Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS and google keeps redirecting


  • This topic is locked This topic is locked
87 replies to this topic

#1 MicheleShreve11

MicheleShreve11

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 16 December 2014 - 11:55 PM

please help me to fix this problem.  I have been working with another group for the passed two days and have run about a dozen different steps to try and fix and have been directed to this group now.  I keep getting redirected to ad pages, upgrade a program or new pop ups when i click on something.  i am also getting ads in the middle of my pages and frequently they appear on top of the page.  I am also getting page unresponsive notices and an extremely slow computer now.  not sure what to do now

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by Michele at 23:31:39 on 2014-12-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.1301 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Users\Michele\AppData\Local\Viber\Viber.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
uSearch Page = www.google.com
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-sgm&type=20140220,145
uProxyOverride = <-loopback>
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coieplg.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Viber] "C:\Users\Michele\AppData\Local\Viber\Viber.exe" StartMinimized
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156} : NameServer = 31.168.224.107,5.135.12.53
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}\1425259435D264731423 : NameServer = 31.168.224.107,5.135.12.53
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}\1425259435D264731423 : DHCPNameServer = 75.76.84.102 75.76.84.103
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}\2656C6B696E6E2661323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}\2656C6B696E6E2661323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}\C496371624F624963716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{66E3C7DB-6491-4666-B9F2-3B401A4DFA14} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-18 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NSx64\1601000.009\symds64.sys [2014-12-11 490712]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NSx64\1601000.009\symefa64.sys [2014-12-11 1151704]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-10 1587416]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\1601000.009\ccsetx64.sys [2014-12-11 165080]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20141212.002\IDSviA64.sys [2014-12-12 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\1601000.009\ironx64.sys [2014-12-11 271576]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\1601000.009\symnets.sys [2014-12-11 565464]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\ns.exe [2014-12-11 282528]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-17 175168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-16 142640]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-18 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-5-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-5-18 181248]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2013-3-5 24264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-18 158976]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-15 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-15 63704]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-18 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-21 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-18 98208]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S4 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-15 1871160]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-15 969016]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2014-4-9 4357488]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-17 1692480]
S4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-17 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-16 17:03:56 -------- d-----w- C:\Program Files (x86)\ESET
2014-12-16 16:31:39 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-16 15:05:56 -------- d-----w- C:\Windows\ERUNT
2014-12-16 14:45:52 -------- d-----w- C:\AdwCleaner
2014-12-16 14:13:19 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5528326-91C0-4A25-ACE1-9A7510F8F0DD}\mpengine.dll
2014-12-15 21:03:53 135384 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-15 21:02:03 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-15 21:02:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-15 21:02:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-15 21:02:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-15 21:02:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-15 12:33:41 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-12 00:24:43 565464 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\symnets.sys
2014-12-12 00:24:42 490712 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\symds64.sys
2014-12-12 00:24:42 42200 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\srtspx64.sys
2014-12-12 00:24:42 23568 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\symelam.sys
2014-12-12 00:24:42 1151704 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\symefa64.sys
2014-12-12 00:24:41 914648 ----a-w- C:\Windows\System32\drivers\NSx64\1601000.009\srtsp64.sys
2014-12-12 00:24:41 271576 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\ironx64.sys
2014-12-12 00:24:41 165080 ----a-r- C:\Windows\System32\drivers\NSx64\1601000.009\ccsetx64.sys
2014-12-12 00:23:57 -------- d-----w- C:\Windows\System32\drivers\NSx64\1601000.009
2014-12-11 20:43:43 -------- d-----w- C:\NPE
2014-12-11 20:37:39 -------- d-----w- C:\Users\Michele\AppData\Local\NPE
2014-12-11 20:36:36 3981488 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-12-10 09:03:12 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFD2E009-6E4B-44C2-A448-19AC13C153DD}\gapaengine.dll
2014-12-10 08:44:23 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 08:09:40 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 08:09:39 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-09 20:33:22 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-09 20:33:21 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-09 20:33:21 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-09 20:33:21 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-09 20:33:21 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-09 20:33:20 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-09 20:33:20 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-09 20:33:20 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-09 20:30:49 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-09 00:50:33 -------- d-----w- C:\Users\Michele\AppData\Local\CrashDumps
2014-12-08 21:31:30 102616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-12-08 21:31:28 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-12-08 21:27:49 -------- d-----w- C:\Windows\System32\drivers\NSx64
2014-12-08 21:27:40 -------- d-----w- C:\Program Files (x86)\Norton Security
2014-12-03 19:48:12 -------- d-----w- C:\ProgramData\OEM Links
2014-12-03 19:48:12 -------- d-----w- C:\MININT
2014-12-03 19:37:15 -------- d-sh--w- C:\Users\Michele\AppData\Local\EmieBrowserModeList
2014-12-01 13:22:38 -------- d-----w- C:\Users\Michele\AppData\Local\Comodo
2014-12-01 13:18:05 -------- d-----w- C:\Program Files\010
2014-11-25 18:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 16:44:39 -------- d-----w- C:\Users\Michele\AppData\Local\ArcSoft
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-18 19:09:16 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 19:09:16 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 19:09:16 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 19:09:16 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
.
==================== Find3M  ====================
.
2014-12-11 20:37:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-11 20:37:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 23:33:40.96 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 22 December 2014 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560106 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:50 AM

