Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

# Laptop infected with GoSave and likely more - nothing seems to help.

20 replies to this topic

### #1 sarahliz82

sarahliz82

• Members
• 24 posts
• OFFLINE
•
• Gender:Female
• Location:Alabama
• Local time:08:05 AM

Posted 28 October 2014 - 09:19 PM

Hello,

I'm a new member to BleepingComputer but have used the advice on the website multiple times over the years.

I have a Dell Laptop running Windows XP Home - it's my backup computer since my desktop bit the dust.

I know for certain that it is infected with GoSave and have tried in both regular and safe mode the following:

rKill

FixNCR

malwarebytes

superantispyware

tdsskiller

These are my go to options.  All report clean bills of health, except for some tracking cookies.

I have also, after reading other posts on GoSave (although I don't know anything about how to read log files, or what they mean) have tried:

FRST

JRT

HitmanPro

As a last resort of my own research I tried SpyHunter.

SpyHunter found tons of stuff all of which looked completely legit - TornTV (dumb install, I know) and multiple adwares.  However, they wanted $40 to remove it so I uninstalled. I would very much appreciate any help I can get. I'm usually able to fix things, but this has me at my wit's end. Thanks in advance, Sarah ### BC AdBot (Login to Remove) ### #2 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 01 November 2014 - 07:02 AM Hello sarahliz82, my name is Jo and I will help you with your computer problems. Please follow these guidelines: • Logs can take a while to research, so please be patient. • Read and follow the instructions in the sequence they are posted. • print or copy & save instructions. • back up all your private data / important files on another (external) drive before using our tools. • Do not install / uninstall any applications, unless otherwise instructed. • Use only that tools you have been instructed to use. • Copy and Paste the log files inside your post, unless otherwise instructed. • Ask for clarification, if you have any questions. • Stay with this topic til you get the all clean post. • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. *** 1. Download Security Check by screen317 from here or here. • Save it to your Desktop. • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Vista / Windows 7/8 users right-click and select Run As Administrator. • A Notepad document should open automatically called checkup.txt; please post the contents of that document. *** 2. Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File). • When the tool opens, click Yes to disclaimer. • Press the Scan button. • When finished, it will produce a log called FRST.txt in the same directory the tool was run from. • Please copy and paste the log in your next reply. Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply. *** Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #3 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 01 November 2014 - 03:33 PM Hello Jo, Thank you for your assistance. I have family in Germany, but tragically do not speak the language. Here is the information you requested: 1. From checkup.txt Results of screen317's Security Check version 0.99.89 Windows XP Service Pack 3 x86 Internet Explorer 8 Antivirus/Firewall Check: Windows Firewall Enabled! Anti-malware/Other Utilities Check: SUPERAntiSpyware McAfee SiteAdvisor Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (33.0) Google Chrome 37.0.2062.103 Google Chrome 37.0.2062.120 Process Check: objlist.exe by Laurent System Health check Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!) End of Log 2. from FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014 Ran by Sarah Beth (administrator) on SARAH on 01-11-2014 15:26:10 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Dropbox, Inc.) C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Cisco Systems, Inc) C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe () C:\Program Files\Common Files\AOL\1210693269\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-03-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-12-10] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-12-11] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2008-03-19] (SigmaTel, Inc.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( ) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1210693269\ee\AOLSoftware.exe [48280 2006-03-10] (America Online, Inc.) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online) HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-12] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre7\bin\jusched.exe HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-11] (SUPERAntiSpyware) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\MountPoints2: {792a120a-3b1c-11dd-9aaa-001644c3fdb1} - E:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {A7D283BE-9607-418E-A1ED-5CC9ACDF2CC5} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131109&p={SearchTerms} SearchScopes: HKCU - {E89F31DC-2B82-4768-B63A-FBD20843F1AD} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-01-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-08] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-12] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20] CHR Extension: (Add to Amazon Wish List) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-26] CHR Extension: (GoSave) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [2014-10-24] CHR Extension: (Pin It Button) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-26] CHR Extension: (Facebook - Delete All Messages) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-20] CHR Extension: (Kindle Cloud Reader) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-28] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2014-09-19] CHR Extension: (iCloud Dashboard) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2014-09-26] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-07] CHR Extension: (Google Wallet) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-07] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\SARAHB~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-24] CHR HKCU\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2014-10-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated) R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online) R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation) R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.) R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2008-03-19] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.) [File not signed] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.) S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2012-09-10] (Apple Inc.) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-19] (SigmaTel, Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2008-03-19] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 15:07 - 2014-10-30 15:07 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\wendys halloween party 2014-10-30 15:06 - 2014-10-30 15:07 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\red car 2014-10-28 21:36 - 2014-10-28 22:09 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Kindle Content 2014-10-28 21:36 - 2014-10-28 21:36 - 00001635 _____ () C:\Documents and Settings\Sarah Beth\Desktop\Kindle.lnk 2014-10-28 19:18 - 2014-10-28 19:46 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-10-28 19:18 - 2014-10-28 19:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-28 19:18 - 2014-10-28 19:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-28 11:20 - 2014-10-28 11:20 - 00003248 _____ () C:\WINDOWS\system32\.crusader 2014-10-28 11:12 - 2014-10-28 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-10-27 21:34 - 2014-11-01 15:26 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools 2014-10-27 21:16 - 2014-10-28 19:50 - 00000000 ____D () C:\AdwCleaner 2014-10-27 21:10 - 2014-11-01 15:26 - 00000000 ____D () C:\FRST 2014-10-27 21:10 - 2014-10-27 21:10 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-27 19:08 - 2014-10-28 19:27 - 00001599 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Remote Assistance.lnk 2014-10-27 19:08 - 2014-10-27 19:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.SARAH\ntuser.ini 2014-10-27 19:08 - 2014-10-27 19:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Temp 2014-10-27 19:08 - 2014-10-27 19:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google 2014-10-27 19:08 - 2014-10-27 19:08 - 00000000 __SHD () C:\Documents and Settings\Administrator.SARAH\IETldCache 2014-10-27 19:08 - 2014-10-27 19:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\SUPERAntiSpyware.com 2014-10-27 19:08 - 2014-10-27 19:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH 2014-10-27 19:08 - 2013-06-28 12:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application DataGoogle 2014-10-27 19:08 - 2013-04-15 12:27 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Macromedia 2014-10-27 19:08 - 2008-05-13 10:46 - 00033416 _____ () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-27 19:08 - 2008-05-13 10:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\My Documents\My Google Gadgets 2014-10-27 19:08 - 2008-05-13 10:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\AOL 2014-10-27 19:08 - 2008-05-13 10:42 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\You've Got Pictures Screensaver 2014-10-27 19:08 - 2008-05-13 10:41 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\America Online 2014-10-27 19:08 - 2008-05-13 10:37 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Symantec 2014-10-27 19:08 - 2008-05-13 10:32 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\MediaDirect 2014-10-27 19:08 - 2008-05-13 10:29 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Adobe 2014-10-27 19:08 - 2008-05-13 10:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\BVRP Software 2014-10-27 19:08 - 2008-05-13 10:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\InstallShield 2014-10-27 19:08 - 2008-05-13 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2014-10-27 19:08 - 2008-05-13 10:10 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Dell Accessories 2014-10-27 19:08 - 2004-08-10 13:08 - 00000671 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Internet Explorer.lnk 2014-10-27 19:08 - 2004-08-10 13:08 - 00000642 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Outlook Express.lnk 2014-10-27 19:08 - 2004-08-10 13:02 - 00000000 ___RD () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Accessories 2014-10-26 12:52 - 2014-10-26 12:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 22:20 - 2014-10-29 19:08 - 00003018 _____ () C:\Documents and Settings\Sarah Beth\My Documents\Removing DRM.txt 2014-10-24 22:01 - 2014-10-24 22:01 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk 2014-10-24 22:00 - 2014-10-24 22:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-24 22:00 - 2014-10-24 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management 2014-10-24 21:13 - 2014-10-28 21:36 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Amazon 2014-10-24 21:13 - 2014-10-24 21:13 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Amazon 2014-10-24 21:12 - 2014-10-28 21:35 - 00000000 ____D () C:\Program Files\Amazon 2014-10-24 21:03 - 2014-10-24 21:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\calibre 2014-10-24 21:03 - 2014-10-24 21:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\AllDRMRemoval 2014-10-24 21:03 - 2014-10-24 21:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\.AllDRMRemoval 2014-10-24 21:03 - 2014-10-24 21:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\AllDRMRemoval 2014-10-24 21:02 - 2014-10-24 21:06 - 00000000 ____D () C:\Program Files\Epubor 2014-10-24 20:43 - 2014-10-29 19:11 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v6.0.9 2014-10-24 13:28 - 2014-10-24 13:35 - 56419840 _____ () C:\Documents and Settings\Sarah Beth\My Documents\calibre-1.48.0.msi 2014-10-24 13:03 - 2014-10-24 13:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v5.5.3 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Comodo 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Guest 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\46dd58cc531bf18a 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser 2014-10-24 12:51 - 2014-10-24 12:51 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-10-24 12:50 - 2014-10-24 12:50 - 00000140 _____ () C:\Documents and Settings\Sarah Beth\Desktop.lnk 2014-10-16 18:27 - 2014-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Ayyub 10.11.14 2014-10-10 11:25 - 2014-10-22 10:02 