Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware is making my life difficult [Solved]

Windows7 Laptop Trojan

  • This topic is locked This topic is locked
35 replies to this topic

#1 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 06 November 2014 - 08:57 PM

My sad tale started several days ago. 

 

First of all, McAfee informed me that I had a Trojan, and told me to shut down so it could complete the work, which I did.

 

Then, I began experiencing problems with my computer, while using IE Explorer to access the internet.

  • Changed Security Settings and would not allow me to download files,
  • changed my "homepage" from Yahoo to "blank."

McAfee also started running unscheduled scans that never completed.

At the same time, I noticed so many processes running that my CPU was up to 100%, and I basically couldn't move.

 

I didn't remember the name of this site, was stuck, and took it to a guy who "fixed" it.  I picked it up yesterday, and today it started doing the same thing.   He was able to reset my security settings and install Malwarebytes, so I ran that immediately,

and it found  "3 objects."  These were

  • Trojan.joblaunch.odb:   ncnpx.dll  and usuksju.dll
  • Trojan.Proxy.Bunitn      bckmao.dll

Additionally, I note from the Malwarebytes logs that he ran, that Trojan.Ransom.ED (4wem.dll) was also removed two days ago.

 

I was unable to complete running of ASWmbr because it found two problems and froze.  I've attached the file to the point where I stopped it.

 

Also attached are files:  FRST and addition.

 

Your techs have always come through for me in the past.  I really appreciate your help.  Thank you. :clap:

Attached Files


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2014 - 08:44 PM

Hi SusanT,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProceses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\Run: [bcikmao] => rundll32 "C:\Users\RevSusan\AppData\Local\bcikmao.dll",bcikmao <===== ATTENTION
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\Run: [OilxaBqane] => regsvr32.exe "C:\ProgramData\OilxaBqane\OilxaBqane.dat"
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
2014-11-06 11:14 - 2014-11-06 11:14 - 00000000 ____D () C:\ProgramData\YesmeZehag
2014-11-06 11:14 - 2014-11-06 11:14 - 00000000 ____D () C:\ProgramData\OilxaBqane
2014-10-30 14:54 - 2014-10-30 14:54 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\gggrdik.dll
2014-10-30 14:54 - 2014-10-30 14:54 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\acosjca.dll
2014-10-28 16:15 - 2014-10-28 16:15 - 00000082 _____ () C:\Users\RevSusan\AppData\Roaming\9cbbab17
2014-10-28 16:15 - 2014-10-28 16:15 - 00000010 _____ () C:\Users\RevSusan\AppData\Roaming\9cbbab18
2014-10-18 18:03 - 2014-10-18 18:03 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\qjkgize.dll
C:\ProgramData\8d642hbfb.exe
Task: {81C71F2B-7C7D-4EB6-9762-F8C867B783D1} - System32\Tasks\{CC42FF8E-ACCF-3AA3-9FDD-3CFDE6864795} => C:\Users\RevSusan\AppData\Roaming\ncnpx.dll/s "C:\Users\RevSusan\AppData\Roaming\ncnpx.dll" <==== ATTENTION
Task: {9A480541-BD7B-4925-8B24-0255FF13A6AD} - System32\Tasks\{AB064A4A-DD4E-E06D-E89C-87DF587FAA8F} => C:\Users\RevSusan\AppData\Roaming\xdjlvc.dll/s "C:\Users\RevSusan\AppData\Roaming\xdjlvc.dll" <==== ATTENTION
Task: {C30D179F-FF6B-4988-8DF3-60B8359222AE} - System32\Tasks\{2A90E8FF-BE91-1EB5-E65B-D77CAE1D7D51} => C:\Users\RevSusan\AppData\Roaming\usuksju.dll/s "C:\Users\RevSusan\AppData\Roaming\usuksju.dll" <==== ATTENTION
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • checkup.txt
  • system-log.txt
  • mbar-log
  • Fixlog.txt
  • new FRST.txt
  • Describe what symptoms your are experiencing.

  • SusanT likes this
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 08 November 2014 - 02:30 PM

I understand your instructions.  It's Saturday and the traffic is so high, that I can't access either of the Security Check links at the moment.  I'll probably be able to get to them late tonight.  Thanks for stepping up to help me resolve this problem.  I'll post logs as soon as I can complete. :clap:



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 November 2014 - 08:23 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 09 November 2014 - 03:16 PM

Hi OCD.

 

The logs you requested appear below.  I seem to be running better, but a little slow.  I'm on a wireless connection, and because of "traffic" switched to a hard-wire connection a week or so ago.  That's when all my trouble began.  I took it to someone to fix, and the day after I brought it back, I "plugged in" to hard wire again, and that's when my problems started again.  We called the provider (Comcast), on the advice of the tech I was working with, and they advised us that they could not force a new IP address.  So, for now, I'm still running on a wireless connection. Other than that, I haven't started experiencing significant issues.  I'm thinking it might be a good idea to remove this guy's software from my computer since I'm not working with him. :notworthy:  Thanks for helping me.  I appreciate it!