Posted 23 December 2014 - 06:29 PM

:welcome:

 

Sorry for your problems, lets see if we can fix them, not sure what you have done before but lets start fresh, run these programs in order please and post the log from each one

 

 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #4 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 23 December 2014 - 11:38 PM

    Hi Ken, here are the logs from the three scans you had me run, I am adding them in order.

     

    Thanks bunches

    Michele

     

     

    # AdwCleaner v4.106 - Report created 23/12/2014 at 22:43:28
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Michele - LAPTOP
    # Running from : C:\Users\Michele\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
    File Deleted : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : ProPCCleaner_Start
    Task Deleted : ProPCCleaner_Popup
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\topBuyer.topBuyer
    Key Deleted : HKLM\SOFTWARE\Classes\topBuyer.topBuyer.4.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDE15BCA-9798-385E-AFE7-11B7E419482F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CDE15BCA-9798-385E-AFE7-11B7E419482F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CDE15BCA-9798-385E-AFE7-11B7E419482F}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
     
    -\\ Google Chrome v39.0.2171.71
     
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
     
    -\\ Comodo Dragon v
     
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
     
    *************************
     
    AdwCleaner[R0].txt - [11693 octets] - [16/12/2014 09:54:41]
    AdwCleaner[R1].txt - [2652 octets] - [23/12/2014 22:39:53]
    AdwCleaner[S0].txt - [12291 octets] - [16/12/2014 09:57:21]
    AdwCleaner[S1].txt - [2610 octets] - [23/12/2014 22:43:28]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2670 octets] ##########
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Michele on Tue 12/23/2014 at 22:56:35.88
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\Users\Michele\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Michele\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\Michele\AppData\Roaming\pcdr"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 12/23/2014 at 23:01:46.00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 12/23/2014
    Scan Time: 11:07:40 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2014.12.24.01
    Rootkit Database: v2014.12.23.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Michele
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 445891
    Time Elapsed: 25 min, 12 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 2
    PUP.Optional.UTop.A, C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [70311a4c413b989ecb8c6dedd92a02fe], 
    PUP.Optional.UTop.A, C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [e4bd5412f389c373084f1b3fa65dd42c], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #5 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 06:43 AM

    Good Morning

     

    Nice job, thanks for the logs.

     

    Run this scanner and lets see if there is anything else going on, it will create two logs , FRST and Additions, post them both please, it looks like you will need to download and install the 64bit version, download FRST64 to your desktop

     

     

    Please download Farbar Recovery Scan Tool and save it to your DESKTOP
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #6 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 24 December 2014 - 09:32 AM

    Thanks Ken, here is the next thing you asked for

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
    Ran by Michele at 2014-12-24 09:27:57
    Running from C:\Users\Michele\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
    Dell MusicStage (HKLM-x32\...\{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}) (Version: 1.3.31.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
    Dell SonicWALL NetExtender (HKLM-x32\...\{EF06A6A8-6B81-4A09-8223-789953972FFF}) (Version: 7.0.196 - Dell)
    Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.218 - ALPS ELECTRIC CO., LTD.)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}) (Version: 1.0.1.0489 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
    Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\...\SkyDriveSetup.exe) (Version: 16.4.6003.0710 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
    Viber (HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Phone app for desktop (HKLM-x32\...\{E786AE85-8A30-4CF2-BF70-57404A5CD684}) (Version: 1.0.1720.1 - Microsoft Corporation)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-3180417983-2728814020-2563858775-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Michele\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3180417983-2728814020-2563858775-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Michele\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3180417983-2728814020-2563858775-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Michele\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3180417983-2728814020-2563858775-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Michele\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\FileSyncApi64.dll (Microsoft Corporation)
     
