Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virus - Deletes ComboFix


  • This topic is locked This topic is locked
24 replies to this topic

#1 vf2nsr

vf2nsr

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 06 December 2013 - 01:47 PM

My wifes computer started with pop up ads and 'conduit' infecting her browser.  This progressed to running very slow.  I did try to download combofix (I know... don't do that) and every time it landed on the computer the computer deleted it instantly.  I downloaded on my computer and moved it over with a USB drive and it deleted it off the thumb drive!  I ran SuperAntiSpyware and Adwcleaner and when it restarted it hung.  All attempts at reboot ended up hanging with a blank screen, even in safe mode.   I managed to do a restore back to a previous date, boot in safe mode, and run combofix.  I then ran RKill, TDSSkiller and Adw again.  I have the logs saved.

 

It APPEARS to be gone now but I think with as bad as it was I might like a pro's opinion on that.

 

Thanks

 
DDS below
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.40.2
Run by catherine at 17:55:57 on 2013-12-06
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8052.5446 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dashost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhostex.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - 
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [GoogleChromeAutoLaunch_050A26E69C7FDB6C8158D041302D6671] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
StartupFolder: C:\Users\CATHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\CATHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BODYME~1.LNK - C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: FilterAdministratorToken = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001040-0002-0040-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
TCP: NameServer = 192.168.50.1
TCP: Interfaces\{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C} : DHCPNameServer = 192.168.50.1
TCP: Interfaces\{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}\37561667569777962756C6563737D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}\7457563747E656470293 : DHCPNameServer = 8.8.8.8 4.2.2.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: FilterAdministratorToken = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\Drivers\mfehidk.sys [2012-6-22 782360]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\Drivers\mfewfpk.sys [2012-6-22 343696]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-8-26 92536]
R2 AdpeakWFP;AdpeakWFP;C:\windows\System32\Drivers\AdpeakWFP64.sys [2013-11-25 41624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1112000]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-2 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-26 7168]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-10-2 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-2 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-2 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-2 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-2 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-2 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-8-26 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-8-26 182752]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-5 1901752]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-8-26 1919336]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2013-8-26 110592]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2013-8-26 825344]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2013-8-26 55848]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-8-26 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\Drivers\mfeavfk.sys [2012-6-22 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\Drivers\mfefirek.sys [2012-6-22 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\Drivers\mfencbdc.sys [2013-9-20 390552]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-8-26 683664]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-10-3 23552]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\windows\System32\Drivers\mfeelamk.sys [2012-6-18 69344]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/08/26 11:25:13;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-5-11 200728]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
S3 AthDfu;Qualcomm Atheros Valkyrie USB BootROM;C:\windows\System32\Drivers\AthDfu.sys [2013-8-26 55448]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-8-26 33944]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-8-26 178840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\Drivers\HipShieldK.sys [2013-10-16 197704]
S3 irstrtdv;Intel® Rapid Start Technology Driver;C:\windows\System32\Drivers\irstrtdv.sys [2013-8-26 43800]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\windows\System32\Drivers\leath_hid.sys [2013-8-26 39704]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\windows\System32\Drivers\libusb0.sys [2011-5-17 44480]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-8-26 332080]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\Drivers\mfencrk.sys [2013-9-20 95984]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\Drivers\nvstusb.sys [2013-8-26 445288]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2013-2-1 178760]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\windows\System32\Drivers\qca_shb.sys [2013-8-26 99328]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-8-26 315536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-12-06 17:41:08 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-05 01:43:20 98816 ----a-w- C:\windows\sed.exe
2013-12-05 01:43:20 256000 ----a-w- C:\windows\PEV.exe
2013-12-05 01:43:20 208896 ----a-w- C:\windows\MBR.exe
2013-12-05 01:43:16 -------- d-----w- C:\cf
2013-12-05 01:03:06 -------- d-----w- C:\AdwCleaner
2013-12-01 00:23:22 -------- d-----w- C:\Program Files (x86)\ErgVideo Inc
2013-11-25 23:11:36 41624 ----a-w- C:\windows\System32\drivers\AdpeakWFP64.sys
2013-11-25 23:11:34 -------- d-----w- C:\Program Files\ScorpionSaver Services
2013-11-25 14:53:19 -------- d-----w- C:\Users\catherine\AppData\Local\Microsoft Help
2013-11-24 23:10:20 16896 ----a-w- C:\windows\System32\sasnative64.exe
2013-11-24 02:33:47 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 12:27:09 -------- d-----w- C:\Program Files (x86)\Cisco
2013-11-22 12:27:08 -------- d-----w- C:\ProgramData\Intel.sav
2013-11-22 12:25:55 -------- d-----w- C:\ProgramData\Package Cache
2013-11-22 12:25:35 -------- d-----w- C:\windows\LastGood.Tmp
2013-11-21 14:00:03 -------- d-----w- C:\Users\catherine\AppData\Roaming\eFax Messenger
2013-11-21 14:00:02 -------- d-----w- C:\ProgramData\eFax Messenger 4.4 Output
2013-11-21 13:59:47 -------- d-----w- C:\Program Files (x86)\eFax Messenger 4.4
2013-11-21 13:57:19 -------- d-----w- C:\Program Files (x86)\EpsonNet
2013-11-21 13:57:15 558592 ----a-w- C:\windows\System32\ensppmon.dll
2013-11-21 13:57:15 558592 ----a-w- C:\windows\System32\enppmon.dll
2013-11-21 13:57:15 538112 ----a-w- C:\windows\System32\ensppui.dll
2013-11-21 13:57:15 538112 ----a-w- C:\windows\System32\enppui.dll
2013-11-21 13:57:15 250880 ----a-w- C:\windows\System32\enspres.dll
2013-11-21 13:57:15 250880 ----a-w- C:\windows\System32\enpres.dll
2013-11-21 13:57:14 -------- d-----w- C:\Program Files\EpsonNet
2013-11-21 13:57:12 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2013-11-21 13:55:45 81920 ----a-w- C:\windows\System32\E_IBCBFIA.DLL
2013-11-21 13:55:45 118784 ----a-w- C:\windows\System32\E_ILMFIA.DLL
2013-11-21 13:55:41 -------- d-----w- C:\ProgramData\EPSON
2013-11-21 13:55:32 459776 ----a-w- C:\windows\System32\esxwiaud.dll
2013-11-21 13:55:32 17408 ----a-w- C:\windows\System32\esxcdev.dll
2013-11-21 13:55:32 128392 ----a-w- C:\windows\System32\esdevapp.exe
2013-11-21 13:55:28 -------- d-----w- C:\Program Files (x86)\epson
2013-11-21 13:42:07 -------- d-----w- C:\Users\catherine\AppData\Local\DriverTuner
2013-11-20 02:41:52 -------- d-----w- C:\Users\catherine\AppData\Local\ElevatedDiagnostics
2013-11-16 13:10:34 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-16 13:10:34 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-13 12:43:40 -------- d-----w- C:\dd5196704f94c07394f6198e7138
2013-11-13 11:02:12 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-11-13 11:02:12 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-11-13 11:02:11 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2013-11-13 11:02:09 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-11-13 11:02:09 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-11-13 11:02:09 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
.
==================== Find3M  ====================
.
2013-11-04 21:51:44 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys
2013-11-04 21:46:34 343696 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2013-11-04 21:46:16 182752 ----a-w- C:\windows\System32\mfevtps.exe
2013-11-04 21:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2013-11-04 21:41:22 519576 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2013-11-04 21:40:00 311120 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2013-11-04 21:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2013-11-04 21:28:52 69344 ----a-w- C:\windows\System32\drivers\mfeelamk.sys
2013-11-04 15:41:30 11264 ----a-w- C:\wajam_validate.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-09 03:12:50 2193136 ----a-w- C:\windows\System32\Netwuw01.dll
2013-10-09 03:12:46 3345376 ----a-w- C:\windows\System32\drivers\NETwew00.sys
2013-10-08 14:56:20 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 14:56:20 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-10-08 14:56:20 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll
2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-23 17:49:22 197704 ----a-w- C:\windows\System32\drivers\HipShieldK.sys
2013-09-20 13:38:30 10856 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
2013-09-20 13:38:14 95984 ----a-w- C:\windows\System32\drivers\mfencrk.sys
2013-09-20 13:37:56 390552 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
2013-09-13 22:36:37 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\windows\System32\storewuauth.dll
.
============= FINISH: 17:56:19.75 ===============
 