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2014-10-10 11:25 - 2014-10-10 11:25 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-10 11:25 - 2014-10-10 11:25 - 00000000 ____D () C:\Program Files\My Dell 2014-10-09 22:06 - 2014-10-27 23:42 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk 2014-10-09 22:06 - 2014-10-09 22:06 - 00000000 ____D () C:\Program Files\OverDrive Media Console 2014-10-09 22:06 - 2014-10-09 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console 2014-10-02 19:04 - 2014-10-02 19:05 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\empty dropbox 2014-10-02 18:35 - 2014-10-02 18:35 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Before braces party 2014-10-02 18:34 - 2014-10-02 18:35 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Grandma's 84th birthday ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 15:28 - 2008-06-15 09:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Temp 2014-11-01 15:26 - 2004-08-10 13:02 - 01602249 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-01 15:21 - 2013-03-29 16:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-31 23:45 - 2013-04-04 17:50 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 21:20 - 2013-04-04 17:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-10-31 20:45 - 2013-04-04 17:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-29 20:21 - 2004-08-10 13:08 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-29 19:10 - 2014-04-30 22:15 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\Calibre Library 2014-10-29 18:32 - 2008-06-19 22:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-10-29 17:50 - 2008-06-15 10:09 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-10-28 19:53 - 2014-09-04 14:53 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Dropbox 2014-10-28 19:53 - 2014-09-02 12:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Dropbox 2014-10-28 19:53 - 2013-04-27 23:42 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Google Drive 2014-10-28 19:52 - 2014-03-15 20:32 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-10-28 19:52 - 2014-02-14 17:30 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-10-28 19:52 - 2013-12-13 00:34 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-10-28 19:52 - 2013-12-13 00:34 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-10-28 19:51 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-28 19:51 - 2004-08-10 12:59 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2014-10-28 19:51 - 2004-08-10 12:59 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-10-28 19:50 - 2008-06-15 09:27 - 00000178 ___SH () C:\Documents and Settings\Sarah Beth\ntuser.ini 2014-10-28 19:45 - 2009-12-28 23:52 - 00582918 _____ () C:\WINDOWS\setupapi.log 2014-10-28 12:00 - 2014-09-18 15:47 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-28 11:39 - 2008-06-15 15:49 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\U3 2014-10-28 11:23 - 2013-03-28 22:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 11:07 - 2014-09-26 10:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-28 11:07 - 2013-03-28 22:17 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-28 11:07 - 2013-03-28 22:17 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-10-28 11:04 - 2014-05-06 00:24 - 00009290 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-10-28 11:04 - 2014-04-09 11:22 - 00163379 ____C () C:\WINDOWS\KB2936068-IE8.log 2014-10-27 22:57 - 2014-02-14 15:54 - 00000000 ____D () C:\Program Files\NCH Software 2014-10-27 22:50 - 2004-08-10 12:57 - 02258301 _____ () C:\WINDOWS\FaxSetup.log 2014-10-27 22:50 - 2004-08-10 12:57 - 01088982 _____ () C:\WINDOWS\ocgen.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00863912 _____ () C:\WINDOWS\tsoc.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00682398 _____ () C:\WINDOWS\comsetup.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00413134 _____ () C:\WINDOWS\ntdtcsetup.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00354755 _____ () C:\WINDOWS\iis6.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00112693 _____ () C:\WINDOWS\msgsocm.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00112182 _____ () C:\WINDOWS\ocmsn.log 2014-10-27 22:50 - 2004-08-10 12:57 - 00001943 _____ () C:\WINDOWS\imsins.log 2014-10-27 17:57 - 2008-05-13 10:29 - 00000000 ____D () C:\Program Files\Google 2014-10-27 17:57 - 2008-05-13 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-10-27 12:01 - 2008-06-15 16:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927$2014-10-26 12:52 - 2014-09-18 15:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-26 12:52 - 2014-09-18 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-25 09:07 - 2014-04-30 22:17 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\calibre-cache 2014-10-24 21:56 - 2013-11-02 16:52 - 00423592 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-10-24 21:32 - 2014-04-30 22:14 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\calibre 2014-10-24 21:03 - 2008-06-15 09:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth 2014-10-24 14:02 - 2013-06-23 11:37 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Media 2014-10-24 12:51 - 2008-06-15 09:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google 2014-10-23 02:00 - 2013-04-22 01:18 - 00000352 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-SARAH-Sarah Beth.job 2014-10-22 10:03 - 2013-05-08 22:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\PCDr 2014-10-20 20:13 - 2013-07-13 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-20 19:58 - 2009-03-02 14:57 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-10 11:25 - 2013-05-08 22:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr 2014-10-10 11:25 - 2008-05-13 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell 2014-10-10 11:25 - 2008-05-13 10:30 - 00000000 ____D () C:\Program Files\Dell Support Center 2014-10-08 15:00 - 2014-03-15 20:32 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-10-02 18:55 - 2011-01-18 20:34 - 00000000 ____D () C:\Program Files\McAfee Files to move or delete: ==================== C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences.dat C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences2.dat Some content of TEMP: ==================== C:\Documents and Settings\Sarah Beth\Local Settings\Temp\BackupSetup.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4b5cy.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxmzhpg.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Foxit Updater.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\lowproc.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\setup_wm.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\SHSetup.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\SpOrder.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\sqlite3.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\stubhelper.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\tbSwee.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Trial.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\uti1151.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ From addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014 Ran by Sarah Beth at 2014-11-01 15:28:25 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated) Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon) AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version: - ) AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version: - ) AOL Uninstaller (HKLM\...\AOL Uninstaller) (Version: - ) AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version: - ) Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal) Cisco Clean Access Agent (HKLM\...\{04010300-6D72-4D54-8686-91D884A27B5C}) (Version: 4.1.3.2 - Cisco Systems, Inc) Color Efex Pro 4 (HKLM\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.) Color LaserJet 2600n (HKLM\...\HP-Color LaserJet 2600n) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - ) Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.) Dfine 2.0 (HKLM\...\Dfine 2.0 Stand-Alone) (Version: 2.1.0.7 - Nik Software, Inc.) Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.) Doxillion Document Converter (HKLM\...\Doxillion) (Version: 2.17 - NCH Software) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.) Elements 9 Organizer (Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.) Games, Music, & Photos Launcher (Version: 1.00.0000 - Dell Inc.) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden HDR Efex Pro (HKLM\...\HDR Efex Pro) (Version: 1.2.0.0 - Nik Software, Inc.) High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Internet Service Offers Launcher (HKLM\...\{E42BD75A-FC23-4E3F-9F91-2658334C644F}) (Version: 1.00.0000 - Dell Inc.) iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.) MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation) Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell) Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation) Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - ) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc) NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.) OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink) OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.) PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software) QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.16 - Dell Computer Corporation) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - ) Sharpener Pro 3.0 (HKLM\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.) Silver Efex Pro 2 (HKLM\...\Silver Efex Pro 2) (Version: 2.0.0.2 - Nik Software, Inc.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) Viveza 2 (HKLM\...\Viveza 2) (Version: 2.0.0.4 - Nik Software, Inc.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\Sarah Beth\My Documents\Downloads\tools v6.0.9.exe No File CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3921006264-3626018158-3878670278-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 29-10-2014 18:18:32 System Checkpoint 31-10-2014 18:54:09 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-10 12:51 - 2004-08-04 05:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-SARAH-Sarah Beth.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\DoxillionSevenDays.job => C:\Program Files\NCH Software\Doxillion\doxillion.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => šÄýó½g,GŒ+õà;•^Ff< s@ €!Þ uaclauncher.exeR-silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilentlyC:\Program Files\My Dell PC-Doctor0Þ ==================== Loaded Modules (whitelisted) ============= 2008-05-13 10:24 - 2007-12-11 13:22 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2008-05-13 10:24 - 2007-12-11 13:21 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2013-10-29 17:30 - 2011-02-28 17:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2004-08-10 12:51 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2004-08-10 12:51 - 2008-04-13 19:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll 2008-05-13 10:24 - 2007-12-10 17:51 - 00098304 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll 2008-05-13 10:24 - 2005-10-13 12:53 - 00090223 _____ () C:\Program Files\Dell\QuickSet\preflibcl.dll 2008-05-13 10:24 - 2007-12-11 13:22 - 00139264 _____ () C:\WINDOWS\system32\preflib.dll 2005-07-07 14:15 - 2005-07-07 14:15 - 00090112 ____R () C:\Program Files\Common Files\AOL\ACS\US\DialRes.dll 2014-10-28 19:53 - 2014-10-28 19:53 - 00043008 _____ () c:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4b5cy.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\libcef.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll 2014-10-28 19:52 - 2014-10-28 19:52 - 00098816 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32api.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00110080 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\pywintypes27.dll 2014-10-28 19:52 - 2014-10-28 19:52 - 00364544 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\pythoncom27.dll 2014-10-28 19:52 - 2014-10-28 19:52 - 00045568 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_socket.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 01160704 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_ssl.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00320512 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32com.shell.shell.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00713216 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_hashlib.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 01175040 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._core_.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00805888 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._gdi_.