    ==================== Restore Points  =========================
     
    11-12-2014 15:53:08 Norton_Power_Eraser_20141211155304735
    13-12-2014 03:00:47 Windows Update
    14-12-2014 03:00:34 Windows Update
    14-12-2014 22:43:46 Windows Backup
    16-12-2014 16:53:24 Installed Microsoft Fix it 50267
    17-12-2014 13:56:45 Windows Update
    18-12-2014 03:01:24 Windows Update
    22-12-2014 10:17:33 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {074251BA-6FFD-4723-B65F-EBAE0718C9A3} - System32\Tasks\{63F8DC80-B357-4B9C-88C0-0FA19AB9C251} => pcalua.exe -a "C:\Users\Michele\Downloads\Setup.X86.en-us_O365HomePremRetail_ec96ea58-feff-40e8-98fd-24cce7e37a69_TX_PR_ (4).exe" -d C:\Users\Michele\Downloads
    Task: {19674D1A-F8C7-47DE-B2EF-B1B2F4CA669D} - System32\Tasks\{5E1E29D4-A94A-4866-B710-D66B2087C77D} => pcalua.exe -a "C:\Users\Michele\Downloads\Setup.X86.en-us_O365HomePremRetail_ec96ea58-feff-40e8-98fd-24cce7e37a69_TX_PR_ (3).exe" -d C:\Users\Michele\Downloads
    Task: {3436E205-8334-40C8-A500-11AFFFF9C5C0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {446F1AF8-07A3-44A1-B357-D30F6D93658F} - System32\Tasks\Norton Security Scan for Michele => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
    Task: {63CDB91B-8524-4507-8B98-E9EBFA595C6E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {64C58DB7-8E10-4967-8582-339C39387FB0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {6D60B49E-0589-403D-BA37-12672FC3A407} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
    Task: {787F8B47-E8A6-4E6E-8B7F-6DDB42BDA4B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
    Task: {9532FE98-624F-4D49-8A67-6AF0923900F5} - System32\Tasks\{B230AEDF-3FA1-41AA-A267-D2B41CE7F817} => pcalua.exe -a C:\Users\Michele\Downloads\PdaNetW20.exe -d C:\Users\Michele\Downloads
    Task: {9728D83F-7781-4DE6-BA6D-DEC5227360BE} - System32\Tasks\{7ACBF258-0077-4C84-BE3E-3E5C2A472706} => pcalua.exe -a "C:\Users\Michele\Downloads\Setup.X86.en-US_O365HomePremRetail_ec96ea58-feff-40e8-98fd-24cce7e37a69_TX_PR_ (5).exe" -d C:\Users\Michele\Downloads
    Task: {A1AB9857-C7A5-413F-9C31-366194029819} - System32\Tasks\{2D26E87F-DFFA-4E2D-8A9B-F86C967F2549} => pcalua.exe -a "C:\Users\Michele\Downloads\Setup.X86.en-US_O365HomePremRetail_ec96ea58-feff-40e8-98fd-24cce7e37a69_TX_PR_ (7).exe" -d C:\Users\Michele\Downloads
    Task: {AC1C5D52-F3AD-48F3-AEE1-4C5D8E79C3B2} - System32\Tasks\{00CB9692-4B25-4B10-A69F-41FE92F0B781} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {AF9D26D0-09CB-41BC-B9C9-A81123CAA222} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {CDC9F414-45BB-4DF6-A682-C1FFB2335BB1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {D59B2A98-72F0-4383-8F3F-F04EC4177386} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d10cf61eaaf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d10cf61eaaf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Norton Security Scan for Michele.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-07-03 17:02 - 2009-10-16 17:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
    2011-05-18 01:56 - 2010-11-28 23:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2014-02-20 16:53 - 2014-02-07 08:23 - 00936456 _____ () C:\Users\Michele\AppData\Local\Viber\Viber.exe
    2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2011-05-17 23:42 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2014-09-22 22:00 - 2014-09-22 22:00 - 43532288 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\libViber.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00770048 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00098304 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\qfacebook.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00172032 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\libexif.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00049152 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\libEGL.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00876544 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00024576 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00024576 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00204800 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00221184 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00016384 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00016384 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00311296 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00016384 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00638976 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll
    2014-09-22 22:00 - 2014-09-22 22:00 - 00032768 _____ () C:\Users\Michele\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-12-03 16:19 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
    2014-12-03 16:19 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
    2014-12-03 16:19 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
    2014-12-03 16:19 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
    2014-12-03 16:19 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-3180417983-2728814020-2563858775-500 - Administrator - Disabled)
    Guest (S-1-5-21-3180417983-2728814020-2563858775-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3180417983-2728814020-2563858775-1002 - Limited - Enabled)
    Michele (S-1-5-21-3180417983-2728814020-2563858775-1001 - Administrator - Enabled) => C:\Users\Michele
     
    ==================== Faulty Device Manager Devices =============
     
    Name: MpKsl63f6054e
    Description: MpKsl63f6054e
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: MpKsl63f6054e
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/24/2014 09:03:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 24.12.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 11f0
     
    Start Time: 01d01f81b93ee13b
     
    Termination Time: 2
     
    Application Path: C:\Users\Michele\Downloads\FRST64.exe
     
    Report Id:
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8241767
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8241767
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8240768
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8240768
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8239770
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8239770
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    System errors:
    =============
    Error: (12/24/2014 09:12:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Apple Mobile Device service failed to start due to the following error: 
    %%1053
     
    Error: (12/24/2014 09:12:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
     
    Error: (12/24/2014 09:11:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
     
    Error: (12/24/2014 06:22:59 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/24/2014 09:03:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: FRST64.exe24.12.2014.011f001d01f81b93ee13b2C:\Users\Michele\Downloads\FRST64.exe
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8241767
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8241767
     