 

Attached Files


Edited by vf2nsr, 06 December 2013 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 11 December 2013 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516612 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 11 December 2013 - 10:11 PM

Hello vf2nsr, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 

Part of the problem with trying to run ComboFix is due to the fact that currently, it is not compatible with Windows 8.

 

The two scanners below, however are:

 

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#4 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 11 December 2013 - 11:59 PM

Thank you for the reply.  I am traveling but will be back to her computer on Saturday and will run the tests then.  Sorry for the delay, I appreciate the help.



#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 12 December 2013 - 07:07 AM

:thumbup2:


Best Regards,
oneof4.


#6 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 15 December 2013 - 10:34 PM

Here you go

 

Results of screen317's Security Check version 0.99.77  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 40  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by catherine (administrator) on CATHYLAPTOP on 15-12-2013 22:30:55
Running from C:\Users\catherine\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(BodyMedia, Inc.) C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\catherine\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [ANT Agent] - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKCU\...\Run: [eFax 4.4] - "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
HKCU\...\Run: [GoogleChromeAutoLaunch_050A26E69C7FDB6C8158D041302D6671] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll No File
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1901752 2013-07-21] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1919336 2012-08-06] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 AdpeakWFP; C:\windows\system32\Drivers\AdpeakWFP64.sys [41624 2013-09-26] (Adpeak, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
R3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-08-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-15 22:30 - 2013-12-15 22:31 - 00016021 _____ C:\Users\catherine\Downloads\FRST.txt
2013-12-15 22:30 - 2013-12-15 22:30 - 00000000 ____D C:\FRST
2013-12-15 22:29 - 2013-12-15 22:29 - 01927940 _____ (Farbar) C:\Users\catherine\Downloads\FRST64.exe
2013-12-15 22:27 - 2013-12-15 22:28 - 00891200 _____ C:\Users\catherine\Downloads\SecurityCheck.exe
2013-12-14 18:35 - 2013-12-14 18:35 - 00626156 _____ C:\Users\catherine\Downloads\activity_415731609.tcx
2013-12-12 16:08 - 2013-12-12 16:08 - 00065794 _____ C:\Users\catherine\Downloads\activity_415055446.tcx
2013-12-12 13:47 - 2013-12-12 13:47 - 00044196 _____ C:\Users\catherine\Downloads\activity_415002976.tcx
2013-12-12 08:07 - 2013-12-12 08:07 - 00432288 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 10:16 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 10:16 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 10:16 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 10:16 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-11 10:16 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 10:16 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 10:16 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 10:16 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-11 10:16 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 10:16 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 10:16 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 10:16 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 10:16 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 10:16 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 10:16 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-11 10:16 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-11 10:15 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-12-11 10:15 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 10:13 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 10:13 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 10:13 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 10:13 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 10:13 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 10:13 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 10:13 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2013-12-11 10:13 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 10:13 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 10:13 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 10:13 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2013-12-11 10:13 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 10:13 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-12-11 10:13 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-12-11 10:13 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-12-11 10:13 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-12-11 10:13 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-12-11 10:13 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-12-11 10:13 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-12-11 10:13 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-12-11 10:13 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-12-11 10:13 - 2013-10-03 17:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
2013-12-11 10:13 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-12-11 10:13 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-12-11 10:13 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-12-11 10:13 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 10:13 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-12-11 10:13 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2013-12-11 10:13 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2013-12-11 10:13 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2013-12-11 10:13 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2013-12-11 10:12 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 10:12 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-10 11:05 - 2013-12-10 11:05 - 01025311 _____ C:\Users\catherine\Downloads\activity_414326433.tcx