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00811008 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._windows_.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 01062400 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._controls_.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00735232 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._misc_.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00128512 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_elementtree.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00127488 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\pyexpat.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00557056 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\pysqlite2._sqlite.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00007168 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\hashobjs_ext.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00087552 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_ctypes.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00119808 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32file.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00108544 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32security.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00018432 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32event.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00038912 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32inet.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00070656 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._html2.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00167936 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32gui.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00011264 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32crypt.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00027136 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\_multiprocessing.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00686080 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\unicodedata.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00122368 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._wizard.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00010240 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\select.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00024064 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32pipe.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00025600 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32pdh.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00525640 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\windows._lib_cacheinvalidation.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00035840 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32process.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00017408 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32profile.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00022528 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\win32ts.pyd 2014-10-28 19:52 - 2014-10-28 19:52 - 00078336 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Temp\_MEI23122\wx._animate.pyd 2006-10-23 14:04 - 2006-10-23 14:04 - 00001536 _____ () c:\program files\common files\aol\1210693269\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe 2014-08-26 16:47 - 2014-08-26 16:47 - 21118304 _____ () C:\Program Files\Evernote\Evernote\libcef.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00985968 _____ () C:\Program Files\Evernote\Evernote\avcodec-54.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00136048 _____ () C:\Program Files\Evernote\Evernote\avutil-51.dll 2014-08-26 16:47 - 2014-08-26 16:47 - 00192368 _____ () C:\Program Files\Evernote\Evernote\avformat-54.dll 2004-08-10 12:50 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2014-09-16 14:46 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll 2014-09-16 14:46 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll 2014-09-16 14:46 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll 2014-09-16 14:46 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll 2014-09-07 20:06 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-09-07 20:06 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3921006264-3626018158-3878670278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.SARAH Guest (S-1-5-21-3921006264-3626018158-3878670278-501 - Limited - Enabled) HelpAssistant (S-1-5-21-3921006264-3626018158-3878670278-1005 - Limited - Disabled) Sarah Beth (S-1-5-21-3921006264-3626018158-3878670278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sarah Beth SUPPORT_388945a0 (S-1-5-21-3921006264-3626018158-3878670278-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3093 Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3093 Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3062 Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3062 Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5062 Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5062 Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2014 10:44:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2984 System errors: ============= Error: (10/28/2014 07:51:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error: (10/28/2014 07:46:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The This service enables products that use the Nalpeiron Licensing System. service terminated unexpectedly. It has done this 1 time(s). Error: (10/28/2014 07:46:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/28/2014 07:01:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error: (10/28/2014 06:00:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The This service enables products that use the Nalpeiron Licensing System. service terminated unexpectedly. It has done this 1 time(s). Error: (10/28/2014 06:00:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/28/2014 01:06:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%3 Error: (10/28/2014 01:05:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (10/28/2014 01:01:48 PM) (Source: DCOM) (EventID: 10005) (User: SARAH) Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (10/28/2014 11:39:17 AM) (Source: DCOM) (EventID: 10005) (User: SARAH) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Microsoft Office Sessions: ========================= Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3093 Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3093 Error: (10/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3062 Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3062 Error: (10/28/2014 03:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5062 Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5062 Error: (10/24/2014 10:44:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2014 10:44:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2984 ==================== Memory info =========================== Processor: Intel® Celeron® CPU 550 @ 2.00GHz Percentage of memory in use: 76% Total physical RAM: 2037.97 MB Available physical RAM: 483.61 MB Total Pagefile: 3930.31 MB Available Pagefile: 2143.6 MB Total Virtual: 2047.88 MB Available Virtual: 1933.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:105.93 GB) (Free:0.54 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: D0F4738C) Partition 1: (Not Active) - (Size=63 MB) - (Type=DE) Partition 2: (Active) - (Size=105.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=2.5 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB) ==================== End Of Log ============================ ### #4 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 01 November 2014 - 03:59 PM Hello sarahliz82, Please download Malwarebytes Anti-Rootkit and save it to your desktop. • Be sure to print out and follow the instructions provided on that same page. • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using. • Scan your system for malware With some infections, you may see two messages boxes. • 'Could not load protection driver'. Click 'OK'. • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply. • If there is no malware found, please let me know as well. *** Please download AdwCleaner by Xplode and save to your Desktop. Double-click AdwCleaner.exe Vista / Windows 7/8 users right-click and select Run As Administrator. • Click on the Scan button. • AdwCleaner will begin...be patient as the scan may take some time to complete. When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete. • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it. • Copy and paste the contents of that logfile in your next reply. • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool. *** Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #5 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 03 November 2014 - 12:19 AM Hello Jo, Thank you again for your help. 1) I installed and ran the Malwarebytes Anti-Rootkit and no malware was detected. 2) I installed AdwCleaner (via your link - I think that version is more current than what I had scanned and cleaned with in the past week) and ran that as well. The program is on the desktop, but there is no folder and no saved copy of the report like you mentioned. The text of the report is pasted below. I really don't understand what I am looking at. One thing I have noticed that may or may not be of interest is that Google Chrome seems to be highly compromised while Firefox is running fairly smoothly. I prefer Firefox, but have been using Chrome as the Evernote Web Clipper extension for Firefox does not work well. AdwCleaner report: # AdwCleaner v3.311 - Report created 02/11/2014 at 23:08:15 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Sarah Beth - SARAH # Running from : C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\.autoreg File Found : C:\WINDOWS\system32\drivers\netfilter.sys File Found : C:\WINDOWS\system32\ImhxxpComm.dll Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torch Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch Folder Found : C:\Program Files\NCH Software Folder Found : C:\WINDOWS\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219} ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91 Key Found : HKLM\SOFTWARE\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{813BA625-B0FA-48D8-9B75-59759C88C219} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\SOFTWARE\Viewpoint Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v33.0 (x86 en-US) [ File : C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031\prefs.js ] -\\ Google Chrome v37.0.2062.120 [ File : C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [ File : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [Extension] : fbhkadofcemnmfohgfillpbdjmgecfib Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj ************************* AdwCleaner[R0].txt - [807 octets] - [27/10/2014 20:16:29] AdwCleaner[R10].txt - [8476 octets] - [02/11/2014 23:08:15] AdwCleaner[R1].txt - [866 octets] - [27/10/2014 20:19:11] AdwCleaner[R2].txt - [7984 octets] - [27/10/2014 20:21:36] AdwCleaner[R3].txt - [1052 octets] - [27/10/2014 20:38:48] AdwCleaner[R4].txt - [1113 octets] - [27/10/2014 20:40:08] AdwCleaner[R5].txt - [1233 octets] - [27/10/2014 21:04:02] AdwCleaner[R6].txt - [8122 octets] - [27/10/2014 22:06:38] AdwCleaner[R7].txt - [7721 octets] - [27/10/2014 22:23:34] AdwCleaner[R8].txt - [10538 octets] - [28/10/2014 12:03:49] AdwCleaner[R9].txt - [10811 octets] - [28/10/2014 18:49:27] AdwCleaner[S0].txt - [8170 octets] - [27/10/2014 20:22:03] AdwCleaner[S1].txt - [1168 octets] - [27/10/2014 20:40:31] AdwCleaner[S2].txt - [8312 octets] - [27/10/2014 22:07:19] AdwCleaner[S3].txt - [7901 octets] - [27/10/2014 22:23:58] AdwCleaner[S4].txt - [10765 octets] - [28/10/2014 12:05:13] AdwCleaner[S5].txt - [11040 octets] - [28/10/2014 18:50:09] ########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [9440 octets] ########## ### #6 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 03 November 2014 - 04:33 AM Hello sarahliz82, Double click on AdwCleaner.exe to run the tool again. Vista / Windows 7/8 users right-click and select Run As Administrator. • Click on the Scan button. • AdwCleaner will begin to scan your computer like it did before. • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove. • This time, click on the Clean button. • Press OK when asked to close all programs and follow the onscreen prompts. • Press OK again to allow AdwCleaner to restart the computer and complete the removal process. • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. • Copy