    Error: (12/24/2014 08:41:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8240768
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8240768
     
    Error: (12/24/2014 08:41:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8239770
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8239770
     
    Error: (12/24/2014 08:40:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-16 08:58:01.908
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-16 08:58:01.830
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-16 08:58:01.734
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-15 16:10:36.594
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-15 16:10:36.515
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-15 16:10:36.429
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-11 01:33:08.982
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-12-11 01:31:15.136
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-11-12 04:01:01.526
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-11-12 04:01:01.431
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
    Percentage of memory in use: 55%
    Total physical RAM: 4010.17 MB
    Available physical RAM: 1787.21 MB
    Total Pagefile: 8018.52 MB
    Available Pagefile: 5192.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:384.78 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
    Ran by Michele (administrator) on LAPTOP on 24-12-2014 09:26:36
    Running from C:\Users\Michele\Downloads
    Loaded Profile: Michele (Available profiles: Michele)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    () C:\Users\Michele\AppData\Local\Viber\Viber.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    ( ) C:\Windows\System32\lxdxcoms.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1285632 2013-03-05] (Dell)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [mcpltui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
    HKLM-x32\...\Run: [(default)] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\...\Run: [Viber] => C:\Users\Michele\AppData\Local\Viber\Viber.exe [936456 2014-02-07] ()
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\...\RunOnce: [Adobe Speed Launcher] => 1419430313
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-sgm&type=20140220,145
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/
    SearchScopes: HKLM -> {CB600E8A-987B-4D5D-95AC-1FA41A6713A2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
    BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{4543DCA7-8E7F-4998-BFA4-C60004BD5156}: [NameServer] 31.168.224.107,5.135.12.53
     
    FireFox:
    ========
    FF ProfilePath: user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
    user_pref("toolkit.startup.recent_crashes", 0);
     