 

Checkup.txt

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

 

--------------------------------------------------------------------------------------------------------------

 

 

System-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4291145728, free: 2658009088

Downloaded database version: v2014.11.09.02
Downloaded database version: v2014.11.08.01
Initializing...
======================
------------ Kernel report ------------
     11/09/2014 02:44:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80042f2490
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004111050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80042f2490, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80042f3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80042f2490, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004111050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 75349890

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30801920  Numsec = 594338480

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\OilxaBqane\OilxaBqane.dat --> [Trojan.FakeMS]
Infected: HKU\S-1-5-21-4107538855-220118890-1200302164-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OilxaBqane --> [Trojan.FakeMS]
Infected: C:\ProgramData\Windows Genuine Advantage\{31CD347F-E293-431F-AF92-3E7EA8C5ED25}\msiexec.exe --> [Trojan.Pseudo.isct]
Infected: C:\ProgramData\Windows Genuine Advantage\{3B951674-CC83-4717-8965-4B6B0BAFED06}\msiexec.exe --> [Trojan.Pseudo.isct]
Infected: C:\ProgramData\Windows Genuine Advantage\{4D13E073-A54C-43CF-AC61-C895D732B567}\msiexec.exe --> [Trojan.Agent.ED]
Infected: C:\ProgramData\Windows Genuine Advantage\{6BBAE1DC-CFE6-44FB-A87B-7209EE31065A}\msiexec.exe --> [Trojan.Agent]
Infected: C:\ProgramData\Windows Genuine Advantage\{840D1163-F88C-48FD-BA48-C0F4E32FAA2C}\msiexec.exe --> [Trojan.Pseudo.isct]
Infected: C:\ProgramData\Windows Genuine Advantage\{A00D2FE3-80D5-47B4-A4E1-AB08FF292A6C}\msiexec.exe --> [Trojan.Agent.ED]
Infected: C:\ProgramData\Windows Genuine Advantage\{A4C2E460-1178-4743-BA58-12061E064351}\msiexec.exe --> [Trojan.Agent.ED]
Infected: C:\ProgramData\Windows Genuine Advantage\{A8765675-BCD9-4351-8DE7-433890E7D43D}\msiexec.exe --> [Trojan.Pseudo.isct]
Infected: C:\ProgramData\Windows Genuine Advantage\{EC617C41-9DBD-4FCC-A71E-EC9D93CBD9E1}\msiexec.exe --> [Trojan.Agent.ED]
Infected: C:\ProgramData\Windows Genuine Advantage\{FD124C3D-D92A-4C13-AFEA-3FD7AF3D12EE}\msiexec.exe --> [Trojan.Agent]
Infected: C:\ProgramData\YesmeZehag\YesmeZehag.dat --> [Trojan.FakeMS]
Infected: C:\Users\RevSusan\AppData\Local\Temp\ZeqcoDjoca\EugepVamwu.dat --> [Trojan.FakeMS]
Infected: C:\Users\RevSusan\AppData\Local\Temp\CebsaSwikf\ToqkUcbut.dat --> [Trojan.FakeMS]
Infected: HKU\S-1-5-21-4107538855-220118890-1200302164-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Infected: HKU\S-1-5-21-4107538855-220118890-1200302164-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

-----------------------------------------------------------------------------------------------
 

MBAR-log

 

Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org

Database version: v2014.11.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
RevSusan :: SUSAN-LAPTOP [administrator]

11/9/2014 2:44:31 AM
mbar-log-2014-11-09 (02-44-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 361698
Time elapsed: 20 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKU\S-1-5-21-4107538855-220118890-1200302164-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [4b6b64d54e2edd59454dfc0605fb9c64]
HKU\S-1-5-21-4107538855-220118890-1200302164-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [c8eef148a8d49e985e3780826c949c64]