2013-12-08 12:40 - 2013-12-08 12:40 - 00611203 _____ C:\Users\catherine\Downloads\activity_413616120.tcx
2013-12-06 21:50 - 2013-12-06 21:50 - 00450086 _____ C:\Users\catherine\Downloads\activity_412903100 (1).tcx
2013-12-06 21:45 - 2013-12-06 21:45 - 00450086 _____ C:\Users\catherine\Downloads\activity_412903100.tcx
2013-12-06 17:56 - 2013-12-06 17:58 - 00009613 _____ C:\Users\catherine\Desktop\attach.txt
2013-12-06 17:56 - 2013-12-06 17:56 - 00024427 _____ C:\Users\catherine\Desktop\dds.txt
2013-12-06 17:55 - 2013-12-06 17:55 - 00688992 ____R (Swearware) C:\Users\catherine\Downloads\dds.com
2013-12-06 15:57 - 2013-12-06 15:57 - 00819176 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup (2).exe
2013-12-06 15:55 - 2013-12-06 15:55 - 00819176 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup (1).exe
2013-12-06 15:54 - 2013-12-06 15:54 - 00819184 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup.exe
2013-12-06 13:02 - 2013-12-06 13:03 - 00000889 _____ C:\Users\catherine\Desktop\JRT.txt
2013-12-06 12:50 - 2013-12-06 12:51 - 00001161 _____ C:\Users\catherine\Desktop\AdwCleaner[S1].txt
2013-12-06 12:48 - 2013-12-06 12:48 - 00002266 _____ C:\Users\catherine\Desktop\Rkill.txt
2013-12-06 12:48 - 2013-12-06 12:28 - 01110034 _____ C:\Users\catherine\Desktop\AdwCleaner.exe
2013-12-06 12:48 - 2013-12-06 12:28 - 01034531 _____ (Thisisu) C:\Users\catherine\Desktop\JRT.exe
2013-12-06 12:48 - 2013-12-06 12:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Desktop\tdsskiller.exe
2013-12-06 12:48 - 2013-12-06 12:27 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\catherine\Desktop\rkill.exe
2013-12-06 12:45 - 2013-12-06 12:45 - 00024565 _____ C:\Users\catherine\Desktop\ComboFix.txt
2013-12-06 12:24 - 2013-12-06 12:43 - 00000000 ____D C:\windows\erdnt
2013-12-06 12:24 - 2013-12-06 12:23 - 05153080 ____R (Swearware) C:\Users\catherine\Desktop\ComboFix.exe
2013-12-04 20:43 - 2013-12-06 12:45 - 00000000 ____D C:\Qoobox
2013-12-04 20:43 - 2013-12-06 00:06 - 00000000 ____D C:\cf
2013-12-04 20:43 - 2011-06-26 01:45 - 00256000 _____ C:\windows\PEV.exe
2013-12-04 20:43 - 2010-11-07 12:20 - 00208896 _____ C:\windows\MBR.exe
2013-12-04 20:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00098816 _____ C:\windows\sed.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00080412 _____ C:\windows\grep.exe
2013-12-04 20:43 - 2000-08-30 19:00 - 00068096 _____ C:\windows\zip.exe
2013-12-04 20:03 - 2013-12-06 12:55 - 00000000 ____D C:\AdwCleaner
2013-12-04 20:02 - 2013-12-04 20:02 - 01110034 _____ C:\Users\catherine\Downloads\AdwCleaner.exe
2013-12-04 20:02 - 2013-12-04 20:02 - 01110034 _____ C:\Users\catherine\Downloads\AdwCleaner (1).exe
2013-12-04 20:00 - 2013-12-04 20:00 - 00000000 _____ C:\Users\catherine\Sti_Trace.log
2013-12-04 19:47 - 2013-12-04 19:47 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Downloads\tdsskiller (1).exe
2013-12-04 19:47 - 2013-12-04 19:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\catherine\Downloads\iExplore.exe
2013-12-04 19:47 - 2013-12-04 19:47 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\catherine\Downloads\iExplore64.exe
2013-12-04 19:46 - 2013-12-04 19:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Downloads\tdsskiller.exe
2013-12-03 10:59 - 2013-12-03 10:59 - 00069307 _____ C:\Users\catherine\Downloads\activity_411773704.tcx
2013-12-02 13:13 - 2013-12-02 13:13 - 00874622 _____ C:\Users\catherine\Downloads\activity_411450299.tcx
2013-12-01 20:20 - 2013-12-01 20:20 - 00019559 _____ C:\Users\catherine\Documents\HunterAllenPowerTraining_1-12-2013.xml
2013-12-01 20:20 - 2013-12-01 20:20 - 00005782 _____ C:\Users\catherine\Documents\ErgVideoPlanTemplate.xslt
2013-12-01 20:12 - 2013-12-01 20:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-01 20:12 - 2013-12-01 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-01 17:10 - 2013-12-01 17:10 - 00768329 _____ C:\Users\catherine\Downloads\activity_411142770.tcx
2013-11-30 19:46 - 2013-11-30 19:46 - 00000000 ____D C:\Users\catherine\Documents\ErgVideo Data
2013-11-30 19:40 - 2013-11-30 19:41 - 13079688 _____ (Microsoft Corporation) C:\Users\catherine\Downloads\Silverlight_x64 (1).exe
2013-11-30 19:39 - 2013-11-30 19:40 - 13079688 _____ (Microsoft Corporation) C:\Users\catherine\Downloads\Silverlight_x64.exe
2013-11-30 19:23 - 2013-11-30 19:23 - 00002609 _____ C:\Users\Public\Desktop\ErgVideo 3.lnk
2013-11-30 19:23 - 2013-11-30 19:23 - 00000000 ____D C:\Program Files (x86)\ErgVideo Inc
2013-11-29 20:58 - 2013-11-29 20:58 - 00385146 _____ C:\Users\catherine\Downloads\activity_410199568.tcx
2013-11-29 20:58 - 2013-11-29 20:58 - 00200835 _____ C:\Users\catherine\Downloads\activity_410199570.tcx
2013-11-26 22:07 - 2013-11-26 22:07 - 00411944 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfencbdc.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00096112 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfencrk.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00010856 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeclnrk.sys
2013-11-26 10:39 - 2013-11-26 10:39 - 00308913 _____ C:\Users\catherine\Downloads\activity_409036252.tcx
2013-11-25 18:11 - 2013-12-06 15:44 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-25 18:11 - 2013-09-26 09:50 - 00041624 _____ (Adpeak, Inc.) C:\windows\system32\Drivers\AdpeakWFP64.sys
2013-11-25 09:53 - 2013-11-25 09:53 - 00000000 ____D C:\Users\catherine\AppData\Local\Microsoft Help
2013-11-24 18:10 - 2012-07-25 12:03 - 00016896 _____ C:\windows\system32\sasnative64.exe
2013-11-24 12:18 - 2013-11-24 12:18 - 00703701 _____ C:\Users\catherine\Downloads\activity_408270208.tcx
2013-11-23 21:00 - 2013-11-23 21:00 - 00000000 ____D C:\Users\catherine\AppData\Roaming\Epson