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
     
    Chrome: 
    =======
    CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://www.yahoomail.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    CHR Profile: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
    CHR Extension: (Ella Moss) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk [2014-12-08]
    CHR Extension: (Google Wallet) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
    R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
    R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
    R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [581632 2013-03-05] (Dell)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2013-03-05] (SonicWALL Inc.)
    S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
    S1 MpKsl63f6054e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{560E1448-9DB4-4C73-BC05-6BBF2FAF10F1}\MpKsl63f6054e.sys [X]
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-24 09:26 - 2014-12-24 09:27 - 00021661 _____ () C:\Users\Michele\Downloads\FRST.txt
    2014-12-24 09:25 - 2014-12-24 09:26 - 02122240 _____ (Farbar) C:\Users\Michele\Downloads\FRST64.exe
    2014-12-24 08:59 - 2014-12-24 09:26 - 00000000 ____D () C:\FRST
    2014-12-23 22:54 - 2014-12-23 22:55 - 01707646 _____ (Thisisu) C:\Users\Michele\Downloads\JRT (1).exe
    2014-12-23 22:34 - 2014-12-23 22:36 - 02173952 _____ () C:\Users\Michele\Downloads\AdwCleaner.exe
    2014-12-17 19:30 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-17 19:30 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-16 23:29 - 2014-12-16 23:30 - 00688992 ____R (Swearware) C:\Users\Michele\Downloads\dds.com
    2014-12-16 22:05 - 2014-12-16 22:05 - 05198336 _____ (AVAST Software) C:\Users\Michele\Downloads\aswmbr.exe
    2014-12-16 18:04 - 2014-12-16 18:04 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL.001
    2014-12-16 16:52 - 2014-12-16 16:53 - 00991232 _____ () C:\Users\Michele\Downloads\MicrosoftFixit50267.msi
    2014-12-16 15:30 - 2014-12-16 15:30 - 782426816 _____ () C:\Windows\MEMORY.DMP
    2014-12-16 15:30 - 2014-12-16 15:30 - 00266728 _____ () C:\Windows\Minidump\121614-84661-01.dmp
    2014-12-16 12:03 - 2014-12-16 12:03 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-12-16 11:31 - 2014-12-16 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-16 11:30 - 2014-12-16 20:03 - 00000000 ____D () C:\Users\Michele\Desktop\mbar
    2014-12-16 11:29 - 2014-12-16 11:29 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Michele\Desktop\mbar-1.08.2.1001.exe
    2014-12-16 11:24 - 2014-12-16 11:25 - 00448512 _____ (OldTimer Tools) C:\Users\Michele\Desktop\TFC.exe
    2014-12-16 10:05 - 2014-12-16 10:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-16 09:45 - 2014-12-23 22:43 - 00000000 ____D () C:\AdwCleaner
    2014-12-16 09:36 - 2014-12-16 09:36 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Michele\Downloads\rkill (1)64-7780.com
    2014-12-16 09:31 - 2014-12-16 09:31 - 02166272 _____ () C:\Users\Michele\Downloads\adwcleaner_4.105.exe
    2014-12-16 09:23 - 2014-12-16 09:24 - 01707646 _____ (Thisisu) C:\Users\Michele\Downloads\JRT.exe
    2014-12-16 09:22 - 2014-12-16 09:23 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Michele\Downloads\rkill (1).com
    2014-12-16 08:58 - 2014-12-16 08:59 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Michele\Downloads\rkill.com
    2014-12-15 16:03 - 2014-12-24 09:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-15 16:02 - 2014-12-17 08:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-15 16:02 - 2014-12-16 19:31 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-15 16:02 - 2014-12-15 16:02 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-15 16:02 - 2014-12-15 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-15 16:02 - 2014-12-15 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-15 16:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-15 16:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-15 15:59 - 2014-12-15 15:59 - 00852505 _____ () C:\Users\Michele\Downloads\SecurityCheck.exe
    2014-12-15 15:57 - 2014-12-15 15:59 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michele\Downloads\mbam-setup-2.0.4.1028.exe
    2014-12-15 15:57 - 2014-12-15 15:57 - 00023746 _____ () C:\Users\Michele\Downloads\Result.txt
    2014-12-15 15:52 - 2014-12-15 15:54 - 00401920 _____ (Farbar) C:\Users\Michele\Downloads\MiniToolBox.exe
    2014-12-11 15:43 - 2014-12-11 15:43 - 00000000 ____D () C:\NPE
    2014-12-11 15:37 - 2014-12-11 15:59 - 00000000 ____D () C:\Users\Michele\AppData\Local\NPE
    2014-12-11 15:36 - 2014-12-11 15:36 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2014-12-11 14:21 - 2014-12-11 14:21 - 00020528 _____ () C:\Users\Michele\Downloads\Shreve Expense Report.xlsx
    2014-12-10 03:44 - 2014-12-10 03:44 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 03:09 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 03:09 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-09 15:33 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-09 15:33 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-09 15:33 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-09 15:32 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-09 15:32 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-09 15:32 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-09 15:32 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-09 15:32 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-09 15:32 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-09 15:32 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-09 15:32 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-09 15:32 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-09 15:32 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-09 15:32 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-09 15:32 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-09 15:32 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-09 15:32 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-09 15:32 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-09 15:32 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-09 15:32 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-09 15:32 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-09 15:32 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-09 15:32 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-09 15:32 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-09 15:32 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-09 15:32 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-09 15:32 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-09 15:32 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-09 15:32 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-09 15:32 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-09 15:32 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-09 15:32 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-09 15:32 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-09 15:32 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-09 15:32 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-09 15:32 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-09 15:32 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-09 15:32 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-09 15:32 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-09 15:32 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-09 15:32 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-09 15:32 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-09 15:32 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-09 15:32 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-09 15:32 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-09 15:32 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-09 15:32 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-09 15:32 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-09 15:32 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-09 15:32 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-09 