview
2013-09-03 17:51 . 2013-09-07 23:26 -------- d-----w- c:\program files\Common Files\COMODO
2013-09-03 12:20 . 2013-09-11 16:43 -------- d-----w- c:\program files\Your Uninstaller! 7
2013-09-03 12:18 . 2013-09-03 12:18 -------- d-----w- c:\users\Debbie\AppData\Roaming\URSoft
2013-09-03 10:28 . 2013-09-03 10:32 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-09-03 05:29 . 2013-09-08 02:08 -------- d-----w- c:\programdata\FLEXnet
2013-09-02 22:54 . 2013-09-02 22:54 -------- d-----w- c:\users\Debbie\AppData\Local\deb.chase
2013-09-02 19:17 . 2013-09-02 19:17 -------- d-----w- c:\programdata\Dumps
2013-09-02 17:06 . 2013-09-02 17:08 -------- d-----w- c:\program files\Google
2013-09-02 17:06 . 2013-09-02 17:06 -------- d-----w- c:\users\Debbie\AppData\Local\Deployment
2013-09-01 23:34 . 2013-09-01 23:34 -------- d-----w- c:\programdata\PCDr
2013-09-01 20:38 . 2009-07-15 06:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-09-01 20:37 . 2007-04-11 18:11 511328 ----a-w- c:\windows\capicom.dll
2013-09-01 20:37 . 2013-07-23 23:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-09-01 20:37 . 2012-11-02 21:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-09-01 20:19 . 2013-09-01 20:19 -------- d-----w- c:\users\Debbie\AppData\Roaming\QuickScan
2013-09-01 20:08 . 2013-09-08 00:17 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-09-01 01:25 . 2013-09-12 02:07 -------- d-----w- c:\users\Public
2013-09-01 01:24 . 2013-09-01 01:24 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-01 01:23 . 2013-09-01 01:23 -------- d--h--w- c:\programdata\Common Files
2013-08-30 18:04 . 2013-08-30 18:04 -------- d-----w- c:\users\Debbie\AppData\Roaming\HPAppData
2013-08-27 18:39 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 03:29 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 03:29 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 03:29 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 03:29 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 03:29 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 03:29 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 03:29 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 03:29 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 03:29 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 03:29 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 03:29 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 03:29 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 03:29 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 21:58 . 2013-02-23 11:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 21:58 . 2013-02-23 11:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-03 20:24 . 2013-09-03 20:24 65974 ----a-w- C:\shexview.zip
2013-07-15 10:34 . 2013-08-05 21:12 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467E2E10-ADA3-4503-B045-BFCBC169A9DC}\mpengine.dll
2013-07-15 10:34 . 2013-08-02 19:20 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 17:12 . 2013-06-21 17:13 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94EED3CA-6EB0-4FCF-BF89-1AC8EE0252B2}\gapaengine.dll
2013-06-20 16:57 . 2013-06-20 16:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-20 16:57 . 2012-08-19 17:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-20 16:57 . 2010-06-24 19:44 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 16:37 1020936 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 16:37 1020936 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 16:37 1020936 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 22:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 22:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 22:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 22:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-09-06 481344]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-09-06 621448]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-08-14 904168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-06-13 1066504]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-08-13 1834776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-09-06 481344]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-08-14 904168]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-09-06 621448]
.
c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Debbie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-01-30 07:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-23 01:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 14:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1762417864-1738951268-654633136-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
HPService REG_MULTI_SZ   HPSLPSVC
rsmsvcs REG_MULTI_SZ   ntmssvc
ipripsvc REG_MULTI_SZ   iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-03 23:25 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 22:00]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-02 17:06]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
LSP: c:\program files\Bitdefender\Bitdefender\BdProvider.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ECC3BA38-FF24-422D-98DD-8751265CB737}: NameServer = 4.2.2.1,4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Akamai NetSession Interface - c:\users\Debbie\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-Dell DataSafe Online - c:\program files\Dell DataSafe Online\DataSafeOnline.exe
MSConfigStartUp-Dell DataSafe Scheduler - c:\program files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-HLBackupScheduler - c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 00:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}"=hex:51,66,7a,6c,4c,1d,38,12,3d,0f,bf,
   19,11,33,dd,0f,fa,7c,f3,0d,9d,93,dc,3e
"{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}"=hex:51,66,7a,6c,4c,1d,38,12,4a,3c,cd,
   5f,81,99,b7,05,c2,27,92,8f,f4,72,03,a0
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:25,e9,cc,60,95,a8,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,f1,53,c2,4b,a9,b5,43,9e,26,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,f1,53,c2,4b,a9,b5,43,9e,26,43,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\Ä,%d%g*]
"Successes"=dword:c0000000
"Failures"=dword:c0000003
"{ECC3BA38-FF24-422D-98DD-8751265CB737}"=hex:00,18,39,fc,48,09,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5152)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender\vsserv.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\CISVC.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\COMODO\GeekBuddyRSP.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\System32\snmptrap.exe
c:\windows\System32\tlntsvr.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
c:\program files\Bitdefender\Bitdefender\BdParentalSysTray.exe
.
**************************************************************************
.
Completion time: 2013-09-12  00:44:35 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-12 07:44
.
Pre-Run: 211,930,243,072 bytes free
Post-Run: 212,591,902,720 bytes free
.
- - End Of File - - 8BA40F04695D44CDB0CE5C46A550E684
5C616939100B85E558DA92B899A0FC36
 
Please let me know what I need to do next.  Thank you again.