2013-11-22 12:09 - 2013-11-22 12:09 - 00044792 _____ C:\Users\catherine\Downloads\activity_407356277.tcx
2013-11-22 12:07 - 2013-11-22 12:07 - 01645652 _____ C:\Users\catherine\Downloads\activity_407356268.tcx
2013-11-22 07:27 - 2013-11-22 07:27 - 00000000 ____D C:\ProgramData\Intel.sav
2013-11-22 07:27 - 2013-11-22 07:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-22 07:25 - 2013-11-22 07:25 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-21 10:17 - 2013-11-26 09:31 - 00005002 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CATHYLAPTOP-catherine CathyLaptop
2013-11-21 09:50 - 2013-12-15 16:53 - 00000000 ____D C:\Users\catherine\Desktop\MEANA
2013-11-21 09:00 - 2013-11-21 09:00 - 00001001 _____ C:\Users\catherine\Desktop\eFax Compose Fax 4.4.lnk
2013-11-21 09:00 - 2013-11-21 09:00 - 00000994 _____ C:\Users\catherine\Desktop\eFax Messenger 4.4.lnk
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\Users\catherine\Documents\eFax Messenger 4.4
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\Users\catherine\AppData\Roaming\eFax Messenger
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\ProgramData\eFax Messenger 4.4 Output
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 _____ C:\windows\system32\eFax_4_4_Port
2013-11-21 08:59 - 2013-11-21 09:00 - 00000000 ____D C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
2013-11-21 08:59 - 2013-11-21 09:00 - 00000000 ____D C:\Program Files (x86)\eFax Messenger 4.4
2013-11-21 08:57 - 2013-11-21 08:57 - 00000000 ____D C:\Program Files\EpsonNet
2013-11-21 08:57 - 2013-11-21 08:57 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2013-11-21 08:57 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\ensppui.dll
2013-11-21 08:57 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\enppui.dll
2013-11-21 08:57 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\ensppmon.dll
2013-11-21 08:57 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\enppmon.dll
2013-11-21 08:57 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\enspres.dll
2013-11-21 08:57 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\enpres.dll
2013-11-21 08:56 - 2013-11-21 09:08 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-11-21 08:56 - 2013-11-21 08:56 - 05635416 _____ (j2 Global) C:\Users\catherine\Downloads\msgrplus.exe
2013-11-21 08:56 - 2013-11-21 08:56 - 00000000 ____D C:\Users\catherine\AppData\Roaming\InstallShield
2013-11-21 08:56 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-11-21 08:56 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicMgr.dll
2013-11-21 08:56 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-11-21 08:56 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-11-21 08:56 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-11-21 08:56 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-11-21 08:56 - 2004-03-03 06:10 - 00073220 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00029114 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00021021 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00015670 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00013280 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00012669 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00010673 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00006478 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00006478 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00006366 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00006366 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00006226 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-11-21 08:56 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001140 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001140 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001137 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001130 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001130 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-11-21 08:56 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-11-21 08:55 - 2013-11-21 09:08 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-11-21 08:55 - 2013-11-21 08:58 - 00000000 ____D C:\ProgramData\EPSON
2013-11-21 08:55 - 2013-11-21 08:56 - 00000000 ____D C:\Program Files (x86)\epson
2013-11-21 08:55 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\windows\system32\esdevapp.exe
2013-11-21 08:55 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\windows\system32\esxcdev.dll
2013-11-21 08:55 - 2008-11-17 00:00 - 00459776 _____ (Seiko Epson Corporation) C:\windows\system32\esxwiaud.dll
2013-11-21 08:55 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_ILMFIA.DLL
2013-11-21 08:55 - 2008-11-12 03:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_IBCBFIA.DLL
2013-11-21 08:50 - 2013-11-21 08:50 - 04828712 _____ (j2 Global) C:\Users\catherine\Downloads\messenger.exe
2013-11-21 08:46 - 2013-11-21 08:51 - 58296160 _____ C:\Users\catherine\Downloads\epson14993.exe
2013-11-21 08:42 - 2013-11-21 08:42 - 00000000 ____D C:\Users\catherine\AppData\Local\DriverTuner
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup.exe
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup (2).exe
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup (1).exe
2013-11-20 16:41 - 2013-11-20 16:41 - 00052343 _____ C:\Users\catherine\Downloads\activity_406805162.tcx
2013-11-19 21:20 - 2013-11-19 21:20 - 00614974 _____ C:\Users\catherine\Downloads\activity_406517732.tcx
2013-11-16 19:40 - 2013-11-16 19:40 - 00298318 _____ C:\Users\catherine\Downloads\activity_405065243.tcx
2013-11-16 08:10 - 2013-12-03 19:53 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 08:10 - 2013-12-03 19:53 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 12:40 - 2013-11-15 12:40 - 00057598 _____ C:\Users\catherine\Downloads\activity_404485405.tcx
2013-11-15 09:35 - 2013-11-15 09:35 - 02036034 _____ C:\Users\catherine\Downloads\activity_404428892.tcx
 