and paste the contents of that logfile in your next reply. • A copy of that logfile will also be saved in the C:\AdwCleaner folder. *** Please download Junkware Removal Tool from HERE and save it to your desktop. Shutdown your antivirus to avoid any potential conflicts. Double click JRT.exe to run the tool. Vista / Windows 7/8 users right-click and select Run As Administrator. • JRT will begin to backup your registry and start scanning your system. • Please be patient as this can take a while to complete depending on your system's specifications. • On completion, the log JRT.txt is saved on your desktop and will automatically open. Enable your antivirus! Post the contents of JRT.txt into your next reply. *** Run the Farbar Recovery Scan Tool again. • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer. • Press Scan button. • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. *** How the computer is running now? *** Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #7 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 03 November 2014 - 10:29 AM Hello Jo - Wow! What an improvement! My PC is working so much better now - the insane popups (Go Save, something about coupons, and another that always told me to call a 1-800 number for assistance with a Trojan) seem to be gone. Also, GoSave is no longer listed in my Chrome extensions! Hallelujah! I had previously used most of these tools with no success. What did I do wrong? I don't have an antivirus software - I used to Mcafee, but I caught viruses even with my paid subscription. Since then I just have used common sense and and SuperAntiSpyware and MalwareBytes free editions. My dad has paid MalwareBytes, and he continues to get viruses - I have no idea how. He certainly ins't doing anything that would lead to that possibility. Is there a software you can recommend to me? My laptop always runs AOLSpyZapper and I don't know how to get rid of that. By default I have so many processes running and eating up my processing power. Is there something I can do about that? Here are the log files you requested. 1) From AdwCleaner # AdwCleaner v3.311 - Report created 03/11/2014 at 08:23:38 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Sarah Beth - SARAH # Running from : C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software Folder Deleted : C:\Program Files\NCH Software Folder Deleted : C:\WINDOWS\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219} Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjmgecfib File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll File Deleted : C:\Program Files\Mozilla Firefox\.autoreg ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe] Key Deleted : HKLM\SOFTWARE\MetaStream Key Deleted : HKLM\SOFTWARE\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{813BA625-B0FA-48D8-9B75-59759C88C219} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v33.0 (x86 en-US) [ File : C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031\prefs.js ] -\\ Google Chrome v37.0.2062.120 [ File : C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [ File : C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : fbhkadofcemnmfohgfillpbdjmgecfib Deleted [Extension] : niloccemoadcdkdjlinkgdfekeahmflj ************************* AdwCleaner[R0].txt - [807 octets] - [27/10/2014 20:16:29] AdwCleaner[R10].txt - [9521 octets] - [02/11/2014 23:08:15] AdwCleaner[R11].txt - [9582 octets] - [03/11/2014 08:22:14] AdwCleaner[R1].txt - [866 octets] - [27/10/2014 20:19:11] AdwCleaner[R2].txt - [7984 octets] - [27/10/2014 20:21:36] AdwCleaner[R3].txt - [1052 octets] - [27/10/2014 20:38:48] AdwCleaner[R4].txt - [1113 octets] - [27/10/2014 20:40:08] AdwCleaner[R5].txt - [1233 octets] - [27/10/2014 21:04:02] AdwCleaner[R6].txt - [8122 octets] - [27/10/2014 22:06:38] AdwCleaner[R7].txt - [7721 octets] - [27/10/2014 22:23:34] AdwCleaner[R8].txt - [10538 octets] - [28/10/2014 12:03:49] AdwCleaner[R9].txt - [10811 octets] - [28/10/2014 18:49:27] AdwCleaner[S0].txt - [8170 octets] - [27/10/2014 20:22:03] AdwCleaner[S1].txt - [1168 octets] - [27/10/2014 20:40:31] AdwCleaner[S2].txt - [8312 octets] - [27/10/2014 22:07:19] AdwCleaner[S3].txt - [7901 octets] - [27/10/2014 22:23:58] AdwCleaner[S4].txt - [10765 octets] - [28/10/2014 12:05:13] AdwCleaner[S5].txt - [11040 octets] - [28/10/2014 18:50:09] AdwCleaner[S6].txt - [9732 octets] - [03/11/2014 08:23:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [9792 octets] ########## 2) Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Microsoft Windows XP x86 Ran by Sarah Beth on Mon 11/03/2014 at 8:28:43.75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/03/2014 at 8:32:45.21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3) Farbar Recover Scan Tool Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014 Ran by Sarah Beth (administrator) on SARAH on 03-11-2014 08:33:11 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Dropbox, Inc.) C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Cisco Systems, Inc) C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-03-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-12-10] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-12-11] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2008-03-19] (SigmaTel, Inc.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( ) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1210693269\ee\AOLSoftware.exe [48280 2006-03-10] (America Online, Inc.) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online) HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-12] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre7\bin\jusched.exe HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-10] (SUPERAntiSpyware) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\MountPoints2: {792a120a-3b1c-11dd-9aaa-001644c3fdb1} - E:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {A7D283BE-9607-418E-A1ED-5CC9ACDF2CC5} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131109&p={SearchTerms} SearchScopes: HKCU - {E89F31DC-2B82-4768-B63A-FBD20843F1AD} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-01-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-08] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-12] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Profile: C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20] CHR Extension: (Add to Amazon Wish List) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-26] CHR Extension: (Pin It Button) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-26] CHR Extension: (Facebook - Delete All Messages) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-20] CHR Extension: (Kindle Cloud Reader) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-28] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2014-09-19] CHR Extension: (iCloud Dashboard) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2014-09-26] CHR Extension: (Google Wallet) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-07] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\SARAHB~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-24] CHR HKCU\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2014-10-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated) R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online) R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation) R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.) R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2008-03-19] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.) [File not signed] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.) S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2012-09-10] (Apple Inc.) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-19] (SigmaTel, Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2008-03-19] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 08:32 - 2014-11-03 08:32 - 00000594 _____ () C:\Documents and Settings\Sarah Beth\Desktop\JRT.txt 2014-11-02 23:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-11-02 22:12 - 2014-11-02 23:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-10-28 20:36 - 2014-10-28 21:09 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Kindle Content 2014-10-28 20:36 - 2014-10-28 20:36 - 00001635 _____ () C:\Documents and Settings\Sarah Beth\Desktop\Kindle.lnk 2014-10-28 18:18 - 2014-10-28 18:46 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-28 10:20 - 2014-10-28 10:20 - 00003248 _____ () C:\WINDOWS\system32\.crusader 2014-10-28 10:12 - 2014-10-28 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-10-27 20:34 - 2014-11-03 08:33 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools 2014-10-27 20:16 - 2014-11-03 08:23 - 00000000 ____D () C:\AdwCleaner 2014-10-27 20:10 - 2014-11-03 08:33 - 00000000 ____D () C:\FRST 2014-10-27 20:10 - 2014-10-27 20:10 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-27 18:08 - 2014-10-28 18:27 - 00001599 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Remote Assistance.lnk 2014-10-27 18:08 - 2014-10-27 18:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.SARAH\ntuser.ini 2014-10-27 18:08 - 2014-10-27 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Temp 2014-10-27 18:08 - 2014-10-27 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 __SHD () C:\Documents and Settings\Administrator.SARAH\IETldCache 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\SUPERAntiSpyware.com 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH 2014-10-27 18:08 - 2013-06-28 11:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application DataGoogle 2014-10-27 18:08 - 2013-04-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Macromedia 2014-10-27 18:08 - 2008-05-13 09:46 - 00033416 _____ () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\My Documents\My Google Gadgets 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\AOL 2014-10-27 18:08 - 2008-05-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\You've Got Pictures Screensaver 2014-10-27 18:08 - 2008-05-13 09:41 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\America Online 2014-10-27 18:08 - 2008-05-13 09:37 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Symantec 2014-10-27 18:08 - 2008-05-13 09:32 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\MediaDirect 2014-10-27 18:08 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Adobe 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\BVRP Software 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\InstallShield 2014-10-27 18:08 - 2008-05-13 09:22 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2014-10-27 18:08 - 2008-05-13 09:10 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Dell Accessories 2014-10-27 18:08 - 2004-08-10 12:08 - 00000671 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Internet Explorer.lnk 2014-10-27 18:08 - 2004-08-10 12:08 - 00000642 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Outlook Express.lnk 2014-10-27 18:08 - 2004-08-10 12:02 - 00000000 ___RD () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Accessories 2014-10-26 11:52 - 2014-10-26 11:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 21:20 - 2014-10-29 18:08 - 00003018 _____ () C:\Documents and Settings\Sarah Beth\My Documents\Removing DRM.txt 2014-10-24 21:01 - 2014-10-24 21:01 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management 2014-10-24 20:13 - 2014-10-28 20:36 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Amazon 2014-10-24 20:13 - 2014-10-24 20:13 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Amazon 2014-10-24 20:12 - 2014-10-28 20:35 - 00000000 ____D () C:\Program Files\Amazon 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\calibre 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\.AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\AllDRMRemoval 2014-10-24 20:02 - 2014-10-24 20:06 - 00000000 ____D () C:\Program Files\Epubor 2014-10-24 19:43 - 2014-10-29 18:11 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v6.0.9 2014-10-24 12:28 - 2014-10-24 12:35 - 56419840 _____ () C:\Documents and Settings\Sarah Beth\My Documents\calibre-1.48.0.msi 2014-10-24 12:03 - 2014-10-24 12:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v5.5.3 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\46dd58cc531bf18a 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-10-24 11:50 - 2014-10-24 11:50 - 00000140 _____ () C:\Documents and Settings\Sarah Beth\Desktop.lnk 2014-10-10 10:25 - 2014-10-22 09:02 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000000 ____D () C:\Program Files\My Dell 2014-10-09 21:06 - 2014-10-27 22:42 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Program Files\OverDrive Media Console 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 