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 12 September 2013 - 05:54 PM

Hey :)
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#14 Quikslvrgrl

Quikslvrgrl
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:02:55 PM

Posted 12 September 2013 - 11:06 PM

Dear "My" oneof4,  Here are scans and thanks again so-o-o much.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013
Ran by Debbie (administrator) on HOME-PC on 12-09-2013 20:53:41
Running from C:\Users\Debbie\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\system32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\System32\tlntsvr.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\BdParentalSysTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\OBKAgent.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Carbonite Backup] - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1834776 2013-08-12] (Bitdefender)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [481344 2013-09-06] (Bitdefender)
HKCU\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [621448 2013-09-06] (Bitdefender)
HKCU\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [904168 2013-08-13] (Bitdefender)
HKCU\...\Policies\Explorer: [NoDrives] 0
Startup: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90DE60E7F9AECE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKCU -Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 02 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 03 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 04 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 05 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 06 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 07 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 08 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 09 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 10 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 21 C:\Program Files\Bitdefender\Bitdefender\BdProvider.dll [96160] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ECC3BA38-FF24-422D-98DD-8751265CB737}: [NameServer]4.2.2.1,4.2.2.2
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [68344 2013-07-05] (Bitdefender)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5015048 2013-06-13] (Carbonite, Inc. (www.carbonite.com))
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2013-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1233256 2013-08-13] (Bitdefender)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
S2 CLPSLauncher; "C:\Program Files\Common Files\COMODO\launcher_service.exe" [x]
S2 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S4 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-31] (Omnivision Technologies, Inc.)
S3 atidgllk; C:\dell\drivers\R169419\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-07-19] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-31] (AVG Technologies)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-07-23] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows ® Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [162976 2012-10-04] (BitDefender LLC)
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-01] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-01] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-07-03] (Advanced Micro Devices, Inc.)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S1 bdselfpr; No ImagePath
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 lanmanserver; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U5 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [x]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
U3 mbr; \??\C:\Users\Debbie\AppData\Local\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-12 20:53 - 2013-09-12 20:53 - 00000000 ____D C:\FRST
2013-09-12 20:52 - 2013-09-12 20:52 - 01082459 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2013-09-12 00:44 - 2013-09-12 00:44 - 00029631 _____ C:\ComboFix.txt
2013-09-12 00:18 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-12 00:18 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 00:18 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 00:18 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 00:18 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 00:18 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 00:18 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 00:18 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 00:17 - 2013-09-12 00:45 - 00000000 ____D C:\Qoobox
2013-09-12 00:17 - 2013-09-12 00:42 - 00000000 ____D C:\Windows\erdnt
2013-09-11 23:41 - 2013-09-11 23:41 - 00000000 ____D C:\Program Files\Comodo
2013-09-11 23:25 - 2013-09-11 23:25 - 00007613 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-09-11 23:23 - 2013-09-11 23:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 22:42 - 2013-09-11 22:47 - 00000000 ____D C:\AdwCleaner
2013-09-11 10:50 - 2013-09-11 10:50 - 01029490 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-09-11 10:49 - 2013-09-11 10:49 - 05124599 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-09-11 10:48 - 2013-09-11 10:48 - 01037278 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-09-11 09:43 - 2013-09-11 09:43 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\EurekaLab s.a.s
2013-09-11 09:18 - 2013-09-11 09:18 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-09-11 09:18 - 2013-09-11 09:17 - 00000862 _____ C:\Windows\system32\termcap
2013-09-10 18:11 - 2013-09-10 18:21 - 02253110 _____ C:\Users\Debbie\Desktop\Documents\VTV Silent Auction Tab Sheet.xlsx
2013-09-10 17:55 - 2013-09-10 17:55 - 00060067 _____ C:\Users\Debbie\Desktop\TS102810153.dotx
2013-09-10 17:23 - 2013-09-10 15:29 - 00002152 _____ C:\Users\Debbie\Desktop\Documents\aswMBR.txt
2013-09-10 17:23 - 2013-09-10 15:18 - 00009709 _____ C:\Users\Debbie\Desktop\Documents\attach.txt
