Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit


  • This topic is locked This topic is locked
10 replies to this topic

#1 tarheel3185

tarheel3185

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 November 2013 - 02:57 PM

Typical ZeroAccess error messages. Now it will not allow to enable windows defender.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 27 November 2013 - 03:29 PM

Hello tarheel3185,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Do you have a USB Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 tarheel3185

tarheel3185
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 November 2013 - 03:43 PM

Yes



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 27 November 2013 - 05:53 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
You will need FRST64

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Edited by fireman4it, 27 November 2013 - 05:53 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 tarheel3185

tarheel3185
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 November 2013 - 06:15 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by Lynda (administrator) on DOVERS on 27-11-2013 18:12:05
Running from C:\Users\Lynda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-07-23] (Acresso Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [330 2013-11-27] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Rylee\...\Run: [Best Buy pc app] - C:\Users\Rylee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [398 2013-09-11] ()
HKU\Rylee\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Rylee\...\Policies\system: [LogonHoursAction] 2
HKU\Rylee\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADE6233B8EEBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lynda\AppData\Roaming\Mozilla\Firefox\Profiles\pvk3i34b.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

S2 0183631385570213mcinstcleanup; C:\windows\TEMP\018363~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MFE_RR; \??\C:\Users\Lynda\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-27 18:12 - 2013-11-27 18:12 - 00019051 _____ C:\Users\Lynda\Downloads\FRST.txt
2013-11-27 18:11 - 2013-11-27 18:11 - 01958850 _____ (Farbar) C:\Users\Lynda\Downloads\FRST64.exe
2013-11-27 18:11 - 2013-11-27 18:11 - 00000000 ____D C:\FRST
2013-11-27 14:52 - 2013-11-27 14:52 - 00026231 _____ C:\Users\Lynda\Desktop\dds.txt
2013-11-27 14:52 - 2013-11-27 14:52 - 00011514 _____ C:\Users\Lynda\Desktop\attach.txt
2013-11-27 14:51 - 2013-11-27 14:51 - 00688992 ____R (Swearware) C:\Users\Lynda\Downloads\dds.com
2013-11-27 11:35 - 2013-11-27 12:15 - 00003456 _____ C:\Users\Lynda\Desktop\Rkill.txt
2013-11-27 11:35 - 2013-11-27 11:35 - 00000000 ____D C:\Users\Lynda\Desktop\rkill
2013-11-21 17:30 - 2013-11-21 17:31 - 00000000 ____D C:\AdwCleaner
2013-11-21 17:30 - 2013-11-21 17:30 - 01085542 _____ C:\Users\Lynda\Downloads\AdwCleaner.exe
2013-11-21 16:18 - 2013-11-21 16:18 - 00002243 _____ C:\windows\epplauncher.mif
2013-11-21 16:16 - 2013-11-21 16:16 - 13670584 _____ (Microsoft Corporation) C:\Users\Lynda\Downloads\mseinstall.exe
2013-11-21 16:01 - 2013-11-21 16:07 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-19 03:08 - 2013-11-19 03:08 - 00000000 __SHD C:\found.001
2013-11-19 00:47 - 2013-11-19 00:47 - 00000043 _____ C:\Users\Lynda\AppData\Roaming\mbam.context.scan
2013-11-18 19:53 - 2013-11-18 19:53 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 19:53 - 2013-11-18 19:53 - 00000000 ____D C:\Users\Lynda\AppData\Roaming\Malwarebytes
2013-11-18 19:52 - 2013-11-18 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 19:52 - 2013-11-18 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 19:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-18 19:51 - 2013-11-18 19:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lynda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-15 22:16 - 2013-11-15 22:16 - 00000000 __SHD C:\found.000
2013-11-15 21:35 - 2013-11-15 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 20:26 - 2013-11-27 18:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 20:26 - 2013-11-15 20:26 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 20:25 - 2013-11-15 20:25 - 00000000 ____D C:\ProgramData\Sun