==================== One Month Modified Files and Folders =======
 
2013-12-15 22:31 - 2013-12-15 22:30 - 00016021 _____ C:\Users\catherine\Downloads\FRST.txt
2013-12-15 22:30 - 2013-12-15 22:30 - 00000000 ____D C:\FRST
2013-12-15 22:29 - 2013-12-15 22:29 - 01927940 _____ (Farbar) C:\Users\catherine\Downloads\FRST64.exe
2013-12-15 22:28 - 2013-12-15 22:27 - 00891200 _____ C:\Users\catherine\Downloads\SecurityCheck.exe
2013-12-15 22:20 - 2013-10-05 09:46 - 00000000 ____D C:\Users\catherine\Documents\Outlook Files
2013-12-15 22:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2013-12-15 21:44 - 2013-10-03 12:28 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 21:18 - 2013-08-26 10:56 - 02055688 _____ C:\windows\WindowsUpdate.log
2013-12-15 21:03 - 2013-10-02 19:02 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3584995819-2023165019-3708163970-1002
2013-12-15 21:02 - 2012-07-26 02:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-15 20:59 - 2013-10-03 12:28 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 20:59 - 2013-08-26 11:32 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-12-15 20:58 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-15 20:57 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-12-15 16:53 - 2013-11-21 09:50 - 00000000 ____D C:\Users\catherine\Desktop\MEANA
2013-12-15 16:35 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-12-15 11:19 - 2013-08-26 12:51 - 00057490 _____ C:\windows\PFRO.log
2013-12-15 11:19 - 2013-08-26 11:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-14 19:47 - 2013-10-20 09:43 - 00000464 _____ C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Mercy Employee Portal  Mercy Hospital.website
2013-12-14 18:46 - 2013-10-02 18:54 - 00000000 ____D C:\Users\catherine
2013-12-14 18:35 - 2013-12-14 18:35 - 00626156 _____ C:\Users\catherine\Downloads\activity_415731609.tcx
2013-12-12 16:08 - 2013-12-12 16:08 - 00065794 _____ C:\Users\catherine\Downloads\activity_415055446.tcx
2013-12-12 13:47 - 2013-12-12 13:47 - 00044196 _____ C:\Users\catherine\Downloads\activity_415002976.tcx
2013-12-12 08:33 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2013-12-12 08:07 - 2013-12-12 08:07 - 00432288 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-12 08:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2013-12-12 03:02 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\oobe
2013-12-11 10:14 - 2013-08-26 11:39 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-12-10 11:05 - 2013-12-10 11:05 - 01025311 _____ C:\Users\catherine\Downloads\activity_414326433.tcx
2013-12-09 21:13 - 2013-10-03 12:29 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-09 20:29 - 2013-10-03 05:47 - 00000000 ____D C:\Users\catherine\AppData\Local\softthinks
2013-12-08 21:50 - 2013-10-02 18:54 - 00000000 ____D C:\Users\catherine\AppData\Local\Packages
2013-12-08 12:40 - 2013-12-08 12:40 - 00611203 _____ C:\Users\catherine\Downloads\activity_413616120.tcx
2013-12-06 21:50 - 2013-12-06 21:50 - 00450086 _____ C:\Users\catherine\Downloads\activity_412903100 (1).tcx
2013-12-06 21:45 - 2013-12-06 21:45 - 00450086 _____ C:\Users\catherine\Downloads\activity_412903100.tcx
2013-12-06 17:58 - 2013-12-06 17:56 - 00009613 _____ C:\Users\catherine\Desktop\attach.txt
2013-12-06 17:56 - 2013-12-06 17:56 - 00024427 _____ C:\Users\catherine\Desktop\dds.txt
2013-12-06 17:55 - 2013-12-06 17:55 - 00688992 ____R (Swearware) C:\Users\catherine\Downloads\dds.com
2013-12-06 15:57 - 2013-12-06 15:57 - 00819176 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup (2).exe
2013-12-06 15:55 - 2013-12-06 15:55 - 00819176 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup (1).exe
2013-12-06 15:54 - 2013-12-06 15:54 - 00819184 _____ (Google Inc.) C:\Users\catherine\Downloads\ChromeSetup.exe
2013-12-06 15:44 - 2013-11-25 18:11 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-06 13:03 - 2013-12-06 13:02 - 00000889 _____ C:\Users\catherine\Desktop\JRT.txt
2013-12-06 12:55 - 2013-12-04 20:03 - 00000000 ____D C:\AdwCleaner
2013-12-06 12:51 - 2013-12-06 12:50 - 00001161 _____ C:\Users\catherine\Desktop\AdwCleaner[S1].txt
2013-12-06 12:48 - 2013-12-06 12:48 - 00002266 _____ C:\Users\catherine\Desktop\Rkill.txt
2013-12-06 12:45 - 2013-12-06 12:45 - 00024565 _____ C:\Users\catherine\Desktop\ComboFix.txt
2013-12-06 12:45 - 2013-12-04 20:43 - 00000000 ____D C:\Qoobox
2013-12-06 12:43 - 2013-12-06 12:24 - 00000000 ____D C:\windows\erdnt
2013-12-06 12:40 - 2012-07-26 00:26 - 00000215 _____ C:\windows\system.ini
2013-12-06 12:38 - 2012-07-26 00:26 - 81264640 _____ C:\windows\system32\config\software.bak
2013-12-06 12:38 - 2012-07-26 00:26 - 14417920 _____ C:\windows\system32\config\system.bak
2013-12-06 12:38 - 2012-07-26 00:26 - 00786432 _____ C:\windows\system32\config\default.bak
2013-12-06 12:38 - 2012-07-26 00:26 - 00262144 _____ C:\windows\system32\config\security.bak
2013-12-06 12:38 - 2012-07-26 00:26 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-12-06 12:28 - 2013-12-06 12:48 - 01110034 _____ C:\Users\catherine\Desktop\AdwCleaner.exe
2013-12-06 12:28 - 2013-12-06 12:48 - 01034531 _____ (Thisisu) C:\Users\catherine\Desktop\JRT.exe
2013-12-06 12:27 - 2013-12-06 12:48 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Desktop\tdsskiller.exe
2013-12-06 12:27 - 2013-12-06 12:48 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\catherine\Desktop\rkill.exe
2013-12-06 12:23 - 2013-12-06 12:24 - 05153080 ____R (Swearware) C:\Users\catherine\Desktop\ComboFix.exe
2013-12-06 00:07 - 2012-07-26 03:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-06 00:06 - 2013-12-04 20:43 - 00000000 ____D C:\cf
2013-12-06 00:06 - 2012-07-26 03:12 - 00000000 ____D C:\windows\registration
2013-12-06 00:05 - 2012-07-26 00:37 - 00000000 __RHD C:\Users\Default
2013-12-05 21:09 - 2013-08-26 10:55 - 00000000 ____D C:\windows\SysWOW64\NV
2013-12-05 21:09 - 2013-08-26 10:55 - 00000000 ____D C:\windows\system32\NV
2013-12-05 02:01 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-04 20:25 - 2012-07-26 02:21 - 00022720 _____ C:\windows\setupact.log
2013-12-04 20:05 - 2013-10-02 18:55 - 00000000 ___RD C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 20:02 - 2013-12-04 20:02 - 01110034 _____ C:\Users\catherine\Downloads\AdwCleaner.exe
2013-12-04 20:02 - 2013-12-04 20:02 - 01110034 _____ C:\Users\catherine\Downloads\AdwCleaner (1).exe
2013-12-04 20:00 - 2013-12-04 20:00 - 00000000 _____ C:\Users\catherine\Sti_Trace.log
2013-12-04 19:47 - 2013-12-04 19:47 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Downloads\tdsskiller (1).exe
2013-12-04 19:47 - 2013-12-04 19:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\catherine\Downloads\iExplore.exe
2013-12-04 19:47 - 2013-12-04 19:47 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\catherine\Downloads\iExplore64.exe