2013-09-10 15:37 - 2013-09-10 15:29 - 00000512 _____ C:\Users\Debbie\Desktop\Documents\MBR.dat
2013-09-10 15:09 - 2013-09-10 15:09 - 00001230 _____ C:\Users\Debbie\Desktop\Documents\checkup.txt
2013-09-10 15:00 - 2013-09-12 20:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 15:45 - 2013-09-09 15:45 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\VERIZON CELL PHONES
2013-09-08 18:14 - 2013-09-08 18:14 - 00000176 _____ C:\MSsupport.htm
2013-09-07 22:19 - 2013-09-12 00:44 - 00000000 ____D C:\Users\Default
2013-09-07 17:20 - 2013-09-07 17:21 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Bitdefender
2013-09-07 17:20 - 2013-09-07 17:21 - 00000000 ____D C:\ProgramData\Bitdefender
2013-09-07 09:56 - 2013-09-07 09:57 - 00013173 _____ C:\Windows\system32\config\osinfo.txt
2013-09-07 09:56 - 2013-09-07 09:57 - 00004669 _____ C:\Windows\system32\config\envinfo.txt
2013-09-07 09:56 - 2013-09-07 09:57 - 00002370 _____ C:\Windows\certutil.log
2013-09-07 09:56 - 2013-09-07 09:57 - 00000890 _____ C:\Windows\system32\config\adapterinfo.txt
2013-09-07 09:56 - 2013-09-07 09:56 - 00000000 ____D C:\Windows\system32\eventlog
2013-09-06 11:15 - 2013-09-07 17:17 - 00000000 ____D C:\Users\Debbie\{d9233c56-463b-4e04-816b-340485f2b2d7}
2013-09-06 11:15 - 2013-09-06 11:15 - 00001904 _____ C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2013-09-06 11:15 - 2013-09-06 11:15 - 00001856 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-09-06 11:14 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2013-09-06 11:14 - 2012-10-04 14:30 - 00162976 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2013-09-05 23:36 - 2013-09-06 10:18 - 00000000 ____D C:\ProgramData\BDLogging(10)
2013-09-05 23:36 - 2013-07-19 18:06 - 00490144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2013-09-05 23:36 - 2013-07-19 18:03 - 00640560 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2013-09-05 23:36 - 2012-04-17 14:40 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2013-09-05 23:26 - 2013-09-07 17:17 - 00000000 ____D C:\Program Files\Bitdefender
2013-09-05 14:49 - 2013-08-20 10:03 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Carbonite Restore Report.htm
2013-09-05 14:48 - 2013-08-20 10:03 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Carbonite Restore Report 08-18-2013 04-51-52PM.html
2013-09-05 14:40 - 2013-09-05 14:41 - 07168896 _____ C:\Users\Debbie\Downloads\bitdefender_tsecurity.exe
2013-09-05 12:54 - 2013-09-05 12:54 - 00072732 _____ C:\Users\Debbie\Downloads\Windows Debugging - Bitdefender Premium Services.htm
2013-09-05 12:50 - 2013-09-11 15:40 - 00000000 ____D C:\Users\Debbie\Downloads\Windows Debugging - Bitdefender Premium Services_files
2013-09-04 23:44 - 2013-09-05 01:58 - 00013086 _____ C:\Users\Debbie\Desktop\Documents\Comodo Rating Scan Sept 4.xlsx
2013-09-04 23:43 - 2013-09-04 23:43 - 00011372 _____ C:\Users\Debbie\Desktop\Documents\Comodo Rating Scan Sept 4..xlsx
2013-09-04 14:04 - 2013-09-04 14:04 - 00903080 _____ (Oracle Corporation) C:\Users\Debbie\Downloads\chromeinstall-7u25.exe
2013-09-03 16:13 - 2013-09-03 16:13 - 00000000 __HDC C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2013-09-03 16:12 - 2013-09-03 16:12 - 00000000 ____D C:\Users\Debbie\AppData\Local\PackageAware
2013-09-03 16:11 - 2013-09-03 16:12 - 13419112 _____ (Stardock Corporation                                                                                                                                                                                                                                                                                        ) C:\DellDock16a_setup_ENG.exe
2013-09-03 13:25 - 2013-09-07 17:59 - 00000000 ____D C:\shexview
2013-09-03 13:24 - 2013-09-03 13:24 - 00065974 _____ C:\shexview.zip
2013-09-03 11:44 - 2013-08-20 10:03 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Restore Report 08-18-2013 04-51-52PM.html
2013-09-03 10:51 - 2013-09-07 16:26 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 05:54 - 2013-09-05 23:37 - 00001636 _____ C:\Windows\setupact.log
2013-09-03 05:54 - 2013-09-03 05:54 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 05:20 - 2013-09-11 09:43 - 00000000 ____D C:\Program Files\Your Uninstaller! 7
2013-09-03 05:18 - 2013-09-03 05:18 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\URSoft
2013-09-03 05:15 - 2013-09-03 05:16 - 08027984 _____ (URSoft, Inc.                                                ) C:\Users\Debbie\Downloads\yusetup7.exe
2013-09-03 03:28 - 2013-09-03 03:32 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-02 22:29 - 2013-09-07 19:08 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-02 19:05 - 2013-09-02 19:05 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2013-09-02 15:54 - 2013-09-02 15:54 - 00000000 ____D C:\Users\Debbie\AppData\Local\deb.chase
2013-09-02 12:17 - 2013-09-02 12:17 - 00000000 ____D C:\ProgramData\Dumps
2013-09-02 10:06 - 2013-09-11 18:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 10:06 - 2013-09-02 10:08 - 00000000 ____D C:\Program Files\Google
2013-09-02 10:06 - 2013-09-02 10:06 - 00000000 ____D C:\Users\Debbie\AppData\Local\Deployment
2013-09-01 16:34 - 2013-09-01 16:34 - 00000000 ____D C:\ProgramData\PCDr
2013-09-01 13:38 - 2013-09-01 13:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-09-01 13:38 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-09-01 13:37 - 2013-07-23 16:50 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2013-09-01 13:37 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2013-09-01 13:37 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2013-09-01 13:19 - 2013-09-01 13:19 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\QuickScan
2013-09-01 13:08 - 2013-09-07 17:17 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-31 18:25 - 2013-09-12 00:44 - 00000000 ____D C:\Users\Public