2013-11-15 20:25 - 2013-11-15 20:24 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-15 20:25 - 2013-11-15 20:24 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-15 20:25 - 2013-11-15 20:24 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-15 20:25 - 2013-11-15 20:24 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-15 13:33 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-15 13:32 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-15 13:32 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-15 13:31 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-15 13:31 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-15 13:31 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-15 13:31 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 13:31 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-15 13:31 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-15 13:30 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-15 13:30 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-15 13:30 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-15 13:30 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-15 13:30 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-15 13:30 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-15 13:30 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-15 13:30 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-15 13:30 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-15 13:30 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-15 13:30 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-15 13:30 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-15 13:30 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-15 13:30 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-15 13:29 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-15 13:29 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-15 13:27 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-15 13:27 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-15 13:27 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-15 13:27 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-15 13:27 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 13:13 - 2013-11-27 18:11 - 00338484 _____ C:\windows\WindowsUpdate.log
2013-11-15 10:14 - 2013-11-15 10:14 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-11-15 08:16 - 2013-11-20 14:53 - 00007528 _____ C:\windows\PFRO.log
2013-11-15 08:06 - 2013-11-15 08:06 - 00782640 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\rootkitremover.exe
2013-11-14 18:48 - 2013-11-27 11:27 - 00001232 _____ C:\windows\setupact.log
2013-11-14 18:48 - 2013-11-14 18:48 - 00000000 _____ C:\windows\setuperr.log
2013-11-14 16:44 - 2013-11-20 09:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-14 16:44 - 2013-11-14 16:44 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-11-14 16:44 - 2013-11-14 16:44 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-11-14 16:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2013-11-14 16:43 - 2013-11-14 16:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-14 16:42 - 2013-11-14 16:43 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Lynda\Downloads\spybot-2.2.exe
2013-11-14 16:21 - 2013-11-14 16:21 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2013-11-14 16:21 - 2013-11-14 16:21 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2013-11-14 16:21 - 2010-04-13 20:10 - 00066040 _____ (Mozy, Inc.) C:\windows\system32\Drivers\MOBK.sys
2013-11-14 16:05 - 2013-11-27 11:39 - 00001855 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-14 16:05 - 2013-11-27 11:30 - 00000000 __RSD C:\Users\Lynda\Documents\McAfee Vaults
2013-11-14 16:05 - 2013-11-14 16:05 - 00000000 ____D C:\Users\Lynda\AppData\Local\McAfee File Lock
2013-11-14 16:05 - 2013-11-14 16:05 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-11-14 16:05 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2013-11-14 16:05 - 2013-09-09 11:11 - 00074560 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
2013-11-14 16:04 - 2013-11-14 16:05 - 00000000 ____D C:\Program Files\McAfee
2013-11-14 16:04 - 2013-11-14 16:05 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-11-14 16:04 - 2013-11-14 16:04 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-14 15:31 - 2013-11-14 15:31 - 05284264 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\McAfeeSetup(1).exe
2013-11-14 15:27 - 2013-11-14 15:56 - 00000000 ____D C:\Program Files\stinger
2013-11-14 15:22 - 2013-11-15 08:22 - 00000000 ____D C:\ProgramData\McAfee
2013-11-14 15:22 - 2013-11-14 16:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-14 15:22 - 2013-09-24 20:25 - 00182752 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2013-11-14 15:21 - 2013-11-14 15:21 - 05131824 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\McAfeeSetup.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 14:05 - 2013-11-14 14:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 14:05 - 2013-11-14 14:05 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-14 14:05 - 2013-11-14 14:05 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-14 14:05 - 2013-11-14 14:05 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-14 14:05 - 2013-11-14 14:05 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-14 14:05 - 2013-11-14 14:05 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-14 14:05 - 2013-11-14 14:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-14 14:05 - 2013-11-14 14:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-14 14:05 - 2013-11-14 14:05 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-14 14:05 - 2013-11-14 14:05 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-11 11:09 - 2013-11-11 11:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-02 08:43 - 2013-11-02 08:43 - 00000000 ____D C:\Users\Lynda\AppData\Local\Macromedia