15:32 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-09 15:32 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-09 15:32 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-09 15:32 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-09 15:32 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-09 15:32 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-09 15:32 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-09 15:32 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-09 15:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-09 15:32 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-09 15:30 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-09 15:30 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-09 15:30 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-09 15:30 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-09 15:30 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-09 15:30 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-09 15:30 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-09 15:30 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-09 15:30 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-09 15:30 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-09 15:30 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-09 15:30 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-09 15:30 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-09 15:30 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-08 20:14 - 2014-12-08 20:15 - 32507072 _____ (Microsoft Corporation) C:\Users\Michele\Downloads\Windows-KB890830-x64-V5.18 (1).exe
    2014-12-08 20:13 - 2014-12-08 20:14 - 32507072 _____ (Microsoft Corporation) C:\Users\Michele\Downloads\Windows-KB890830-x64-V5.18.exe
    2014-12-08 19:50 - 2014-12-16 09:44 - 00000000 ____D () C:\Users\Michele\AppData\Local\CrashDumps
    2014-12-08 16:25 - 2014-12-08 16:26 - 124062480 ____N (Symantec Corporation) C:\Users\Michele\Downloads\NS_22.0.2_2363_SYMTB_PROMO_4_MRFTT_BB010_11431-EN-US.exe
    2014-12-04 17:33 - 2014-12-04 17:33 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-12-04 17:33 - 2014-12-04 17:33 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL.000
    2014-12-03 16:19 - 2014-12-03 16:19 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-03 16:19 - 2014-12-03 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL
    2014-12-03 14:55 - 2014-12-03 14:55 - 00000000 ____D () C:\Users\DefaultAppPool
    2014-12-03 14:48 - 2014-12-03 14:48 - 00000000 ____D () C:\MININT
    2014-12-03 14:37 - 2014-12-03 14:37 - 00000000 __SHD () C:\Users\Michele\AppData\Local\EmieBrowserModeList
    2014-12-03 14:01 - 2014-12-03 14:02 - 00880784 _____ (Google Inc.) C:\Users\Michele\Downloads\ChromeSetup (4).exe
    2014-12-02 01:55 - 2014-12-02 01:55 - 00184800 _____ () C:\Windows\SysWOW64\XMLOperations.xml
    2014-12-01 23:31 - 2014-12-01 23:31 - 00880784 _____ (Google Inc.) C:\Users\Michele\Downloads\ChromeSetup (3).exe
    2014-12-01 21:49 - 2014-12-01 21:49 - 00880784 _____ (Google Inc.) C:\Users\Michele\Downloads\ChromeSetup (2).exe
    2014-12-01 16:52 - 2014-12-01 16:52 - 00880784 _____ (Google Inc.) C:\Users\Michele\Downloads\ChromeSetup (1).exe
    2014-12-01 08:23 - 2014-12-01 08:23 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Michele\AppData\Local\Comodo
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Guest
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-12-01 08:22 - 2014-12-01 08:22 - 00000000 ____D () C:\Users\Administrator
    2014-12-01 08:18 - 2014-12-08 16:51 - 00000000 ____D () C:\Program Files\010
    2014-11-24 11:44 - 2014-11-24 11:44 - 00000000 ____D () C:\Users\Michele\AppData\Local\ArcSoft
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-24 09:20 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-24 09:20 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-24 09:17 - 2009-07-14 00:10 - 01379853 _____ () C:\Windows\WindowsUpdate.log
    2014-12-24 09:15 - 2014-01-23 19:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-12-24 09:14 - 2014-02-20 16:53 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\ViberPC
    2014-12-24 09:13 - 2014-02-20 16:47 - 00000000 ____D () C:\Users\Michele\AppData\Local\Viber
    2014-12-24 09:13 - 2011-05-18 00:15 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-12-24 09:13 - 2011-05-18 00:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-12-24 09:13 - 2011-05-18 00:05 - 00000000 ____D () C:\ProgramData\Sonic
    2014-12-24 09:13 - 2011-05-17 23:42 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-12-24 09:11 - 2014-06-21 00:22 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d10cf61eaaf.job
    2014-12-24 09:11 - 2013-05-10 09:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-24 09:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-24 09:11 - 2009-07-13 23:51 - 00046159 _____ () C:\Windows\setupact.log
    2014-12-24 09:10 - 2014-02-20 16:57 - 00000000 ____D () C:\ProgramData\Norton
    2014-12-24 09:10 - 2011-05-18 01:16 - 00978234 _____ () C:\Windows\PFRO.log
    2014-12-24 08:41 - 2012-04-12 06:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-23 22:13 - 2013-05-24 20:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2014-12-23 00:06 - 2011-05-17 23:59 - 00000000 ____D () C:\Windows\en
    2014-12-23 00:06 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
    2014-12-22 10:54 - 2014-02-20 16:58 - 00000456 ____H () C:\Windows\Tasks\Norton Security Scan for Michele.job
    2014-12-22 02:22 - 2014-10-18 23:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-12-21 23:44 - 2009-07-14 00:13 - 00867462 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-20 09:50 - 2011-05-17 23:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-12-19 23:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-17 07:59 - 2014-07-23 22:03 - 00000000 ____D () C:\Windows\pss
    2014-12-16 15:30 - 2013-11-09 15:48 - 00000000 ____D () C:\Windows\Minidump
    2014-12-16 10:27 - 2011-09-22 18:00 - 00000000 ____D () C:\Users\Michele\Desktop\My Stuff
    2014-12-16 09:57 - 2014-02-20 16:52 - 00000994 _____ () C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
    2014-12-15 17:35 - 2014-08-25 15:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-15 17:35 - 2014-08-25 15:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-14 03:04 - 2014-08-25 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-11 16:26 - 2011-08-05 17:35 - 00001379 _____ () C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-12-11 15:37 - 2012-04-12 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-11 15:37 - 2012-04-12 06:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-11 15:37 - 2011-10-18 20:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-10 04:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 03:44 - 2014-05-01 08:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 03:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-10 03:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 03:25 - 2011-08-05 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 03:21 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 03:13 - 2011-08-05 18:01 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-03 16:18 - 2013-05-10 09:25 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-12-03 15:03 - 2009-07-13 23:45 - 00498128 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-03 14:48 - 2011-08-05 17:31 - 00130424 _____ () C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-03 14:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2014-12-03 14:48 - 2009-07-13 21:34 - 00000867 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    2014-12-03 14:36 - 2011-05-17 23:27 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-12-01 16:54 - 2014-06-21 00:22 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8d10cf61eaaf
    2014-12-01 16:54 - 2013-05-10 09:25 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-12-01 08:22 - 2011-08-05 17:46 - 00000000 ____D () C:\Users\Michele\AppData\Local\Google
    2014-11-24 15:54 - 2013-04-24 13:10 - 00000000 ____D () C:\Users\Michele\Desktop\Mercy Ships_files
     