2013-08-31 18:24 - 2013-08-31 18:24 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-08-31 14:35 - 2013-08-31 14:35 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\RK_Quarantine
2013-08-27 11:39 - 2013-08-01 21:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 23:51 - 2013-07-24 19:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 23:51 - 2013-07-24 19:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 23:51 - 2013-07-24 19:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 23:51 - 2013-07-24 19:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 23:51 - 2013-07-24 19:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 23:51 - 2013-07-24 19:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 23:51 - 2013-07-24 19:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 23:51 - 2013-07-24 19:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 23:51 - 2013-07-24 19:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 23:51 - 2013-07-24 19:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 23:51 - 2013-07-24 19:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 23:51 - 2013-07-24 19:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 23:51 - 2013-07-24 19:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 23:51 - 2013-07-24 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 23:51 - 2013-07-24 19:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 23:51 - 2013-07-24 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 20:29 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 20:29 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 20:29 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 20:29 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 20:29 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 20:29 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 20:29 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 20:29 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 20:29 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 20:29 - 2013-07-04 20:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 20:29 - 2013-07-04 18:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-13 20:29 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-13 20:29 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-12 20:53 - 2013-09-12 20:53 - 00000000 ____D C:\FRST
2013-09-12 20:52 - 2013-09-12 20:52 - 01082459 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2013-09-12 20:44 - 2008-08-04 07:14 - 01689753 _____ C:\Windows\WindowsUpdate.log
2013-09-12 20:35 - 2006-11-02 05:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 20:35 - 2006-11-02 05:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 20:31 - 2013-09-10 15:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 00:45 - 2013-09-12 00:17 - 00000000 ____D C:\Qoobox
2013-09-12 00:44 - 2013-09-12 00:44 - 00029631 _____ C:\ComboFix.txt
2013-09-12 00:44 - 2013-09-07 22:19 - 00000000 ____D C:\Users\Default
2013-09-12 00:44 - 2013-08-31 18:25 - 00000000 ____D C:\Users\Public
2013-09-12 00:42 - 2013-09-12 00:17 - 00000000 ____D C:\Windows\erdnt
2013-09-12 00:35 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 00:35 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini
2013-09-12 00:34 - 2008-01-20 19:47 - 00159724 _____ C:\Windows\PFRO.log
2013-09-12 00:32 - 2013-06-18 09:06 - 00023384 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 23:52 - 2008-08-09 16:34 - 00000000 ____D C:\Users\Debbie
2013-09-11 23:41 - 2013-09-11 23:41 - 00000000 ____D C:\Program Files\Comodo
2013-09-11 23:25 - 2013-09-11 23:25 - 00007613 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-09-11 23:23 - 2013-09-11 23:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 22:47 - 2013-09-11 22:42 - 00000000 ____D C:\AdwCleaner
2013-09-11 19:55 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2013-09-11 19:35 - 2009-12-13 21:31 - 00000000 ____D C:\Program Files\iTunes
2013-09-11 19:35 - 2009-07-11 17:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-11 19:10 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-09-11 18:52 - 2013-09-02 10:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 15:40 - 2013-09-05 12:50 - 00000000 ____D C:\Users\Debbie\Downloads\Windows Debugging - Bitdefender Premium Services_files
2013-09-11 11:07 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 10:50 - 2013-09-11 10:50 - 01029490 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-09-11 10:49 - 2013-09-11 10:49 - 05124599 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-09-11 10:48 - 2013-09-11 10:48 - 01037278 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-09-11 09:43 - 2013-09-11 09:43 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\EurekaLab s.a.s
2013-09-11 09:43 - 2013-09-03 05:20 - 00000000 ____D C:\Program Files\Your Uninstaller! 7
2013-09-11 09:37 - 2013-06-15 21:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-11 09:18 - 2013-09-11 09:18 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-09-11 09:18 - 2012-08-14 22:07 - 00033984 _____ C:\Windows\iis7.log
2013-09-11 09:18 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-09-11 09:17 - 2013-09-11 09:18 - 00000862 _____ C:\Windows\system32\termcap
2013-09-10 18:21 - 2013-09-10 18:11 - 02253110 _____ C:\Users\Debbie\Desktop\Documents\VTV Silent Auction Tab Sheet.xlsx
2013-09-10 17:55 - 2013-09-10 17:55 - 00060067 _____ C:\Users\Debbie\Desktop\TS102810153.dotx
2013-09-10 15:29 - 2013-09-10 17:23 - 00002152 _____ C:\Users\Debbie\Desktop\Documents\aswMBR.txt
2013-09-10 15:29 - 2013-09-10 15:37 - 00000512 _____ C:\Users\Debbie\Desktop\Documents\MBR.dat
2013-09-10 15:18 - 2013-09-10 17:23 - 00009709 _____ C:\Users\Debbie\Desktop\Documents\attach.txt
2013-09-10 15:09 - 2013-09-10 15:09 - 00001230 _____ C:\Users\Debbie\Desktop\Documents\checkup.txt