2013-10-31 14:49 - 2013-11-15 20:26 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-31 14:49 - 2013-10-31 14:49 - 00000000 ____D C:\windows\system32\Macromed
2013-10-31 14:46 - 2013-10-31 14:46 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-31 14:46 - 2013-10-31 14:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-31 07:48 - 2013-10-31 07:48 - 00837768 _____ C:\windows\Minidump\103113-66206-01.dmp
2013-10-30 16:30 - 2013-10-30 16:30 - 00975832 _____ C:\windows\Minidump\103013-62416-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-27 18:12 - 2013-11-27 18:12 - 00019051 _____ C:\Users\Lynda\Downloads\FRST.txt
2013-11-27 18:11 - 2013-11-27 18:11 - 01958850 _____ (Farbar) C:\Users\Lynda\Downloads\FRST64.exe
2013-11-27 18:11 - 2013-11-27 18:11 - 00000000 ____D C:\FRST
2013-11-27 18:11 - 2013-11-15 13:13 - 00338484 _____ C:\windows\WindowsUpdate.log
2013-11-27 18:10 - 2013-11-15 20:26 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 17:14 - 2010-07-18 20:28 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 17:00 - 2013-10-01 14:41 - 00000000 ____D C:\Users\Lynda\AppData\Local\CrashDumps
2013-11-27 14:52 - 2013-11-27 14:52 - 00026231 _____ C:\Users\Lynda\Desktop\dds.txt
2013-11-27 14:52 - 2013-11-27 14:52 - 00011514 _____ C:\Users\Lynda\Desktop\attach.txt
2013-11-27 14:51 - 2013-11-27 14:51 - 00688992 ____R (Swearware) C:\Users\Lynda\Downloads\dds.com
2013-11-27 14:40 - 2009-07-14 00:13 - 00727144 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-27 12:15 - 2013-11-27 11:35 - 00003456 _____ C:\Users\Lynda\Desktop\Rkill.txt
2013-11-27 11:39 - 2013-11-14 16:05 - 00001855 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-27 11:36 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 11:36 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 11:35 - 2013-11-27 11:35 - 00000000 ____D C:\Users\Lynda\Desktop\rkill
2013-11-27 11:30 - 2013-11-14 16:05 - 00000000 __RSD C:\Users\Lynda\Documents\McAfee Vaults
2013-11-27 11:28 - 2010-07-18 20:28 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 11:28 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-27 11:27 - 2013-11-14 18:48 - 00001232 _____ C:\windows\setupact.log
2013-11-21 17:31 - 2013-11-21 17:30 - 00000000 ____D C:\AdwCleaner
2013-11-21 17:30 - 2013-11-21 17:30 - 01085542 _____ C:\Users\Lynda\Downloads\AdwCleaner.exe
2013-11-21 16:20 - 2012-07-18 14:55 - 00312320 ___SH C:\Users\Lynda\Thumbs.db
2013-11-21 16:18 - 2013-11-21 16:18 - 00002243 _____ C:\windows\epplauncher.mif
2013-11-21 16:16 - 2013-11-21 16:16 - 13670584 _____ (Microsoft Corporation) C:\Users\Lynda\Downloads\mseinstall.exe
2013-11-21 16:07 - 2013-11-21 16:01 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-20 14:53 - 2013-11-15 08:16 - 00007528 _____ C:\windows\PFRO.log
2013-11-20 09:32 - 2013-11-14 16:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-19 03:08 - 2013-11-19 03:08 - 00000000 __SHD C:\found.001
2013-11-19 00:48 - 2010-07-18 20:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-19 00:47 - 2013-11-19 00:47 - 00000043 _____ C:\Users\Lynda\AppData\Roaming\mbam.context.scan
2013-11-18 19:53 - 2013-11-18 19:53 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 19:53 - 2013-11-18 19:53 - 00000000 ____D C:\Users\Lynda\AppData\Roaming\Malwarebytes
2013-11-18 19:53 - 2013-11-18 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 19:52 - 2013-11-18 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 19:51 - 2013-11-18 19:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lynda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-17 02:48 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-11-15 22:16 - 2013-11-15 22:16 - 00000000 __SHD C:\found.000
2013-11-15 21:48 - 2013-09-16 08:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 21:41 - 2010-07-18 20:28 - 00000000 ____D C:\Program Files\Google
2013-11-15 21:40 - 2010-10-27 05:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-15 21:40 - 2010-10-27 05:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-15 21:36 - 2013-11-15 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:30 - 2010-12-08 13:13 - 00000000 ____D C:\Users\Lynda\AppData\Local\Google
2013-11-15 20:31 - 2013-09-08 19:34 - 00000000 ____D C:\windows\system32\MRT