    Some content of TEMP:
    ====================
    C:\Users\Michele\AppData\Local\Temp\Quarantine.exe
    C:\Users\Michele\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-12-15 07:26
     
    ==================== End Of Log ============================
     
     
     
    Thank you so much, Merry Christmas
    Michele


    #7 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 10:25 AM

    Same to you Michelle and all your family

     

    Not really to much going on that I see as bad, lets do this

     

    You have FRST running from your downloads folder, I am going to attach a Fixlist file, you need to download it to the same directory as you have FRST or the fix wont work, after you download it, open up FRST and click on FIX, it will reboot your system and leave a FIXLOG in your downloads folder, post it please

     

    I see a few tasks running to install Microsoft Office, are you still having problems with that ?

     

    After the fix let me know how your system is behaving ??

    Attached Files


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #8 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 24 December 2014 - 11:12 AM

    Ok, I downloaded the file to my desktop, I am not sure what you mean by directory.  I have run the fix and attached the log for you.  

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
    Ran by Michele at 2014-12-24 10:54:16 Run:1
    Running from C:\Users\Michele\Downloads
    Loaded Profile: Michele (Available profiles: Michele)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    2014-12-03 14:48 - 2009-07-13 21:34 - 00000867 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************
     
    Processes closed successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-3180417983-2728814020-2563858775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
    HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
    C:\Windows\system32\Drivers\etc\hosts.old => Moved successfully.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 597.4 MB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog 10:54:50 ====
     
    I am still getting ads in the middle of my pages.  And the computer is running slow still.  For example, while I am replying to you, this page is still loading fully.  It takes a long time for a new page to load.  It does appear that at this moment that the pop up redirected ads have stopped with this last fix.  I was still getting the install until now at least.
     
    I so just don't understand all this, so I am thankful for you guys


    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 11:43 AM

    Lets try a few more things and see if it helps

     

    Lets set all your browsers back to Manufactures defaults

     

    •  
    • Open IE
    • Go to Tools> Internet Options > Advanced Tab
    • Reset Internet Explorer Setting
    • Reset
    • This will take a few seconds
    • Close IE and then reopen it and see if it helped
     
     
     
     
    •  
    • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
    • Select Settings.
    • Scroll down to Show advanced settings...
    • Down on the bottom you will see an option for RESET BROWSER SETTINGS
    • Click on it and it will set Chome back to defaults
     
     
     
     
    •  
    • Open Firefox
    • Click on Help > Troubleshooting Information > Reset Firefox to its default state
     

     

     


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 24 December 2014 - 11:57 AM

    Ok, so I do not have firefox, but I did all the others.  It seems to be some faster, but I am still getting ads by cloudscott in my pages. I have not gotten any of the Microsoft things anymore.

     

    thanks

    Michele 



    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 12:09 PM

     

    Download AVAST BROWSER CLEANUP to your desktop
     
  • There is nothing to  install, just right click on it and Run As Adminstrator
  • When its finished scanning it will list Browser Add ONs
  • If if finds CloudScott or any other bogus toolbars
  • Just high light them and select REMOVE
  • Click on the ? on the left and click on Log
  • You can copy and paste the log back in this forum for me to see
  • Close out the program
  • Reboot your system and test your browsers
  •  

    Edited by ken545, 24 December 2014 - 12:10 PM.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 12:15 PM

    Spelled it wrong it should be CloudScout


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 24 December 2014 - 12:55 PM

    It did not find cloudscot, but found another add on, I removed it and I am still getting ads, by deal finder and cloudscot.   the computer is better, still not the way it was, but it is better.  I guess it is just never going to be the way it was.  I have only gotten page unresponsive once since we did the first thing you had me do today, so that is good

     