2013-12-04 19:46 - 2013-12-04 19:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\catherine\Downloads\tdsskiller.exe
2013-12-03 23:17 - 2012-07-26 03:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-12-03 19:53 - 2013-11-16 08:10 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:53 - 2013-11-16 08:10 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 10:59 - 2013-12-03 10:59 - 00069307 _____ C:\Users\catherine\Downloads\activity_411773704.tcx
2013-12-02 13:13 - 2013-12-02 13:13 - 00874622 _____ C:\Users\catherine\Downloads\activity_411450299.tcx
2013-12-01 20:20 - 2013-12-01 20:20 - 00019559 _____ C:\Users\catherine\Documents\HunterAllenPowerTraining_1-12-2013.xml
2013-12-01 20:20 - 2013-12-01 20:20 - 00005782 _____ C:\Users\catherine\Documents\ErgVideoPlanTemplate.xslt
2013-12-01 20:12 - 2013-12-01 20:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-01 20:12 - 2013-12-01 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-01 17:10 - 2013-12-01 17:10 - 00768329 _____ C:\Users\catherine\Downloads\activity_411142770.tcx
2013-12-01 15:39 - 2013-10-03 12:28 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-01 15:39 - 2013-10-03 12:28 - 00003672 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 19:46 - 2013-11-30 19:46 - 00000000 ____D C:\Users\catherine\Documents\ErgVideo Data
2013-11-30 19:41 - 2013-11-30 19:40 - 13079688 _____ (Microsoft Corporation) C:\Users\catherine\Downloads\Silverlight_x64 (1).exe
2013-11-30 19:40 - 2013-11-30 19:39 - 13079688 _____ (Microsoft Corporation) C:\Users\catherine\Downloads\Silverlight_x64.exe
2013-11-30 19:23 - 2013-11-30 19:23 - 00002609 _____ C:\Users\Public\Desktop\ErgVideo 3.lnk
2013-11-30 19:23 - 2013-11-30 19:23 - 00000000 ____D C:\Program Files (x86)\ErgVideo Inc
2013-11-29 20:58 - 2013-11-29 20:58 - 00385146 _____ C:\Users\catherine\Downloads\activity_410199568.tcx
2013-11-29 20:58 - 2013-11-29 20:58 - 00200835 _____ C:\Users\catherine\Downloads\activity_410199570.tcx
2013-11-26 22:07 - 2013-11-26 22:07 - 00411944 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfencbdc.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00096112 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfencrk.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00010856 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeclnrk.sys
2013-11-26 10:39 - 2013-11-26 10:39 - 00308913 _____ C:\Users\catherine\Downloads\activity_409036252.tcx
2013-11-26 09:31 - 2013-11-21 10:17 - 00005002 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CATHYLAPTOP-catherine CathyLaptop
2013-11-25 09:53 - 2013-11-25 09:53 - 00000000 ____D C:\Users\catherine\AppData\Local\Microsoft Help
2013-11-24 12:18 - 2013-11-24 12:18 - 00703701 _____ C:\Users\catherine\Downloads\activity_408270208.tcx
2013-11-23 21:00 - 2013-11-23 21:00 - 00000000 ____D C:\Users\catherine\AppData\Roaming\Epson
2013-11-23 01:43 - 2013-12-11 10:13 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-23 00:05 - 2013-12-11 10:13 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-22 12:09 - 2013-11-22 12:09 - 00044792 _____ C:\Users\catherine\Downloads\activity_407356277.tcx
2013-11-22 12:07 - 2013-11-22 12:07 - 01645652 _____ C:\Users\catherine\Downloads\activity_407356268.tcx
2013-11-22 07:28 - 2013-08-26 11:01 - 00000000 ____D C:\ProgramData\Intel
2013-11-22 07:27 - 2013-11-22 07:27 - 00000000 ____D C:\ProgramData\Intel.sav
2013-11-22 07:27 - 2013-11-22 07:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-22 07:27 - 2013-08-26 11:01 - 00000000 ____D C:\Program Files\Intel
2013-11-22 07:27 - 2013-08-26 11:01 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-22 07:27 - 2013-08-26 11:01 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-22 07:25 - 2013-11-22 07:25 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-22 07:25 - 2013-08-26 12:53 - 00000000 ____D C:\Intel
2013-11-21 09:08 - 2013-11-21 08:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-11-21 09:08 - 2013-11-21 08:55 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-11-21 09:00 - 2013-11-21 09:00 - 00001001 _____ C:\Users\catherine\Desktop\eFax Compose Fax 4.4.lnk
2013-11-21 09:00 - 2013-11-21 09:00 - 00000994 _____ C:\Users\catherine\Desktop\eFax Messenger 4.4.lnk
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\Users\catherine\Documents\eFax Messenger 4.4
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\Users\catherine\AppData\Roaming\eFax Messenger
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 ____D C:\ProgramData\eFax Messenger 4.4 Output
2013-11-21 09:00 - 2013-11-21 09:00 - 00000000 _____ C:\windows\system32\eFax_4_4_Port
2013-11-21 09:00 - 2013-11-21 08:59 - 00000000 ____D C:\Users\catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
2013-11-21 09:00 - 2013-11-21 08:59 - 00000000 ____D C:\Program Files (x86)\eFax Messenger 4.4
2013-11-21 08:58 - 2013-11-21 08:55 - 00000000 ____D C:\ProgramData\EPSON
2013-11-21 08:57 - 2013-11-21 08:57 - 00000000 ____D C:\Program Files\EpsonNet
2013-11-21 08:57 - 2013-11-21 08:57 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2013-11-21 08:57 - 2013-08-26 11:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-21 08:56 - 2013-11-21 08:56 - 05635416 _____ (j2 Global) C:\Users\catherine\Downloads\msgrplus.exe
2013-11-21 08:56 - 2013-11-21 08:56 - 00000000 ____D C:\Users\catherine\AppData\Roaming\InstallShield
2013-11-21 08:56 - 2013-11-21 08:55 - 00000000 ____D C:\Program Files (x86)\epson
2013-11-21 08:51 - 2013-11-21 08:46 - 58296160 _____ C:\Users\catherine\Downloads\epson14993.exe
2013-11-21 08:50 - 2013-11-21 08:50 - 04828712 _____ (j2 Global) C:\Users\catherine\Downloads\messenger.exe
2013-11-21 08:42 - 2013-11-21 08:42 - 00000000 ____D C:\Users\catherine\AppData\Local\DriverTuner
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup.exe
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup (2).exe
2013-11-21 08:41 - 2013-11-21 08:41 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\catherine\Downloads\setup (1).exe
2013-11-20 16:41 - 2013-11-20 16:41 - 00052343 _____ C:\Users\catherine\Downloads\activity_406805162.tcx
2013-11-19 21:20 - 2013-11-19 21:20 - 00614974 _____ C:\Users\catherine\Downloads\activity_406517732.tcx
2013-11-17 10:12 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-16 19:40 - 2013-11-16 19:40 - 00298318 _____ C:\Users\catherine\Downloads\activity_405065243.tcx
2013-11-16 08:05 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2013-11-16 08:05 - 2012-07-26 03:12 - 00000000 ____D C:\windows\WinStore
2013-11-15 12:40 - 2013-11-15 12:40 - 00057598 _____ C:\Users\catherine\Downloads\activity_404485405.tcx
2013-11-15 09:35 - 2013-11-15 09:35 - 02036034 _____ C:\Users\catherine\Downloads\activity_404428892.tcx
 