2013-09-10 14:58 - 2013-02-23 04:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-10 14:58 - 2013-02-23 04:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 10:11 - 2012-09-05 11:18 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-09-09 16:14 - 2013-02-25 20:36 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\BILLS
2013-09-09 15:47 - 2008-08-10 15:27 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\RESUMES
2013-09-09 15:45 - 2013-09-09 15:45 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\VERIZON CELL PHONES
2013-09-09 15:43 - 2012-11-01 11:49 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\BIRTHDAYS
2013-09-09 15:43 - 2008-08-10 15:27 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\MARY
2013-09-09 15:37 - 2009-01-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Intuit
2013-09-09 15:36 - 2006-11-02 05:42 - 00000000 ____D C:\Windows\WindowsMobile
2013-09-09 15:30 - 2008-09-13 22:39 - 00000000 ____D C:\Windows\pss
2013-09-09 15:29 - 2008-02-03 16:07 - 00000000 ____D C:\Windows\Panther
2013-09-09 15:27 - 2009-01-24 18:42 - 00000000 ____D C:\Program Files\TurboTax
2013-09-08 18:47 - 2008-10-27 22:05 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\My Scans
2013-09-08 18:14 - 2013-09-08 18:14 - 00000176 _____ C:\MSsupport.htm
2013-09-08 09:39 - 2006-11-01 23:38 - 00002274 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2013-09-07 22:16 - 2006-11-02 05:47 - 00500072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-07 22:15 - 2008-08-04 12:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-07 19:08 - 2013-09-02 22:29 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-07 18:50 - 2008-11-12 13:03 - 00000680 _____ C:\Users\Debbie\AppData\Local\d3d9caps.dat
2013-09-07 17:59 - 2013-09-03 13:25 - 00000000 ____D C:\shexview
2013-09-07 17:21 - 2013-09-07 17:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Bitdefender
2013-09-07 17:21 - 2013-09-07 17:20 - 00000000 ____D C:\ProgramData\Bitdefender
2013-09-07 17:19 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-07 17:18 - 2006-11-02 03:22 - 55836672 _____ C:\Windows\system32\config\software_previous
2013-09-07 17:18 - 2006-11-02 03:22 - 43778048 _____ C:\Windows\system32\config\components_previous
2013-09-07 17:18 - 2006-11-02 03:22 - 101974016 _____ C:\Windows\system32\config\system_previous
2013-09-07 17:18 - 2006-11-02 03:22 - 00786432 _____ C:\Windows\system32\config\default_previous
2013-09-07 17:18 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-09-07 17:18 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-09-07 17:17 - 2013-09-06 11:15 - 00000000 ____D C:\Users\Debbie\{d9233c56-463b-4e04-816b-340485f2b2d7}
2013-09-07 17:17 - 2013-09-05 23:26 - 00000000 ____D C:\Program Files\Bitdefender
2013-09-07 17:17 - 2013-09-01 13:08 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-09-07 17:17 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2013-09-07 16:26 - 2013-09-03 10:51 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-07 09:57 - 2013-09-07 09:56 - 00013173 _____ C:\Windows\system32\config\osinfo.txt
2013-09-07 09:57 - 2013-09-07 09:56 - 00004669 _____ C:\Windows\system32\config\envinfo.txt
2013-09-07 09:57 - 2013-09-07 09:56 - 00002370 _____ C:\Windows\certutil.log
2013-09-07 09:57 - 2013-09-07 09:56 - 00000890 _____ C:\Windows\system32\config\adapterinfo.txt
2013-09-07 09:56 - 2013-09-07 09:56 - 00000000 ____D C:\Windows\system32\eventlog
2013-09-06 11:15 - 2013-09-06 11:15 - 00001904 _____ C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2013-09-06 11:15 - 2013-09-06 11:15 - 00001856 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-09-06 10:18 - 2013-09-05 23:36 - 00000000 ____D C:\ProgramData\BDLogging(10)
2013-09-05 23:37 - 2013-09-03 05:54 - 00001636 _____ C:\Windows\setupact.log
2013-09-05 14:41 - 2013-09-05 14:40 - 07168896 _____ C:\Users\Debbie\Downloads\bitdefender_tsecurity.exe
2013-09-05 12:54 - 2013-09-05 12:54 - 00072732 _____ C:\Users\Debbie\Downloads\Windows Debugging - Bitdefender Premium Services.htm
2013-09-05 01:58 - 2013-09-04 23:44 - 00013086 _____ C:\Users\Debbie\Desktop\Documents\Comodo Rating Scan Sept 4.xlsx
2013-09-04 23:43 - 2013-09-04 23:43 - 00011372 _____ C:\Users\Debbie\Desktop\Documents\Comodo Rating Scan Sept 4..xlsx
2013-09-04 14:04 - 2013-09-04 14:04 - 00903080 _____ (Oracle Corporation) C:\Users\Debbie\Downloads\chromeinstall-7u25.exe
2013-09-04 12:41 - 2008-08-10 15:27 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\MEDICATIONS
2013-09-04 11:07 - 2012-05-15 14:31 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\CORVETTE CLUB
2013-09-03 16:13 - 2013-09-03 16:13 - 00000000 __HDC C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
2013-09-03 16:12 - 2013-09-03 16:12 - 00000000 ____D C:\Users\Debbie\AppData\Local\PackageAware
2013-09-03 16:12 - 2013-09-03 16:11 - 13419112 _____ (Stardock Corporation                                                                                                                                                                                                                                                                                        ) C:\DellDock16a_setup_ENG.exe
2013-09-03 13:31 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-03 13:31 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2013-09-03 13:24 - 2013-09-03 13:24 - 00065974 _____ C:\shexview.zip
2013-09-03 05:54 - 2013-09-03 05:54 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 05:39 - 2013-04-05 12:40 - 00000000 _____ C:\Windows\system32\SYSTEM.INI
2013-09-03 05:18 - 2013-09-03 05:18 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\URSoft
2013-09-03 05:16 - 2013-09-03 05:15 - 08027984 _____ (URSoft, Inc.                                                ) C:\Users\Debbie\Downloads\yusetup7.exe
2013-09-03 04:53 - 2013-07-20 13:21 - 00000000 ____D C:\Windows\Minidump