    24.12.2014 12:17:17 (TID: 5724)
    ProductVersion: 9.0.0.224
    Mozilla Firefox Browser
    Mozilla Firefox Warning: Failed to find install path
    Google Chrome Browser
    Version: 39.0.2171.71
    Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Profile Path: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\
    Google Chrome Profiles
    Name: Default Path: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default
    Opera Browser
    Opera Warning: Failed to find install path
    Apple Safari Browser
    Apple Safari Warning: Failed to access Safari
    Google Chrome
    Extensions
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
    Microsoft IE
    Extensions
    ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
    ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
    ID: {27b4851a-3207-45a2-b947-be8afe6163ab} Name: McAfee Phishing Filter
    ID: {898ea8c8-e7ff-479b-8935-aec46303b9e5} Name: Skype Click to Call settings
    ID: {9030d464-4c02-4abf-8ecc-5164760863c6} Name: Windows Live ID Sign-in Helper
    ID: {9fdde16b-836f-4806-ab1f-1455cbeff289} Name: Windows Live Messenger Companion Helper
    ID: {b4f3a835-0e21-4959-ba22-42b3008e02ff} Name: Office Document Cache Handler
    Homepages
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
    Homepages
    Search Engines
    BCURequest:
    os_language : en-us
    location: en-us
    osType: 6.1
    browser: chrome is_default: 1
    browser: iexplorer is_default: 0
    id: {18df081c-e8ad-4283-a596-fa578c2ebdc3} name: Adobe PDF Link Helper
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} name: HTML Document
    id: {27b4851a-3207-45a2-b947-be8afe6163ab} name: McAfee Phishing Filter
    id: {898ea8c8-e7ff-479b-8935-aec46303b9e5} name: Skype Click to Call settings
    id: {9030d464-4c02-4abf-8ecc-5164760863c6} name: Windows Live ID Sign-in Helper
    id: {9fdde16b-836f-4806-ab1f-1455cbeff289} name: Windows Live Messenger Companion Helper
    id: {b4f3a835-0e21-4959-ba22-42b3008e02ff} name: Office Document Cache Handler
    BCUResponse:
    Browser: chrome provider_modified: 0
    Browser: iexplorer provider_modified: 0
    id: {18df081c-e8ad-4283-a596-fa578c2ebdc3} intarnal_id: 8000 rating: 5
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} intarnal_id: 5200 rating: 3
    id: {27b4851a-3207-45a2-b947-be8afe6163ab} intarnal_id: 8000 rating: 5
    id: {898ea8c8-e7ff-479b-8935-aec46303b9e5} intarnal_id: 5000 rating: 3
    id: {9030d464-4c02-4abf-8ecc-5164760863c6} intarnal_id: 5200 rating: 5
    id: {9fdde16b-836f-4806-ab1f-1455cbeff289} intarnal_id: 5200 rating: 5
    id: {b4f3a835-0e21-4959-ba22-42b3008e02ff} intarnal_id: 5200 rating: 5
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "enables the download, installation, and enforcement of digital licenses for microsoft office applications. these applications require this service for proper operation. it is strongly recommended that you keep this service enabled.",
          "DisplayName" : "office software protection platform",
          "FileInfo" : {
             "Path" : "\"c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppsvc.exe\"",
             "md5" : ""
          },
          "Name" : "osppsvc"
       }
    }
    Detected a potential browser protector:94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C {
       "Services" : {
          "Description" : "",
          "DisplayName" : "andrea rt filters service",
          "FileInfo" : {
             "Co


    #14 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:50 AM

    Posted 24 December 2014 - 01:03 PM

    Dont give up young lady, been at this for many years and have not lost one yet

     

     

    Lets run AdwCleaner again, it may have missed removing some of this, I am posting the entire thing in case you need to redownload it

     

     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
    •  
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
     

     

     

    Then

    Open up FRST and copy and paste this in CloudScout, then click on Search Files, then do the same thing again, this time Search Registry and post both logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #15 MicheleShreve11

    MicheleShreve11
    • Topic Starter

    • Members
    • 54 posts
    • OFFLINE
    •  
    • Local time:02:50 AM

    Posted 24 December 2014 - 03:03 PM

    I am not giving up, just a little stressed over it all.  I do not know anything about computers so it makes it hard.  and I am leaving for Madagascar for a year and would like to be able to have a working computer.  I did notice when I started the FRST both times, it had a not responding for a couple seconds.  Also, I got a notice from Malwarebyte saying it blocked a malicious website from starting, but it did not give me an option to see details

     

     

    Farbar Recovery Scan Tool (x64) Version: 24-12-2014
    Ran by Michele at 2014-12-24 14:54:07
    Running from C:\Users\Michele\Downloads
    Boot Mode: Normal
     
    ================== Search Files: "cloudscout" =============
     
    ====== End Of Search ======
     
    Farbar Recovery Scan Tool (x64) Version: 24-12-2014
    Ran by Michele at 2014-12-24 15:01:29
    Running from C:\Users\Michele\Downloads
    Boot Mode: Normal
     
    ================== Search Registry: "cloudscout" ===========
     
     
    ====== End Of Search ======
     
     
    # AdwCleaner v4.106 - Report created 24/12/2014 at 14:40:39
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Michele - LAPTOP
    # Running from : C:\Users\Michele\Downloads\AdwCleaner (1).exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Deleted : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
     
    -\\ Comodo Dragon v
     
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
     
    *************************
     
    AdwCleaner[R0].txt - [11693 octets] - [16/12/2014 09:54:41]
    AdwCleaner[R1].txt - [2652 octets] - [23/12/2014 22:39:53]
    AdwCleaner[R2].txt - [1791 octets] - [24/12/2014 14:38:42]
    AdwCleaner[S0].txt - [12291 octets] - [16/12/2014 09:57:21]
    AdwCleaner[S1].txt - [2762 octets] - [23/12/2014 22:43:28]
    AdwCleaner[S2].txt - [2232 octets] - [24/12/2014 14:40:39]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2292 octets] ##########
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users