2013-11-15 20:28 - 2011-02-18 11:56 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-15 20:26 - 2013-11-15 20:26 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 20:26 - 2013-10-31 14:49 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 20:26 - 2011-05-19 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 20:25 - 2013-11-15 20:25 - 00000000 ____D C:\ProgramData\Sun
2013-11-15 20:24 - 2013-11-15 20:25 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-15 20:24 - 2013-11-15 20:25 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-15 20:24 - 2013-11-15 20:25 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-15 20:24 - 2013-11-15 20:25 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-15 15:29 - 2010-07-18 20:25 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-15 10:14 - 2013-11-15 10:14 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-11-15 08:22 - 2013-11-14 15:22 - 00000000 ____D C:\ProgramData\McAfee
2013-11-15 08:06 - 2013-11-15 08:06 - 00782640 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\rootkitremover.exe
2013-11-14 18:48 - 2013-11-14 18:48 - 00000000 _____ C:\windows\setuperr.log
2013-11-14 16:48 - 2013-11-14 15:22 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-14 16:44 - 2013-11-14 16:44 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-11-14 16:44 - 2013-11-14 16:44 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-11-14 16:44 - 2013-11-14 16:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-14 16:43 - 2013-11-14 16:42 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Lynda\Downloads\spybot-2.2.exe
2013-11-14 16:21 - 2013-11-14 16:21 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2013-11-14 16:21 - 2013-11-14 16:21 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2013-11-14 16:05 - 2013-11-14 16:05 - 00000000 ____D C:\Users\Lynda\AppData\Local\McAfee File Lock
2013-11-14 16:05 - 2013-11-14 16:05 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-11-14 16:05 - 2013-11-14 16:04 - 00000000 ____D C:\Program Files\McAfee
2013-11-14 16:05 - 2013-11-14 16:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-11-14 16:04 - 2013-11-14 16:04 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-14 15:56 - 2013-11-14 15:27 - 00000000 ____D C:\Program Files\stinger
2013-11-14 15:31 - 2013-11-14 15:31 - 05284264 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\McAfeeSetup(1).exe
2013-11-14 15:21 - 2013-11-14 15:21 - 05131824 _____ (McAfee, Inc.) C:\Users\Lynda\Downloads\McAfeeSetup.exe
2013-11-14 15:11 - 2013-10-02 14:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-14 14:43 - 2010-12-08 13:02 - 00001428 _____ C:\Users\Lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-14 14:07 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-11-14 14:05 - 2013-11-14 14:05 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 14:05 - 2013-11-14 14:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 14:05 - 2013-11-14 14:05 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-14 14:05 - 2013-11-14 14:05 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-14 14:05 - 2013-11-14 14:05 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-14 14:05 - 2013-11-14 14:05 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-14 14:05 - 2013-11-14 14:05 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-14 14:05 - 2013-11-14 14:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-14 14:05 - 2013-11-14 14:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-14 14:05 - 2013-11-14 14:05 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-14 14:05 - 2013-11-14 14:05 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-14 14:05 - 2013-11-14 14:05 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-14 14:05 - 2013-11-14 14:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-11 11:09 - 2013-11-11 11:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-02 08:43 - 2013-11-02 08:43 - 00000000 ____D C:\Users\Lynda\AppData\Local\Macromedia
2013-10-31 15:33 - 2010-07-18 20:28 - 00000000 ____D C:\ProgramData\Adobe
2013-10-31 15:32 - 2010-12-08 13:17 - 00000000 ____D C:\Users\Lynda\AppData\Roaming\Adobe
2013-10-31 14:55 - 2011-01-20 12:22 - 00000000 ____D C:\Users\Lynda\AppData\Local\Adobe
2013-10-31 14:49 - 2013-10-31 14:49 - 00000000 ____D C:\windows\system32\Macromed
2013-10-31 14:46 - 2013-10-31 14:46 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-31 14:46 - 2013-10-31 14:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-31 07:48 - 2013-10-31 07:48 - 00837768 _____ C:\windows\Minidump\103113-66206-01.dmp
2013-10-31 07:48 - 2013-10-11 14:13 - 418711680 _____ C:\windows\MEMORY.DMP
2013-10-31 07:48 - 2013-10-11 14:13 - 00000000 ____D C:\windows\Minidump
2013-10-30 16:30 - 2013-10-30 16:30 - 00975832 _____ C:\windows\Minidump\103013-62416-01.dmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-27 16:47