Some content of TEMP:
====================
C:\Users\catherine\AppData\Local\Temp\d2xx-win32.dll
C:\Users\catherine\AppData\Local\Temp\jna1977068823789273242.dll
C:\Users\catherine\AppData\Local\Temp\jna2059391209884899870.dll
C:\Users\catherine\AppData\Local\Temp\jna3221808322169605908.dll
C:\Users\catherine\AppData\Local\Temp\jna37675222683749636.dll
C:\Users\catherine\AppData\Local\Temp\jna5858224766479848775.dll
C:\Users\catherine\AppData\Local\Temp\jna6997664292520222310.dll
C:\Users\catherine\AppData\Local\Temp\jna8227132699269913704.dll
C:\Users\catherine\AppData\Local\Temp\jna930305827339131276.dll
C:\Users\catherine\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-08 12:56
 
==================== End Of Log ============================
 
 
 
And the Addition.txt
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02
Ran by catherine at 2013-12-15 22:32:03
Running from C:\Users\catherine\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
20 Week Performance Improvement Guarantee (x32 Version: November 4, 2008)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
BodyMedia SYNC (x32 Version: 2.3.1.102)
Bonjour (Version: 3.0.0.10)
CompuTrainer Coaching Software 1.6 (x32)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904)
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.1)
Dell Backup and Recovery (x32 Version: 1.0.0.1)
Dell Support Center (Version: 3.2.6032.39)
Dell Touchpad (Version: 8.1200.101.209)
DSC/AA Factory Installer (Version: 3.2.6032.39)
eFax Messenger (x32 Version: 4.4.2.533)
Epson Event Manager (x32 Version: 2.30.01)
EPSON NX510 Series Printer Uninstall
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup (x32 Version: 3.1c)
ErgVideo 3 (x32 Version: 3.0.4)
Garmin ANT Agent (Version: 2.3.4)
Garmin Communicator Plugin (x32 Version: 4.1.0)
Garmin Communicator Plugin x64 (Version: 4.1.0)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
IDT Audio (x32 Version: 1.0.6418.0)
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel® Processor Graphics (x32 Version: 9.17.10.2849)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.0.0344)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.5.0.0248)
Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
iTunes (Version: 11.1.1.11)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
McAfee SecurityCenter (x32 Version: 12.8.903)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4535.1004)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Localization Component (Version: 15.0.4535.1004)
Photo Gallery (x32 Version: 16.4.3505.0912)
PowerAgent 7.5.8.43
Quickset64 (Version: 11.1.32)
QuickShare (x32 Version: 10.169.60.13223)
RacerMateOne 4.0.2 (Remove Only) (x32 Version: 4.0.2)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
Shared C Run-time for x64 (Version: 10.0.0)
TrainingPeaks Device Agent (x32 Version: 3.0.88.1)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (Version: 04/11/2012 1.2.40.201)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (Version: 07/12/2013 2.08.30)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (Version: 07/12/2013 2.08.30)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (Version: 02/06/2007 3.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
 
==================== Restore Points  =========================
 
30-11-2013 02:23:06 Scheduled Checkpoint
05-12-2013 01:43:32 ComboFix created restore point
11-12-2013 01:56:33 Windows Update
 
==================== Hosts content: ==========================
 
2012-07-26 00:26 - 2013-12-06 12:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {115A30F5-9629-4E2E-993E-F2EF77734558} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {12D517C7-85A8-4DB5-AA11-0689DF8A453C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-06] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {228ED683-0AB6-413C-9D35-9752B8D0CF53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {23EE0779-602C-4969-BB56-825A34A62B0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2BA81823-BD9F-4FE7-9CF7-9E66EB49A9C8} - \RegClean Pro_DEFAULT No Task File
Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {32900CCC-ACA8-41B8-B07C-62A99C6C138C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3584995819-2023165019-3708163970-500 => Rundll32.exe portabledeviceapi.dll,#1
Task: {33A781C1-C715-4684-8193-CE0E168AE5E7} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {433D903F-EB56-4276-8285-D2F0B7D1A219} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {5F0D831A-7793-417B-8D3E-4C6A5411F0B0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-07-21] (Microsoft Corporation)
Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {6885774C-D971-4FBF-BCF4-63D805920CBF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {6B8E9B50-1A09-4413-AA3F-780D2496B075} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3584995819-2023165019-3708163970-1002 => Rundll32.exe portabledeviceapi.dll,#1
Task: {9141B314-A711-4A1D-AF1F-467E6C0F16E6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB21160D-3AF1-4701-AF01-F682E2C39315} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CATHYLAPTOP-catherine CathyLaptop => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-10-06] (Microsoft Corporation)
Task: {BE58C93C-552B-409A-AA7E-CE192E103754} - \RegClean Pro_UPDATES No Task File
Task: {C1D2D296-232D-42EF-80CB-1D1EDA50CA31} - \RegClean Pro No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EA82D6A2-F338-4FF1-90D1-BC6A38D1A4FB} - \Advanced System Protector_startup No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4DDCF5D-1D9E-400A-B41F-9DB91F8599F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {F64ED41B-18B4-4F36-959D-0F00EC7E1136} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {FD567627-4AFF-4E15-B145-F140B8F64ED7} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-03 06:10 - 2013-10-03 06:10 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-08-26 13:36 - 2012-07-30 09:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-06 05:09 - 2013-10-06 05:09 - 00393384 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2013-10-06 05:09 - 2013-10-06 05:09 - 00520872 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r64.dll
2013-10-05 09:38 - 2013-07-15 02:14 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-10-05 09:38 - 2013-07-21 23:25 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/15/2013 08:59:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: ANT Agent.exe, version: 2.3.4.0, time stamp: 0x511ec340
Faulting module name: ANT Agent.exe, version: 2.3.4.0, time stamp: 0x511ec340
Exception code: 0xc0000417
Fault offset: 0x0002a427
Faulting process id: 0x1ab4
Faulting application start time: 0xANT Agent.exe0
Faulting application path: ANT Agent.exe1
Faulting module path: ANT Agent.exe2
Report Id: ANT Agent.exe3
Faulting package full name: ANT Agent.exe4
Faulting package-relative application ID: ANT Agent.exe5
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/15/2013 11:05:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x2660
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3672
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3672
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/15/2013 08:32:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2453
 