2013-09-03 03:32 - 2013-09-03 03:28 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-02 19:05 - 2013-09-02 19:05 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2013-09-02 15:54 - 2013-09-02 15:54 - 00000000 ____D C:\Users\Debbie\AppData\Local\deb.chase
2013-09-02 12:17 - 2013-09-02 12:17 - 00000000 ____D C:\ProgramData\Dumps
2013-09-02 10:08 - 2013-09-02 10:06 - 00000000 ____D C:\Program Files\Google
2013-09-02 10:08 - 2008-08-09 16:34 - 00000000 ____D C:\Users\Debbie\AppData\Local\Google
2013-09-02 10:06 - 2013-09-02 10:06 - 00000000 ____D C:\Users\Debbie\AppData\Local\Deployment
2013-09-01 23:30 - 2008-08-09 16:34 - 00000917 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-09-01 16:34 - 2013-09-01 16:34 - 00000000 ____D C:\ProgramData\PCDr
2013-09-01 13:38 - 2013-09-01 13:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-09-01 13:19 - 2013-09-01 13:19 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\QuickScan
2013-09-01 10:15 - 2008-08-09 16:34 - 00000000 __SHD C:\Users\Debbie\S-1-5-21-1762417864-1738951268-654633136-1000
2013-08-31 18:24 - 2013-08-31 18:24 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-08-31 14:35 - 2013-08-31 14:35 - 00000000 ____D C:\Users\Debbie\Desktop\Documents\RK_Quarantine
2013-08-31 12:33 - 2008-08-04 12:29 - 00000000 ____D C:\ProgramData\Adobe
2013-08-25 11:00 - 2008-12-16 17:49 - 00000000 ____D C:\Program Files\HP
2013-08-23 21:39 - 2013-08-07 16:01 - 00008467 _____ C:\Users\Debbie\Desktop\Documents\Christopher's Shoes.xlsx
2013-08-20 10:03 - 2013-09-05 14:49 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Carbonite Restore Report.htm
2013-08-20 10:03 - 2013-09-05 14:48 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Carbonite Restore Report 08-18-2013 04-51-52PM.html
2013-08-20 10:03 - 2013-09-03 11:44 - 00017686 _____ C:\Users\Debbie\Desktop\Documents\Restore Report 08-18-2013 04-51-52PM.html
2013-08-20 10:02 - 2013-06-23 14:38 - 00220549 _____ C:\Windows\hpoins35.dat
2013-08-20 10:02 - 2008-08-10 15:06 - 00040387 _____ C:\ProgramData\hpzinstall.log
2013-08-13 23:59 - 2013-07-10 11:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 23:57 - 2006-11-02 03:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-13 23:56 - 2008-08-04 12:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 23:53 - 2006-11-02 03:33 - 00815986 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-12 12:46
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013
Ran by Debbie at 2013-09-12 20:55:44
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AIO_CDA_ProductContext (Version: 82.0.233.000)
AIO_CDA_Software (Version: 82.0.233.000)
AIO_Scan (Version: 82.0.173.000)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avery Wizard 3.1 (Version: 3.1.5)
Bitdefender Total Security (Version: 17.16.0.729)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C309a (Version: 140.0.690.000)
Carbonite (Version: 5.4.7 build 3239 (Jun-13-2013))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0704.122.388)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
Catalyst Control Center Localization All (Version: 2012.0704.122.388)
CCC Help English (Version: 2012.0704.0121.388)
CCC Help Greek (Version: 2012.0704.0121.388)
CCC Help Hungarian (Version: 2012.0704.0121.388)
CCC Help Italian (Version: 2012.0704.0121.388)
CCC Help Japanese (Version: 2012.0704.0121.388)
CCC Help Korean (Version: 2012.0704.0121.388)
CCC Help Norwegian (Version: 2012.0704.0121.388)
CCC Help Polish (Version: 2012.0704.0121.388)
CCC Help Portuguese (Version: 2012.0704.0121.388)
CCC Help Russian (Version: 2012.0704.0121.388)
CCC Help Spanish (Version: 2012.0704.0121.388)
CCC Help Swedish (Version: 2012.0704.0121.388)
ccc-utility (Version: 2012.0704.122.388)
Dell Dock (Version: 1.0.0)
Dell Dock (Version: 2.0)
Dell Support Center (Support Software) (Version: 2.2.08335)
Dell Support Center (Version: 3.1.5830.17)
DesignPro 5 (Version: 5.5.708)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DocProc (Version: 13.0.0.0)
eReg (Version: 1.20.138.34)
Fax (Version: 140.0.212.000)
Google Chrome (Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 140.0.211.000)
GPS Image Tracker (Version: 1.0.01.07100)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 10.7.9.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
Intel® PRO Network Connections 12.1.11.0 (Version: )
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
MarketResearch (Version: 140.0.212.000)
Media Manager for WALKMAN 1.2 (Version: 1.2.771)
Metafile Companion 1.10
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NEC DISPLAY SOLUTIONS NaViSet (Version: 1.1.24)
NEC DISPLAY SOLUTIONS: Desktop Monitor Installer (Version: 0.13.03.01)
Network (Version: 140.0.215.000)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OLYMPUS CAMEDIA Master 4.1
onOne Essentials 2.0 (Version: 2.0)
OVT Scanner X86 (Version: 1.00.0000)
Picture Package Music Transfer (Version: 1.0.01.12210)
Post-it® Software Notes Lite
PS_AIO_05_C309_Software_Min (Version: 140.0.690.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2400.0)
Scan (Version: 140.0.80.000)
SelectionLinks (Version: 1.0)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Sony Picture Utility (Version: 1.1.01.07100)
Status (Version: 140.0.212.000)
System Requirements Lab for Intel (Version: 4.5.5.0)
Toolbox (Version: 140.0.428.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 140.0.212.000)
TurboTax 2011 wcaiper (Version: 011.000.1647)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 wcaiper (Version: 012.000.1508)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2178)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0473)
TurboTax 2012 wrapper (Version: 012.000.0127)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg (Version: 140.0.212.017)
WYO Home Inventory 4.13 (Version: 4.13)
Your Uninstaller! 7 (Version: 7.5.2013.2)
 