==================== End Of Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013 01
Ran by Lynda at 2013-11-27 18:13:41
Running from C:\Users\Lynda\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.26)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Best Buy pc app (HKCU Version: 3.1.2.0)
Best Buy pc app (Version: 3.0.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562)
CCC Help Czech (x32 Version: 2010.0315.1049.17562)
CCC Help Danish (x32 Version: 2010.0315.1049.17562)
CCC Help Dutch (x32 Version: 2010.0315.1049.17562)
CCC Help English (x32 Version: 2010.0315.1049.17562)
CCC Help Finnish (x32 Version: 2010.0315.1049.17562)
CCC Help French (x32 Version: 2010.0315.1049.17562)
CCC Help German (x32 Version: 2010.0315.1049.17562)
CCC Help Greek (x32 Version: 2010.0315.1049.17562)
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562)
CCC Help Italian (x32 Version: 2010.0315.1049.17562)
CCC Help Japanese (x32 Version: 2010.0315.1049.17562)
CCC Help Korean (x32 Version: 2010.0315.1049.17562)
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562)
CCC Help Polish (x32 Version: 2010.0315.1049.17562)
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562)
CCC Help Russian (x32 Version: 2010.0315.1049.17562)
CCC Help Spanish (x32 Version: 2010.0315.1049.17562)
CCC Help Swedish (x32 Version: 2010.0315.1049.17562)
CCC Help Thai (x32 Version: 2010.0315.1049.17562)
CCC Help Turkish (x32 Version: 2010.0315.1049.17562)
ccc-core-static (x32 Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Conexant HD Audio (Version: 4.119.0.60)
Dragon NaturallySpeaking 11 (x32 Version: 11.0.200)
Google Update Helper (x32 Version: 1.3.21.165)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.0.334.0)
HP Photosmart Plus B210 series Help (x32 Version: 140.0.54.54)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 17 (x32 Version: 6.0.170)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Online Backup (x32)
McAfee Total Protection (x32 Version: 12.8.856)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4551.1005)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Realtek WLAN Driver (x32 Version: 2.00.0011)
Spybot - Search & Destroy (x32 Version: 2.2.25)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 3.00.11)
Toshiba Book Place (x32 Version: 2.0.3977.0)
TOSHIBA Bulletin Board (Version: 1.6.06.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.06.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA eco Utility (x32 Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.03.02.00)
TOSHIBA Hardware Setup (x32 Version: 4.03.02.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.4.9)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.05.64)
TOSHIBA ReelTime (x32 Version: 1.6.05.64)
TOSHIBA Service Station (x32 Version: 2.1.45)
TOSHIBA Supervisor Password (Version: 4.03.02.00)
TOSHIBA Supervisor Password (x32 Version: 4.03.02.00)
TOSHIBA Value Added Package (Version: 1.3.2.64)
TOSHIBA Value Added Package (x32 Version: 1.3.2.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15)
ToshibaRegistration (x32 Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.0)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F72CB43-CE5B-4FC1-933A-DD59245A9B70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {24143873-EC2B-488F-98E0-99AAFED642AD} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe
Task: {37D08836-87F0-41A2-88FC-C948507CCC34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {451A505D-6E5E-4793-890A-64E4D4247ABF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {49848332-513A-41C8-88C4-3C0DA4ACD74A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5865D1F3-BED7-48C2-9A74-95F26B904EDC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-14] (Microsoft Corporation)
Task: {64703C04-7B94-44A2-AB95-BE6E142C87A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15] (Adobe Systems Incorporated)
Task: {66F5132F-532E-4F86-8B50-2FEC26879616} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {6CC3BEE2-ACD4-40A0-AF9D-2D42038BFAC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-14] (Microsoft Corporation)
Task: {7787C6EA-3151-416A-8CC0-8D007999E70D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1091982864-3088089999-2450186851-1003
Task: {83598F0A-A943-4D5A-BC30-4C67CF57B64A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1091982864-3088089999-2450186851-1001
Task: {89A5D3D3-26F2-4288-A69C-2B30E5C05476} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A142736D-435A-4730-A8E0-F3F7BF2D290E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A46E0F6D-CAFB-4C8C-BC23-F5FDC74EA0F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BA5C8404-35B6-4DF7-ACC0-A339EFF3B214} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\WSCStub.exe
Task: {E77048C0-776C-44D9-BD55-F836920D3CED} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\SymErr.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-14 15:04 - 2013-11-14 15:04 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-18 20:25 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 12:00 - 2009-10-13 12:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-27 05:01 - 2010-10-27 05:01 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-11-14 16:44 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-14 16:44 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-14 16:44 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-14 16:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-14 16:44 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71649491.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71649491.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 04:58:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: jscript9.dll, version: 11.0.9600.16428, time stamp: 0x525b806a
Exception code: 0xc0000005
Fault offset: 0x0000b198
Faulting process id: 0x1ce8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/27/2013 04:55:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16428, time stamp: 0x525b9a19
Exception code: 0xc0000005
Fault offset: 0x00289a80
Faulting process id: 0x1cec
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/27/2013 04:54:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16428, time stamp: 0x525b9a19
Exception code: 0xc0000005
Fault offset: 0x00289a80
Faulting process id: 0x126c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/27/2013 02:46:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: jscript9.dll, version: 11.0.9600.16428, time stamp: 0x525b806a
Exception code: 0xc0000005
Fault offset: 0x0000b198
Faulting process id: 0xe70
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/27/2013 02:45:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16428, time stamp: 0x525b9a19
Exception code: 0xc0000005
Fault offset: 0x00289a80
Faulting process id: 0x13d8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/27/2013 11:34:48 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (11/27/2013 11:33:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (11/27/2013 11:31:33 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b5fb7c66-ff14-45db-a072-a26bb19a8650}