Error: (12/15/2013 08:32:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2453
 
 
System errors:
=============
Error: (12/15/2013 09:48:03 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (12/15/2013 09:47:34 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (12/15/2013 09:44:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (12/15/2013 09:25:17 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 04:19:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 00:53:10 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 00:41:14 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 00:29:15 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 00:17:20 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
Error: (12/15/2013 00:05:26 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KEVIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0D3DE19-2094-40BF-AA3B-D0EFF0C29A8C}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (12/15/2013 08:59:31 PM) (Source: Application Error)(User: )
Description: ANT Agent.exe2.3.4.0511ec340ANT Agent.exe2.3.4.0511ec340c00004170002a4271ab401cefa026124d815C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exeC:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exeb3d287da-65f5-11e3-be87-606c669e1b77
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (12/15/2013 05:38:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/15/2013 11:05:00 AM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.68714fee5fd540000015000000000004267f266001cef9af67e9c8b3C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dlla5d880fe-65a2-11e3-be85-606c669e1b77
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3672
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3672
 
Error: (12/15/2013 08:32:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/15/2013 08:32:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2453
 
Error: (12/15/2013 08:32:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2453
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-15 22:30:21.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:21.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:21.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:21.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:14.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:14.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:14.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:14.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:11.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-15 22:30:11.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 8052 MB
Available physical RAM: 5499.74 MB
Total Pagefile: 9268 MB
Available Pagefile: 6710.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.07 GB) (Free:869.82 GB) NTFS
Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.3 GB) NTFS
Drive e: (84) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
Drive y: (PBR Image) (Fixed) (Total:7.83 GB) (Free:0.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8EF5668B)
 
Partition: GPT Partition Type
==================== End Of Log ============================
 


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 16 December 2013 - 08:11 PM

Hey :)

 

First off, you may want to move FRST64.exe out of the "Downloads" folder and onto your "Desktop."

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

=================================

 

Next, we need to remove a program from your computer:

 

  1. Right-click in the screen’s bottom-left corner and choose the Control Panel from the pop-up menu.

  2. When the Control Panel appears, choose Uninstall a Program from the Programs category.

    The Uninstall or Change a Program window appears, listing your currently installed programs, their publisher, size, installation date, and version number.

     

  3. Click on ScorpionSaver and then on ScorpionSaver Services, then click its Uninstall button.

 

Also, update me on how your system is performing after running the fix and removing ScorpionSaver.

 

Attached Files


Edited by oneof4, 17 December 2013 - 10:35 AM.

Best Regards,
oneof4.


#8 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 December 2013 - 08:06 AM

It gave me the error "It looks like you don't know what to do, tool will close"



#9 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 December 2013 - 08:11 AM

Scorpion saver got deleted first - oops



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 18 December 2013 - 12:18 PM

No problem deleting ScorpionSaver first.  As far as that error message; did you move FRST64.exe from your downloads folder to the Desktop as I instructed?  If not, please do that and try to run the FRST fix again.


Best Regards,
oneof4.


#11 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 December 2013 - 12:28 PM

Yes I did.  they are both on the desktop.  I tried re-downloading FRST64 as well.  The text file references Scorpion so I was not sure if that was a problem.



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 18 December 2013 - 12:36 PM

Okay let's try a "revised" fixlist...replace the one you have with this one.

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Best Regards,
oneof4.


#13 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 December 2013 - 04:10 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2013 04
Ran by catherine at 2013-12-18 16:08:56 Run:1
Running from C:\Users\catherine\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll No File
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
2013-11-25 18:11 - 2013-12-06 15:44 - 00000000 ____D C:\Program Files\ScorpionSaver Services 
C:\Users\catherine\AppData\Local\Temp\d2xx-win32.dll
C:\Users\catherine\AppData\Local\Temp\jna1977068823789273242.dll
C:\Users\catherine\AppData\Local\Temp\jna2059391209884899870.dll
C:\Users\catherine\AppData\Local\Temp\jna3221808322169605908.dll
C:\Users\catherine\AppData\Local\Temp\jna37675222683749636.dll
C:\Users\catherine\AppData\Local\Temp\jna5858224766479848775.dll
C:\Users\catherine\AppData\Local\Temp\jna6997664292520222310.dll
C:\Users\catherine\AppData\Local\Temp\jna8227132699269913704.dll
C:\Users\catherine\AppData\Local\Temp\jna930305827339131276.dll
C:\Users\catherine\AppData\Local\Temp\Quarantine.exe
 
 
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
"C:\Program Files\ScorpionSaver Services" => File/Directory not found.
C:\Users\catherine\AppData\Local\Temp\d2xx-win32.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna1977068823789273242.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna2059391209884899870.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna3221808322169605908.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna37675222683749636.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna5858224766479848775.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna6997664292520222310.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna8227132699269913704.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\jna930305827339131276.dll => Moved successfully.
C:\Users\catherine\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====


#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:34 AM

Posted 18 December 2013 - 04:26 PM

Okay, now open Chrome, go to Settings (upper left corner) > Tools > Extensions, "Disable" anything to do with Conduit Search.

 

Just to be sure that ScorpionSaver is completely eradicated, run the following:

 

===================================================

Microsoft Fixit 9779673 - Program Install and Uninstall Troubleshooter

--------------------

  • Download Microsoft Fixit 9779673 and save it to your desktop
  • Double click the icon and select Run
  • Click Accept
  • Click Detect problems and apply the fixes for me (Recommended)
  • Click Uninstalling
  • If listed, select Scorpion Saver, then Next
  • Click Yes, try uninstall
  • Check to see if the issue says Fixed
  • Click Next (post whether or not the issue is indicated as fixed)
  • Click the red X to close the pop up screen
  • Reboot your computer and check to see if the issue is resolved

===================================================

 

Please update me on how your system is doing afterward.


Best Regards,
oneof4.


#15 vf2nsr

vf2nsr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 December 2013 - 05:40 PM

Scorpion Saver was not listed so it appears to be gone.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users