==================== Restore Points  =========================
 
05-09-2013 20:39:34 Before uninstalling Comodo Dragon
05-09-2013 20:41:01 Before uninstalling GeekBuddy
05-09-2013 20:41:13 Removed GeekBuddy.
05-09-2013 20:42:42 Before uninstalling COMODO Internet Security Pro 2013
05-09-2013 20:42:53 Removed COMODO Internet Security Pro 2013
05-09-2013 21:09:26 Before uninstalling Adobe Flash Player 11 ActiveX
06-09-2013 06:37:16 Device Driver Package Install: BitDefender LLC Network Service
06-09-2013 10:00:16 Windows Update
06-09-2013 18:15:32 Device Driver Package Install: BitDefender LLC Network Service
06-09-2013 23:12:48 Restore Operation
06-09-2013 23:29:10 Restore Operation
07-09-2013 16:35:37 Windows Update
07-09-2013 22:47:18 Restore Operation
07-09-2013 22:57:48 Windows Update
07-09-2013 22:58:36 Restore Operation
07-09-2013 23:23:54 Restore Operation
07-09-2013 23:36:09 Restore Operation
08-09-2013 00:14:15 Restore Operation
08-09-2013 15:40:21 Removed Costco Photo Organizer
09-09-2013 21:53:41 Removed TurboTax 2008 wcoiper
09-09-2013 21:54:03 Removed TurboTax 2008 wcaiper
09-09-2013 21:54:35 Removed TurboTax 2008 WinPerUserEducation
09-09-2013 21:55:03 Removed TurboTax 2008 WinPerProgramHelp
09-09-2013 21:56:03 Removed TurboTax 2008 WinPerTaxSupport
09-09-2013 21:56:41 Removed TurboTax 2008 WinPerFedFormset
09-09-2013 21:57:36 Removed TurboTax 2008 WinPerReleaseEngine
09-09-2013 21:59:13 Removed TurboTax 2008 wrapper
09-09-2013 22:32:54 Removed TurboTax 2009 wneiper
09-09-2013 22:33:04 Removed TurboTax 2009 wcaiper
09-09-2013 22:33:37 Removed TurboTax 2009 wcoiper
09-09-2013 22:34:09 Removed TurboTax 2009 WinPerTaxSupport
09-09-2013 22:35:18 Removed TurboTax 2009 WinPerFedFormset
09-09-2013 22:36:24 Removed TurboTax 2009 WinPerReleaseEngine
09-09-2013 22:37:53 Removed TurboTax 2009 wrapper
09-09-2013 22:41:16 Removed TurboTax 2005 - MSXML 3
11-09-2013 14:48:23 Windows Modules Installer
11-09-2013 16:17:21 Windows Modules Installer
11-09-2013 22:48:05 Removed Dell Dock
12-09-2013 02:30:56 Removed iTunes
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2013-09-12 00:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {09470A19-FDBB-4F7E-BB3E-31227A2BC731} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: {0D6C0C4D-CE1A-45A6-875A-A5B505BED4D4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Debbie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1FD212DD-BC62-41F1-8E23-C7FE5264EEC1} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {2BC00C3C-2139-4CA5-B0A9-2F220DBAC526} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EAB3FDC-8FF5-4C58-A91B-3573F76E86FB} - System32\Tasks\{D3AF7E7B-366D-4AC8-954A-7EB48DEACE04} => C:\Program Files\Skype\Phone\Skype.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {5BC55873-C88D-41E4-8400-D029A45C7999} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {81C7E7F2-D378-4955-99CA-0D43A096C886} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-06-21] (PC-Doctor, Inc.)
Task: {821E5D90-ACE1-4BF3-A257-C8D5A923B85D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9092FF44-C6D9-4C05-B8F0-F8D9C4C654D0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-06-21] (PC-Doctor, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {B753586B-05F6-4ED8-9470-ADB9F58BFC1C} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: {C30152DB-96E9-4FE9-A535-7D0045D9A0C1} - System32\Tasks\0 => Iexplore.exe 
Task: {D00BFCE2-32EC-4AD9-BD3E-E5B87959CE7B} - System32\Tasks\User_Feed_Synchronization-{7B320604-0FEE-4506-9B46-E4190B5E47CA} => C:\Windows\system32\msfeedssync.exe [2011-03-30] (Microsoft Corporation)
Task: {D488B74D-61D9-4831-9C82-C0E1BA611CAF} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E1621386-FD54-437D-9A91-562D3583C64A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE58B4D6-20A7-47FE-AA9C-1F56AF2C3DAC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {F0F1449F-701F-444C-A252-937E3052E905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {FF5177B0-0F20-49A0-A0C3-572781D9E6D1} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-03 16:13 - 2013-09-03 16:13 - 00291840 _____ (Stardock) C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ce00a5e82fbe2eb68c3b64d4960c7568\MyDock.Util.ni.dll