Error: (11/21/2013 05:40:15 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (11/21/2013 05:38:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x0000000000054eea
Faulting process id: 0xe80
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

System errors:
=============
Error: (11/27/2013 02:36:33 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (11/27/2013 11:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (11/27/2013 11:28:45 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/27/2013 11:28:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/21/2013 05:35:30 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (11/21/2013 04:24:26 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/21/2013 03:57:36 PM) (Source: DCOM) (User: )
Description: 1084McAfee SiteAdvisor Service{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error: (11/21/2013 03:52:27 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/21/2013 02:57:04 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}

Error: (11/21/2013 02:57:04 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Microsoft Office Sessions:
=========================
Error: (11/27/2013 04:58:57 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cjscript9.dll11.0.9600.16428525b806ac00000050000b1981ce801ceebbbdb264299C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\jscript9.dll1cf42adb-57af-11e3-b268-60eb69806c8c

Error: (11/27/2013 04:55:17 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.16428525b9a19c000000500289a801cec01ceebbb4103b0beC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dll99746c2c-57ae-11e3-b268-60eb69806c8c

Error: (11/27/2013 04:54:49 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.16428525b9a19c000000500289a80126c01ceebbb273e13f7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dll88f3f79f-57ae-11e3-b268-60eb69806c8c

Error: (11/27/2013 02:46:12 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cjscript9.dll11.0.9600.16428525b806ac00000050000b198e7001ceeba93d8fe787C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\jscript9.dll9133c84f-579c-11e3-b268-60eb69806c8c

Error: (11/27/2013 02:45:29 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.16428525b9a19c000000500289a8013d801ceeb8f33c3e973C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dll77af873e-579c-11e3-b268-60eb69806c8c

Error: (11/27/2013 11:34:48 AM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (11/27/2013 11:33:39 AM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (11/27/2013 11:31:33 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b5fb7c66-ff14-45db-a072-a26bb19a8650}

Error: (11/21/2013 05:40:15 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (11/21/2013 05:38:27 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eeae8001cee709aae91d60C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dlla2e26911-52fd-11e3-9e7a-60eb69806c8c

CodeIntegrity Errors:
===================================
  Date: 2013-11-14 16:48:27.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC7CEC.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-14 16:48:27.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC7CEC.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-14 16:48:27.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC7CEC.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-14 16:48:27.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC7CEC.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 3834.9 MB
Available physical RAM: 1504.41 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5203.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI105949W0C) (Fixed) (Total:454.24 GB) (Free:403.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 4A473AB0)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 27 November 2013 - 06:32 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 tarheel3185

tarheel3185
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 November 2013 - 06:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by Lynda at 2013-11-27 18:45:59 Run:1
Running from C:\Users\Lynda\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.

==== End of Fixlog ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 27 November 2013 - 09:33 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 tarheel3185

tarheel3185
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 28 November 2013 - 08:49 AM

It now shuts down windows explorer when trying to access files.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 29 November 2013 - 11:57 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

 

See if this helps


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 05 December 2013 - 06:52 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users