08:34 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Temp 2014-11-03 08:30 - 2004-08-10 11:57 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-03 08:27 - 2014-09-04 13:53 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Dropbox 2014-11-03 08:27 - 2014-09-02 11:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Dropbox 2014-11-03 08:27 - 2013-04-27 22:42 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Google Drive 2014-11-03 08:27 - 2004-08-10 12:02 - 01630359 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-03 08:26 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-03 08:25 - 2014-03-15 19:32 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-11-03 08:25 - 2014-02-14 16:30 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 08:25 - 2013-12-12 23:34 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 08:25 - 2013-04-04 16:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-03 08:25 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-03 08:25 - 2004-08-10 11:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-03 08:25 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-11-03 08:25 - 2004-08-10 11:57 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-03 08:24 - 2008-06-15 08:27 - 00000178 ___SH () C:\Documents and Settings\Sarah Beth\ntuser.ini 2014-11-03 08:24 - 2004-08-10 12:08 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-03 08:23 - 2014-09-26 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-03 08:21 - 2013-03-29 15:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-02 22:45 - 2013-04-04 16:50 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-02 22:12 - 2014-09-18 14:47 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-11-02 22:11 - 2014-09-18 14:47 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-02 22:02 - 2013-12-12 23:34 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-02 11:04 - 2014-02-14 16:30 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-01 23:03 - 2008-05-13 09:06 - 00003703 _____ () C:\WINDOWS\setupact.log 2014-11-01 22:46 - 2008-06-15 08:27 - 00040176 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-29 18:10 - 2014-04-30 21:15 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\Calibre Library 2014-10-29 17:32 - 2008-06-19 21:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-10-29 16:50 - 2008-06-15 09:09 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-10-28 18:45 - 2009-12-28 22:52 - 00582918 _____ () C:\WINDOWS\setupapi.log 2014-10-28 10:39 - 2008-06-15 14:49 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\U3 2014-10-28 10:23 - 2013-03-28 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 10:07 - 2013-03-28 21:17 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-28 10:07 - 2013-03-28 21:17 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-10-28 10:04 - 2014-05-05 23:24 - 00009290 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-10-28 10:04 - 2014-04-09 10:22 - 00163379 ____C () C:\WINDOWS\KB2936068-IE8.log 2014-10-27 21:50 - 2004-08-10 11:57 - 02258301 _____ () C:\WINDOWS\FaxSetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 01088982 _____ () C:\WINDOWS\ocgen.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00863912 _____ () C:\WINDOWS\tsoc.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00682398 _____ () C:\WINDOWS\comsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00413134 _____ () C:\WINDOWS\ntdtcsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00354755 _____ () C:\WINDOWS\iis6.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112693 _____ () C:\WINDOWS\msgsocm.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112182 _____ () C:\WINDOWS\ocmsn.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00001943 _____ () C:\WINDOWS\imsins.log 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Program Files\Google 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-10-27 11:01 - 2008-06-15 15:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927$2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-25 08:07 - 2014-04-30 21:17 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\calibre-cache 2014-10-24 20:56 - 2013-11-02 15:52 - 00423592 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-10-24 20:32 - 2014-04-30 21:14 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\calibre 2014-10-24 20:03 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth 2014-10-24 13:02 - 2013-06-23 10:37 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Media 2014-10-24 11:51 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google 2014-10-23 01:00 - 2013-04-22 00:18 - 00000352 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-SARAH-Sarah Beth.job 2014-10-22 09:03 - 2013-05-08 21:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\PCDr 2014-10-20 19:13 - 2013-07-13 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-20 18:58 - 2009-03-02 13:57 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-10 10:25 - 2013-05-08 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr 2014-10-10 10:25 - 2008-05-13 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell 2014-10-10 10:25 - 2008-05-13 09:30 - 00000000 ____D () C:\Program Files\Dell Support Center 2014-10-08 14:00 - 2014-03-15 19:32 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job Files to move or delete: ==================== C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences.dat C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences2.dat Some content of TEMP: ==================== C:\Documents and Settings\Sarah Beth\Local Settings\Temp\BackupSetup.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpakosgj.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Foxit Updater.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\lowproc.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\setup_wm.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\SHSetup.exe C:\Documents and Settings\Sarah Beth\Local Settings\Temp\SpOrder.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\sqlite3.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\stubhelper.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\tbSwee.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\Trial.dll C:\Documents and Settings\Sarah Beth\Local Settings\Temp\uti1151.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ ### #8 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 03 November 2014 - 11:15 AM Hello sarahliz82, you could use free Panda or AVG. The Best Free Antivirus for 2014: http://www.pcmag.com/article2/0,2817,2388652,00.asp *** Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt start EmptyTemp: HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences.dat C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences2.dat end  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. *** FRST / FSRT64: run it again. • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File). • When the tool opens, click Yes to disclaimer. • Press the Scan button. • When finished, it will produce a log called FRST.txt in the same directory the tool was run from. • Please copy and paste the log in your next reply. *** Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #9 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 03 November 2014 - 03:44 PM Hi Jo, I created the fixlist.txt as you said and ran FRST and then clicked fix. It closed Chrome - and while fixing I reopened it, not thinking. So after the reboot I repeated the procedure. So below is the SECOND Fixlog - it wrote over the original. Sorry about that. For the next run after reboot (which technically was the third) I right-clicked and saw "Run as" listed. When I saw the options, there was no "run as administrator." It was a radio button display with two choices - the first "run as current user (Sarah Beth)" or "an alternate profile." The two options listed as alternate were once again my account or APNS certificate. The graphic showed a red x on it. I selected the first radio button - "run as current user." Thanks for the antivirus suggestions. I will look into that right away. 1) Fixlog from second run of FRST with fixlist.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014 Ran by Sarah Beth at 2014-11-03 14:26:28 Run:2 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start EmptyTemp: HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences.dat C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences2.dat end ***************** HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found. "HKLM\SOFTWARE\Policies\Google" => Key not found. "HKCU\SOFTWARE\Policies\Google" => Key not found. gupdate => Service not found. gupdatem => Service not found. SymIM => Service not found. SymIMMP => Service not found. "C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences.dat" => File/Directory not found. "C:\Documents and Settings\Sarah Beth\jagex_runescape_preferences2.dat" => File/Directory not found. EmptyTemp: => Removed 30 MB temporary data. 2) FRST.txt from rerun of FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014 Ran by Sarah Beth (administrator) on SARAH on 03-11-2014 14:37:40 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Dropbox, Inc.) C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Cisco Systems, Inc) C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe () C:\Program Files\Common Files\AOL\1210693269\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-03-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-12-10] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-12-11] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2008-03-19] (SigmaTel, Inc.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( ) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1210693269\ee\AOLSoftware.exe [48280 2006-03-10] (America Online, Inc.) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online) HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-12] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre7\bin\jusched.exe HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-10] (SUPERAntiSpyware) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\MountPoints2: {792a120a-3b1c-11dd-9aaa-001644c3fdb1} - E:\LaunchU3.exe -a Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {A7D283BE-9607-418E-A1ED-5CC9ACDF2CC5} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131109&p={SearchTerms} SearchScopes: HKCU - {E89F31DC-2B82-4768-B63A-FBD20843F1AD} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-01-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-08] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-12] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20] CHR Extension: (Add to Amazon Wish List) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-26] CHR Extension: (Pin It Button) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-26] CHR Extension: (Facebook - Delete All Messages) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-20] CHR Extension: (Kindle Cloud Reader) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-28] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2014-09-19] CHR Extension: (iCloud Dashboard) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2014-09-26] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-03] CHR Extension: (Google Wallet) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-07] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\SARAHB~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-24] CHR HKCU\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2014-10-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated) R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online) R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation) R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.) R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2008-03-19] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.) S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2012-09-10] (Apple Inc.) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-19] (SigmaTel, Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2008-03-19] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 23:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-11-02 22:12 - 2014-11-02 23:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-10-28 20:36 - 2014-10-28 21:09 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Kindle Content 2014-10-28 20:36 - 2014-10-28 20:36 - 00001635 _____ () C:\Documents and Settings\Sarah Beth\Desktop\Kindle.lnk 2014-10-28 18:18 - 2014-10-28 18:46 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-28 10:20 - 2014-10-28 10:20 - 00003248 _____ () C:\WINDOWS\system32\.crusader 2014-10-28 10:12 - 2014-10-28 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-10-27 20:34 - 2014-11-03 14:37 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools 2014-10-27 20:16 - 2014-11-03 08:23 - 00000000 ____D () C:\AdwCleaner 2014-10-27 20:10 - 2014-11-03 14:37 - 00000000 ____D () C:\FRST 2014-10-27 20:10 - 2014-10-27 20:10 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-27 18:08 - 2014-11-03 14:15 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Temp 2014-10-27 18:08 - 2014-10-28 18:27 - 00001599 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Remote Assistance.lnk 2014-10-27 18:08 - 2014-10-27 18:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.SARAH\ntuser.ini 2014-10-27 18:08 - 2014-10-27 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 __SHD () C:\Documents and Settings\Administrator.SARAH\IETldCache 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\SUPERAntiSpyware.com 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH 2014-10-27 18:08 - 2013-06-28 11:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application DataGoogle 2014-10-27 18:08 - 2013-04-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Macromedia 2014-10-27 18:08 - 2008-05-13 09:46 - 00033416 _____ () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\My Documents\My Google Gadgets 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\AOL 2014-10-27 18:08 - 2008-05-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\You've Got Pictures Screensaver 2014-10-27 18:08 - 2008-05-13 09:41 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\America Online 2014-10-27 18:08 - 2008-05-13 09:37 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Symantec 2014-10-27 18:08 - 2008-05-13 09:32 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\MediaDirect 2014-10-27 18:08 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Adobe 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\BVRP Software 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\InstallShield 2014-10-27 18:08 - 2008-05-13 09:22 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2014-10-27 18:08 - 2008-05-13 09:10 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Dell Accessories 2014-10-27 18:08 - 2004-08-10 12:08 - 00000671 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Internet Explorer.lnk 2014-10-27 18:08 - 2004-08-10 12:08 - 00000642 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Outlook Express.lnk 2014-10-27 18:08 - 2004-08-10 12:02 - 00000000 ___RD () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Accessories 2014-10-26 11:52 - 2014-10-26 11:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 21:20 - 2014-10-29 18:08 - 00003018 _____ () C:\Documents and Settings\Sarah Beth\My Documents\Removing DRM.txt 2014-10-24 21:01 - 2014-10-24 21:01 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management 2014-10-24 20:13 - 2014-10-28 20:36 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Amazon 2014-10-24 20:13 - 2014-10-24 20:13 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Amazon 2014-10-24 20:12 - 2014-10-28 20:35 - 00000000 ____D () C:\Program Files\Amazon 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\calibre 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\.AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\AllDRMRemoval 2014-10-24 20:02 - 2014-10-24 20:06 - 00000000 ____D () C:\Program Files\Epubor 2014-10-24 19:43 - 2014-10-29 18:11 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v6.0.9 2014-10-24 12:28 - 2014-10-24 12:35 - 56419840 _____ () C:\Documents and Settings\Sarah Beth\My Documents\calibre-1.48.0.msi 2014-10-24 12:03 - 2014-10-24 12:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v5.5.3 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\46dd58cc531bf18a 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-10-24 11:50 - 2014-10-24 11:50 - 00000140 _____ () C:\Documents and Settings\Sarah Beth\Desktop.lnk 2014-10-10 10:25 - 2014-11-03 10:24 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000000 ____D () C:\Program Files\My Dell 2014-10-09 21:06 - 2014-10-27 22:42 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Program Files\OverDrive Media Console 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 14:38 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Temp 2014-11-03 14:32 - 2004-08-10 11:57 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-03 14:30 - 2013-04-27 22:42 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Google Drive 2014-11-03 14:29 - 2014-09-04 13:53 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Dropbox 2014-11-03 14:29 - 2014-09-02 11:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Dropbox 2014-11-03 14:29 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-03 14:29 - 2004-08-10 12:02 - 01641633 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-03 14:28 - 2014-03-15 19:32 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-11-03 14:28 - 2014-02-14 16:30 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 14:28 - 2013-12-12 23:34 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 14:28 - 2013-04-04 16:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-03 14:28 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-03 14:28 - 2004-08-10 11:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-03 14:28 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-11-03 14:27 - 2008-06-15 08:27 - 00000178 ___SH () C:\Documents and Settings\Sarah Beth\ntuser.ini 2014-11-03 14:27 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth 2014-11-03 14:27 - 2004-08-10 12:08 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-03 14:21 - 2013-03-29 15:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-03 14:18 - 2013-12-12 23:34 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 14:17 - 2013-11-02 15:52 - 00530744 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-11-03 14:11 - 2004-08-10 12:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp 2014-11-03 14:11 - 2004-08-10 11:57 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp 2014-11-03 13:45 - 2013-04-04 16:50 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-03 08:25 - 2004-08-10 11:57 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-03 08:23 - 2014-09-26 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-02 22:12 - 2014-09-18 14:47 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-11-02 22:11 - 2014-09-18 14:47 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-02 11:04 - 2014-02-14 16:30 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-01 23:03 - 2008-05-13 09:06 - 00003703 _____ () C:\WINDOWS\setupact.log 2014-11-01 22:46 - 2008-06-15 08:27 - 00040176 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-29 18:10 - 2014-04-30 21:15 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\Calibre Library 2014-10-29 17:32 - 2008-06-19 21:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-10-29 16:50 - 2008-06-15 09:09 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-10-28 18:45 - 2009-12-28 22:52 - 00582918 _____ () C:\WINDOWS\setupapi.log 2014-10-28 10:39 - 2008-06-15 14:49 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\U3 2014-10-28 10:23 - 2013-03-28 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 10:07 - 2013-03-28 21:17 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-28 10:07 - 2013-03-28 21:17 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-10-28 10:04 - 2014-05-05 23:24 - 00009290 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-10-28 10:04 - 2014-04-09 10:22 - 00163379 ____C () C:\WINDOWS\KB2936068-IE8.log 2014-10-27 21:50 - 2004-08-10 11:57 - 02258301 _____ () C:\WINDOWS\FaxSetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 01088982 _____ () C:\WINDOWS\ocgen.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00863912 _____ () C:\WINDOWS\tsoc.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00682398 _____ () C:\WINDOWS\comsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00413134 _____ () C:\WINDOWS\ntdtcsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00354755 _____ () C:\WINDOWS\iis6.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112693 _____ () C:\WINDOWS\msgsocm.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112182 _____ () C:\WINDOWS\ocmsn.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00001943 _____ () C:\WINDOWS\imsins.log 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Program Files\Google 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-10-27 11:01 - 2008-06-15 15:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927$2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-25 08:07 - 2014-04-30 21:17 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\calibre-cache 2014-10-24 20:32 - 2014-04-30 21:14 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\calibre 2014-10-24 13:02 - 2013-06-23 10:37 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Media 2014-10-24 11:51 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google 2014-10-23 01:00 - 2013-04-22 00:18 - 00000352 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-SARAH-Sarah Beth.job 2014-10-22 09:03 - 2013-05-08 21:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\PCDr 2014-10-20 19:13 - 2013-07-13 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-20 18:58 - 2009-03-02 13:57 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-10 10:25 - 2013-05-08 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr 2014-10-10 10:25 - 2008-05-13 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell 2014-10-10 10:25 - 2008-05-13 09:30 - 00000000 ____D () C:\Program Files\Dell Support Center 2014-10-08 14:00 - 2014-03-15 19:32 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job Some content of TEMP: ==================== C:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbiwzry.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ ### #10 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 03 November 2014 - 03:46 PM Also, I should note that I am the only user of the computer and SARAH BETH is the only profile - so perhaps that makes me administrator by default. However, when I reboot in safe mode it gives me two profile options to login - mine and an administrator. ### #11 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 03 November 2014 - 04:10 PM Hello sarahliz82, Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. - Kaspersky Lab report: Evaluating the threat level of software vulnerabilities - Microsoft: Unprecedented Wave of Java Exploitation - Ghosts of Java Haunt Users Please follow these steps to remove older version Java components and update: • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop. • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right. • Read the License Agreement, and then check the box that says: "Accept License Agreement". • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u25-windows-i586.exe or Windows x64: jre-8u25-windows-x64.exe) and save the file to your desktop. • Close any programs you may have running - especially your web browser. • Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java. • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. • Repeat as many times as necessary to remove each Java version. • Reboot your computer once all Java components are removed. • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version. • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. • When the Java Setup - Welcome window opens, click the Install > button. • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java. -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it: • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. • Click Ok and reboot your computer. --- Malwarebytes' Anti-Malware If this program is already installed: Skip the installation and run only the scan! Download and install: Please download Malwarebytes Anti-Malware to your desktop. • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to the following: • Launch Malwarebytes Anti-Malware • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. • Click Finish. • On the Dashboard, click the 'Update Now >>' link • After the update completes, click the 'Scan Now >>' button. • Or, on the Dashboard, click the Scan Now >> button. • If an update is available, click the Update Now button. • A Threat Scan will begin. • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. • In most cases, a restart will be required. • Wait for the prompt to restart the computer to appear, then click on Yes. How to get logs: (Export log to save as txt) • After the restart once you are back at your desktop, open MBAM once more. • Click on the History tab > Application Logs. • Double click on the scan log which shows the Date and time of the scan just performed. • Click 'Export'. • Click 'Text file (*.txt)' • In the Save File dialog box which appears, click on Desktop. • In the File name: box type a name for your scan log. • A message box named 'File Saved' should appear stating "Your file has been successfully exported". • Click Ok • Attach that saved log to your next reply. (Copy to clipboard for pasting into forum replies or tickets) • After the restart once you are back at your desktop, open MBAM once more. • Click on the History tab > Application Logs. • Double click on the scan log which shows the Date and time of the scan just performed. • Click 'Copy to Clipboard' • Paste the contents of the clipboard into your reply. --- ESET Online Scanner Connect any existing external hard drives and / or other removable media. Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. If this program is already installed: Skip the installation and run only the scan! • Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan • Click the button. • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) • Click on to download the ESET Smart Installer. Save it to your desktop. • Double click on the icon on your desktop. • Check • Click the button. • Accept any security warnings from your browser. • Check • Make sure that the option "Remove found threats" is Unchecked • Push the Start button. • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. • When the scan completes, push • Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply. • Push the Back button. • Select Uninstall application on close check box and push --- How the computer is running now? --- Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #12 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 03 November 2014 - 11:29 PM Hi Jo, The computer is running okay, but seems to be slow to start up. There are some screen flickers, etc. It also says "Failed to add Cisco Clean Access Agent to toolbar" or something like that. I don't know that I actually need that program - I think it was something I had to install four or five years ago to access the internet at my university. And then I'm still getting something about AOL Spyware Zapper. As far as web browsing, it is a little slow to connect to our wireless, but that could be an issue with our provider. There are no signs of hijacked windows or strange popups. It's amazing! It took me a bit to understand the Java issue - I have my computer configured to alert me when there are updates for most things, including Java. It seems that because I am running Windows XP, which is no longer supported by Microsoft, that is an issue. I ultimately figured out that I have the 32 bit system and installed JRE 8 86 bit. I also uninstalled JRE 7. The downside is that JRE 8 might not work 100%. I updated my definitions for Malwarebytes and have pasted the log file below. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/3/2014 Scan Time: 6:26:32 PM Logfile: malwarebytes.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.03.11 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Sarah Beth Scan Type: Threat Scan Result: Completed Objects Scanned: 386453 Time Elapsed: 17 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Then I also downloaded Panda Antivirus Free 2015 - and it scanned and said it found and fixed one thing. I am unsure of what it is. Then I downloaded ESET and ran that as you recommended. The log file is below. I forgot to click uninstall before I closed the screen, so I went to add/remove programs and did it that way. C:\Documents and Settings\Sarah Beth\Local Settings\Temp\{36362198-559D-4AC3-89D6-02FE2E054705}.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined Lastly, I examined some of the things in my program list in add/remove and removed some of the "Dell bloatware" that came on the computer. I'm sure there are other programs I don't need...I could send you a list. I also wonder about the processes. At startup there are 70 running, and many things in the task bar. I'm afraid it eats up a lot of the processing power. Thank you so much for your help! ### #13 Jo* Jo* • Malware Response Team • 3,319 posts • OFFLINE • • Gender:Male • Location:Germany • Local time:04:05 PM Posted 04 November 2014 - 04:53 AM Hello sarahliz82, How do you stop Aol Spy Zapper??? http://www.pcadvisor.co.uk/forums/1/tech-helproom/283185/how-do-you-stop-aol-spy-zapper/ *** Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt start EmptyTemp: Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File end  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. *** FRST / FSRT64: run it again. • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File). • When the tool opens, click Yes to disclaimer. • Press the Scan button. • When finished, it will produce a log called FRST.txt in the same directory the tool was run from. • Please copy and paste the log in your next reply. *** Graduate of the WTT Classroom Cheers, Jo If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM. ### #14 sarahliz82 sarahliz82 • Topic Starter • Members • 24 posts • OFFLINE • • Gender:Female • Location:Alabama • Local time:08:05 AM Posted 04 November 2014 - 03:27 PM Hi Jo, I wasn't able to remove AOL Spy Zapper...the software must have changed since those forum posts. I think I have to get rid of AOL altogether. I never use it, but left it because there was no way to migrate my bookmarks out of it. Here are the logs you requested: 1) From fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014 Ran by Sarah Beth at 2014-11-04 10:02:04 Run:3 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start EmptyTemp: Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File end ***************** C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk => Moved successfully. C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found. EmptyTemp: => Removed 290.7 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== 2) From FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014 Ran by Sarah Beth (administrator) on SARAH on 04-11-2014 10:00:43 Running from C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools Loaded Profile: Sarah Beth (Available profiles: Sarah Beth & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (America Online) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Dropbox, Inc.) C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe () C:\Program Files\Common Files\AOL\1210693269\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe (America Online, Inc.) C:\Program Files\Common Files\AOL\1210693269\EE\aolsoftware.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Cisco Systems, Inc) C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-03-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-12-10] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-12-11] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2008-03-19] (SigmaTel, Inc.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( ) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1210693269\ee\AOLSoftware.exe [48280 2006-03-10] (America Online, Inc.) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online) HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-10] (SUPERAntiSpyware) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-3921006264-3626018158-3878670278-1006\...\MountPoints2: {792a120a-3b1c-11dd-9aaa-001644c3fdb1} - E:\LaunchU3.exe -a Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk ShortcutTarget: Clean Access Agent.lnk -> C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Sarah Beth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {A7D283BE-9607-418E-A1ED-5CC9ACDF2CC5} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131109&p={SearchTerms} SearchScopes: HKCU - {E89F31DC-2B82-4768-B63A-FBD20843F1AD} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Sarah Beth\Application Data\Mozilla\Firefox\Profiles\99p3ae73.default-1414469777031 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-01-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-08] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-12] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20] CHR Extension: (Add to Amazon Wish List) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-26] CHR Extension: (Pin It Button) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-26] CHR Extension: (Facebook - Delete All Messages) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-20] CHR Extension: (Kindle Cloud Reader) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-28] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2014-09-19] CHR Extension: (iCloud Dashboard) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2014-09-26] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-03] CHR Extension: (Google Wallet) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-07] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\SARAHB~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-24] CHR HKCU\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2014-10-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated) R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online) R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc) R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2008-03-19] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.) S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2012-09-10] (Apple Inc.) [File not signed] R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.) R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46464 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.) R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140688 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103312 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172432 2014-10-02] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114704 2014-10-02] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [124944 2014-10-02] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100496 2014-10-13] (Panda Security, S.L.) R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-19] (SigmaTel, Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2008-03-19] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\Program Files\Viewpoint 2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint 2014-11-03 22:04 - 2014-11-03 22:05 - 00000000 ____D () C:\WINDOWS\LastGood 2014-11-03 19:34 - 2014-11-03 22:01 - 00065536 _____ () C:\WINDOWS\system32\config\Nano.evt 2014-11-03 19:34 - 2014-11-03 19:34 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Panda Security 2014-11-03 19:34 - 2014-03-25 07:15 - 00048736 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys 2014-11-03 19:33 - 2014-11-03 19:34 - 00000000 ____D () C:\Program Files\Panda Security 2014-11-03 19:33 - 2014-11-03 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus 2014-11-03 19:29 - 2014-11-03 19:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security 2014-11-03 19:29 - 2014-11-03 19:29 - 01329312 _____ () C:\Documents and Settings\Sarah Beth\My Documents\PANDAFREEAV.exe 2014-11-03 18:23 - 2014-11-03 18:23 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-11-03 18:23 - 2014-11-03 18:23 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-11-03 18:23 - 2014-11-03 18:23 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-11-03 18:23 - 2014-11-03 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-11-03 18:22 - 2014-11-03 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle 2014-11-03 18:22 - 2014-11-03 18:22 - 00000000 ____D () C:\Program Files\Java 2014-11-03 18:08 - 2014-11-03 18:10 - 29727656 _____ (Oracle Corporation) C:\Documents and Settings\Sarah Beth\My Documents\jre-8u25-windows-i586.exe 2014-11-02 23:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-11-02 22:12 - 2014-11-02 23:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-10-28 20:36 - 2014-11-03 21:30 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Kindle Content 2014-10-28 20:36 - 2014-10-28 20:36 - 00001635 _____ () C:\Documents and Settings\Sarah Beth\Desktop\Kindle.lnk 2014-10-28 18:18 - 2014-10-28 18:46 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-28 18:18 - 2014-10-28 18:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-28 10:20 - 2014-10-28 10:20 - 00003248 _____ () C:\WINDOWS\system32\.crusader 2014-10-28 10:12 - 2014-10-28 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-10-27 20:34 - 2014-11-04 10:00 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Desktop\Computer Repair Tools 2014-10-27 20:16 - 2014-11-03 08:23 - 00000000 ____D () C:\AdwCleaner 2014-10-27 20:10 - 2014-11-04 10:00 - 00000000 ____D () C:\FRST 2014-10-27 20:10 - 2014-10-27 20:10 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-10-27 