2013-09-03 16:14 - 2013-09-03 16:14 - 02584064 _____ (Stardock Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\2086bbf2f31e970b5609a54cd9868c66\DellDock.ni.exe
2013-09-03 16:14 - 2013-09-03 16:14 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ebd950906a4ecae2d2d9393408361996\VistaBridgeLibrary.ni.dll
2013-09-03 16:14 - 2013-09-03 16:14 - 15881728 _____ (DevComponents.com) C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\bc0e7f0d5e3a3d7f1620ef4785026da9\MenuSkinning.ni.dll
2010-10-12 07:45 - 2010-10-12 07:45 - 00378224 _____ (Stardock) C:\Program Files\Dell\DellDock\MyDockLib.dll
2010-08-04 01:14 - 2012-07-03 22:09 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-09-05 23:36 - 2013-06-19 12:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-09-05 23:36 - 2013-04-18 16:49 - 02349288 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Program Files\Bitdefender\Bitdefender\htmlayout.dll
2013-06-13 09:37 - 2013-06-13 09:37 - 01020936 ____R (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-03 16:28 - 2013-09-02 13:35 - 13599184 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:DDCD5068
 
==================== Faulty Device Manager Devices =============
 
Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2013 00:36:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/12/2013 00:37:43 AM) (Source: Service Control Manager) (User: )
Description: BdfNdisf
bdselfpr
 
Error: (09/12/2013 00:37:43 AM) (Source: Service Control Manager) (User: )
Description: Diagnostic System Host
 
Error: (09/12/2013 00:37:41 AM) (Source: Service Control Manager) (User: )
Description: Diagnostic Service Host
 
Error: (09/12/2013 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: Terminal Services ConfigurationLanmanWorkstation
 
Error: (09/12/2013 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: NetlogonLanmanWorkstation
 
Error: (09/12/2013 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserLanmanServer
 
Error: (09/12/2013 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147942402
 
Error: (09/12/2013 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: COMODO LPS Launcher%%2
 
Error: (09/12/2013 00:35:21 AM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
 
Error: (09/12/2013 00:32:28 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
 
Microsoft Office Sessions:
=========================
Error: (07/12/2012 10:31:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 57 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/03/2009 10:58:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/10/2008 04:23:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/10/2008 04:21:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 809 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/10/2008 04:07:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-12 20:53:56.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 20:53:56.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 20:53:56.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 20:53:55.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:23:53.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:23:52.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:23:52.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:23:52.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:22:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 00:22:23.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3325.27 MB
Available physical RAM: 1455.67 MB
Total Pagefile: 8260.12 MB
Available Pagefile: 6555.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.03 GB) (Free:197.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:8.58 GB) NTFS
Drive e: (Sep 08 2013) (CDROM) (Total:0.69 GB) (Free:0.6 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 70000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

THE END.  

Quikslvrgrl



#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:55 PM

Posted 13 September 2013 - 01:17 PM

Hi :)

Please go to logo.gif
Browse to the following file path in the "Suspicious files to scan" field on the top of the page:

 

C:\Windows\system32\DRIVERS\NDSPCIIO.SYS

 

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the
Clipboard.
Paste the contents of the Clipboard in your next reply.


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users