18:08 - 2014-11-03 14:15 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Temp 2014-10-27 18:08 - 2014-10-28 18:27 - 00001599 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Remote Assistance.lnk 2014-10-27 18:08 - 2014-10-27 18:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.SARAH\ntuser.ini 2014-10-27 18:08 - 2014-10-27 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Google 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 __SHD () C:\Documents and Settings\Administrator.SARAH\IETldCache 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\SUPERAntiSpyware.com 2014-10-27 18:08 - 2014-10-27 18:08 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH 2014-10-27 18:08 - 2013-06-28 11:09 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application DataGoogle 2014-10-27 18:08 - 2013-04-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Macromedia 2014-10-27 18:08 - 2008-05-13 09:46 - 00033416 _____ () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\My Documents\My Google Gadgets 2014-10-27 18:08 - 2008-05-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\AOL 2014-10-27 18:08 - 2008-05-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\You've Got Pictures Screensaver 2014-10-27 18:08 - 2008-05-13 09:41 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\America Online 2014-10-27 18:08 - 2008-05-13 09:37 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\Symantec 2014-10-27 18:08 - 2008-05-13 09:32 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\MediaDirect 2014-10-27 18:08 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\Adobe 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\BVRP Software 2014-10-27 18:08 - 2008-05-13 09:24 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Application Data\InstallShield 2014-10-27 18:08 - 2008-05-13 09:22 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2014-10-27 18:08 - 2008-05-13 09:10 - 00000000 ____D () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Dell Accessories 2014-10-27 18:08 - 2004-08-10 12:08 - 00000671 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Internet Explorer.lnk 2014-10-27 18:08 - 2004-08-10 12:08 - 00000642 _____ () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Outlook Express.lnk 2014-10-27 18:08 - 2004-08-10 12:02 - 00000000 ___RD () C:\Documents and Settings\Administrator.SARAH\Start Menu\Programs\Accessories 2014-10-26 11:52 - 2014-10-26 11:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 21:20 - 2014-10-29 18:08 - 00003018 _____ () C:\Documents and Settings\Sarah Beth\My Documents\Removing DRM.txt 2014-10-24 21:01 - 2014-10-24 21:01 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-24 21:00 - 2014-10-24 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management 2014-10-24 20:13 - 2014-10-28 20:36 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Start Menu\Programs\Amazon 2014-10-24 20:13 - 2014-10-24 20:13 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Amazon 2014-10-24 20:12 - 2014-10-28 20:35 - 00000000 ____D () C:\Program Files\Amazon 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\calibre 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\.AllDRMRemoval 2014-10-24 20:03 - 2014-10-24 20:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\AllDRMRemoval 2014-10-24 20:02 - 2014-10-24 20:06 - 00000000 ____D () C:\Program Files\Epubor 2014-10-24 19:43 - 2014-10-29 18:11 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v6.0.9 2014-10-24 12:28 - 2014-10-24 12:35 - 56419840 _____ () C:\Documents and Settings\Sarah Beth\My Documents\calibre-1.48.0.msi 2014-10-24 12:03 - 2014-10-24 12:03 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\tools_v5.5.3 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\HelpAssistant 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Guest 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\46dd58cc531bf18a 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo 2014-10-24 11:51 - 2014-10-24 11:51 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-10-24 11:50 - 2014-10-24 11:50 - 00000140 _____ () C:\Documents and Settings\Sarah Beth\Desktop.lnk 2014-10-13 14:04 - 2014-10-13 14:04 - 00140688 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys 2014-10-13 14:04 - 2014-10-13 14:04 - 00103312 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINFile.sys 2014-10-13 14:04 - 2014-10-13 14:04 - 00100496 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys 2014-10-10 10:25 - 2014-11-04 10:00 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2014-10-10 10:25 - 2014-10-10 10:25 - 00000000 ____D () C:\Program Files\My Dell 2014-10-09 21:06 - 2014-10-27 22:42 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Program Files\OverDrive Media Console 2014-10-09 21:06 - 2014-10-09 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:01 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Temp 2014-11-04 09:46 - 2004-08-10 12:02 - 01664749 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-04 09:46 - 2004-08-10 11:51 - 00000706 _____ () C:\WINDOWS\win.ini 2014-11-04 09:45 - 2013-04-04 16:50 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 09:21 - 2013-03-29 15:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-03 22:06 - 2009-12-28 22:52 - 00590949 _____ () C:\WINDOWS\setupapi.log 2014-11-03 22:05 - 2014-09-04 13:53 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Dropbox 2014-11-03 22:05 - 2014-09-02 11:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Dropbox 2014-11-03 22:04 - 2014-02-14 16:30 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 22:04 - 2013-04-27 22:42 - 00000000 ___RD () C:\Documents and Settings\Sarah Beth\My Documents\Google Drive 2014-11-03 22:04 - 2013-04-04 16:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-11-03 22:02 - 2014-03-15 19:32 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-11-03 22:02 - 2013-12-12 23:34 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 22:02 - 2013-04-04 16:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-03 22:02 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-03 22:02 - 2004-08-10 11:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-03 22:02 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-11-03 22:02 - 2004-08-10 11:57 - 00197752 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-03 22:01 - 2008-06-15 08:27 - 00000178 ___SH () C:\Documents and Settings\Sarah Beth\ntuser.ini 2014-11-03 22:01 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth 2014-11-03 22:01 - 2004-08-10 12:08 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-03 21:59 - 2013-12-12 22:34 - 00000000 ____D () C:\Program Files\real 2014-11-03 21:59 - 2013-12-12 22:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks 2014-11-03 21:59 - 2011-01-15 22:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real 2014-11-03 21:59 - 2009-01-12 13:55 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\Real 2014-11-03 21:59 - 2008-05-13 09:41 - 00000000 ____D () C:\Program Files\Common Files\Real 2014-11-03 21:51 - 2008-05-13 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell 2014-11-03 21:46 - 2008-05-13 09:24 - 00000000 ____D () C:\Program Files\Dell 2014-11-03 21:43 - 2008-05-13 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL 2014-11-03 21:32 - 2014-04-30 21:15 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\Calibre Library 2014-11-03 19:34 - 2008-06-15 08:27 - 00040648 _____ () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-11-03 18:52 - 2014-09-18 14:47 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-11-03 14:32 - 2004-08-10 11:57 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-03 14:18 - 2013-12-12 23:34 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-03 14:17 - 2013-11-02 15:52 - 00530744 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-11-03 14:11 - 2004-08-10 12:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp 2014-11-03 14:11 - 2004-08-10 11:57 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp 2014-11-03 08:23 - 2014-09-26 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-02 22:11 - 2014-09-18 14:47 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-02 11:04 - 2014-02-14 16:30 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3921006264-3626018158-3878670278-1006.job 2014-11-01 23:03 - 2008-05-13 09:06 - 00003703 _____ () C:\WINDOWS\setupact.log 2014-10-29 17:32 - 2008-06-19 21:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-10-29 16:50 - 2008-06-15 09:09 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-10-28 10:39 - 2008-06-15 14:49 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\U3 2014-10-28 10:23 - 2013-03-28 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 10:07 - 2013-03-28 21:17 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-28 10:07 - 2013-03-28 21:17 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-10-28 10:04 - 2014-05-05 23:24 - 00009290 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-10-28 10:04 - 2014-04-09 10:22 - 00163379 ____C () C:\WINDOWS\KB2936068-IE8.log 2014-10-27 21:50 - 2004-08-10 11:57 - 02258301 _____ () C:\WINDOWS\FaxSetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 01088982 _____ () C:\WINDOWS\ocgen.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00863912 _____ () C:\WINDOWS\tsoc.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00682398 _____ () C:\WINDOWS\comsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00413134 _____ () C:\WINDOWS\ntdtcsetup.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00354755 _____ () C:\WINDOWS\iis6.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112693 _____ () C:\WINDOWS\msgsocm.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00112182 _____ () C:\WINDOWS\ocmsn.log 2014-10-27 21:50 - 2004-08-10 11:57 - 00001943 _____ () C:\WINDOWS\imsins.log 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Program Files\Google 2014-10-27 16:57 - 2008-05-13 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-10-27 11:01 - 2008-06-15 15:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927\$
2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-26 11:52 - 2014-09-18 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 08:07 - 2014-04-30 21:17 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\calibre-cache
2014-10-24 20:32 - 2014-04-30 21:14 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\calibre
2014-10-24 13:02 - 2013-06-23 10:37 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\My Documents\My Media
2014-10-24 11:51 - 2008-06-15 08:27 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google
2014-10-22 09:03 - 2013-05-08 21:12 - 00000000 ____D () C:\Documents and Settings\Sarah Beth\Application Data\PCDr
2014-10-20 19:13 - 2013-07-13 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-20 18:58 - 2009-03-02 13:57 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-10 10:25 - 2013-05-08 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-10-10 10:25 - 2008-05-13 09:30 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-10-08 14:00 - 2014-03-15 19:32 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

Some content of TEMP:
====================
C:\Documents and Settings\Sarah Beth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbz13cn.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

### #15 Jo*

Jo*

• Malware Response Team
• 3,319 posts
• OFFLINE
•
• Gender:Male
• Location:Germany
• Local time:04:05 PM

Posted 04 November 2014 - 04:08 PM

Hello sarahliz82,

well done.

It Appears That Your Pc Is Now Clean!

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.

***

Clean up:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

start
EmptyTemp:
DeleteQuarantine:
end


Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

***

• Click on the Uninstall button.
• A window will open, press the Confirm button.

***

Clean up with delfix:
• Close all other programms and start delfix.
• Please check all the boxes and run the tool.
• delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***

Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
• Open Internet Explorer
• Click on Tools > Internet Options
• Press Security tab
• Select Internet zone then place check next to Enable Protected Mode if not already done
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
• Windows XP is no longer supported from MS.
This is a security risk anyway.
• Windows Vista / 7 users can update via
Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
• If you think you're using a "safe" P2P program, only the program is safe, not the data.
• You will share files from unsafe sources, and these may be infected.
• Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/

***