Registry Values Detected: 1
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OilxaBqane (Trojan.FakeMS) -> Data: regsvr32.exe "C:\ProgramData\OilxaBqane\OilxaBqane.dat" -> Delete on reboot. [4b6bff3aa6d692a48c0c09d72cd505fb]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\ProgramData\OilxaBqane\OilxaBqane.dat (Trojan.FakeMS) -> Delete on reboot. [4b6bff3aa6d692a48c0c09d72cd505fb]
C:\ProgramData\Windows Genuine Advantage\{31CD347F-E293-431F-AF92-3E7EA8C5ED25}\msiexec.exe (Trojan.Pseudo.isct) -> Delete on reboot. [bef82d0c81fb62d4176fffe18d7419e7]
C:\ProgramData\Windows Genuine Advantage\{3B951674-CC83-4717-8965-4B6B0BAFED06}\msiexec.exe (Trojan.Pseudo.isct) -> Delete on reboot. [edc984b5ff7d52e4d0b6716f847dc838]
C:\ProgramData\Windows Genuine Advantage\{4D13E073-A54C-43CF-AC61-C895D732B567}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [8e28ec4ded8f979fceca6a75b44d32ce]
C:\ProgramData\Windows Genuine Advantage\{6BBAE1DC-CFE6-44FB-A87B-7209EE31065A}\msiexec.exe (Trojan.Agent) -> Delete on reboot. [53638aaf2f4dbe78ac2bb2aab24eed13]
C:\ProgramData\Windows Genuine Advantage\{840D1163-F88C-48FD-BA48-C0F4E32FAA2C}\msiexec.exe (Trojan.Pseudo.isct) -> Delete on reboot. [6650cd6c0b71b77f6a1caf31837e43bd]
C:\ProgramData\Windows Genuine Advantage\{A00D2FE3-80D5-47B4-A4E1-AB08FF292A6C}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [70468faaf8840036acec49965ba6c43c]
C:\ProgramData\Windows Genuine Advantage\{A4C2E460-1178-4743-BA58-12061E064351}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [3a7c1a1f196370c6f0a8429db051b14f]
C:\ProgramData\Windows Genuine Advantage\{A8765675-BCD9-4351-8DE7-433890E7D43D}\msiexec.exe (Trojan.Pseudo.isct) -> Delete on reboot. [9422d6637efeb581b8ceb42c1fe28b75]
C:\ProgramData\Windows Genuine Advantage\{EC617C41-9DBD-4FCC-A71E-EC9D93CBD9E1}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [892d9c9d4537d66060384d92f70a7b85]
C:\ProgramData\Windows Genuine Advantage\{FD124C3D-D92A-4C13-AFEA-3FD7AF3D12EE}\msiexec.exe (Trojan.Agent) -> Delete on reboot. [86302811b5c73303716635274eb255ab]
C:\ProgramData\YesmeZehag\YesmeZehag.dat (Trojan.FakeMS) -> Delete on reboot. [229494a589f376c057414a96b05137c9]
C:\Users\RevSusan\AppData\Local\Temp\ZeqcoDjoca\EugepVamwu.dat (Trojan.FakeMS) -> Delete on reboot. [d0e6c673dba17db9168238a8d0315aa6]
C:\Users\RevSusan\AppData\Local\Temp\CebsaSwikf\ToqkUcbut.dat (Trojan.FakeMS) -> Delete on reboot. [51657ebbfb81bf77fc9c835d0bf6af51]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

------------------------------------------------------------------------------------

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014
Ran by RevSusan at 2014-11-09 10:16:09 Run:1
Running from C:\Users\RevSusan\Desktop
Loaded Profile: RevSusan (Available profiles: RevSusan & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProceses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\Run: [bcikmao] => rundll32 "C:\Users\RevSusan\AppData\Local\bcikmao.dll",bcikmao <===== ATTENTION
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\Run: [OilxaBqane] => regsvr32.exe "C:\ProgramData\OilxaBqane\OilxaBqane.dat"
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
2014-11-06 11:14 - 2014-11-06 11:14 - 00000000 ____D () C:\ProgramData\YesmeZehag
2014-11-06 11:14 - 2014-11-06 11:14 - 00000000 ____D () C:\ProgramData\OilxaBqane
2014-10-30 14:54 - 2014-10-30 14:54 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\gggrdik.dll
2014-10-30 14:54 - 2014-10-30 14:54 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\acosjca.dll
2014-10-28 16:15 - 2014-10-28 16:15 - 00000082 _____ () C:\Users\RevSusan\AppData\Roaming\9cbbab17
2014-10-28 16:15 - 2014-10-28 16:15 - 00000010 _____ () C:\Users\RevSusan\AppData\Roaming\9cbbab18
2014-10-18 18:03 - 2014-10-18 18:03 - 00000000 _____ () C:\Users\RevSusan\AppData\Roaming\qjkgize.dll
C:\ProgramData\8d642hbfb.exe
Task: {81C71F2B-7C7D-4EB6-9762-F8C867B783D1} - System32\Tasks\{CC42FF8E-ACCF-3AA3-9FDD-3CFDE6864795} => C:\Users\RevSusan\AppData\Roaming\ncnpx.dll/s "C:\Users\RevSusan\AppData\Roaming\ncnpx.dll" <==== ATTENTION
Task: {9A480541-BD7B-4925-8B24-0255FF13A6AD} - System32\Tasks\{AB064A4A-DD4E-E06D-E89C-87DF587FAA8F} => C:\Users\RevSusan\AppData\Roaming\xdjlvc.dll/s "C:\Users\RevSusan\AppData\Roaming\xdjlvc.dll" <==== ATTENTION
Task: {C30D179F-FF6B-4988-8DF3-60B8359222AE} - System32\Tasks\{2A90E8FF-BE91-1EB5-E65B-D77CAE1D7D51} => C:\Users\RevSusan\AppData\Roaming\usuksju.dll/s "C:\Users\RevSusan\AppData\Roaming\usuksju.dll" <==== ATTENTION
EmptyTemp:
End
*****************

CloseProceses: => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\Software\Microsoft\Windows\CurrentVersion\Run\\bcikmao => value deleted successfully.
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\Software\Microsoft\Windows\CurrentVersion\Run\\OilxaBqane => Value not found.
"HKU\S-1-5-21-4107538855-220118890-1200302164-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-4107538855-220118890-1200302164-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\ProgramData\YesmeZehag => Moved successfully.
C:\ProgramData\OilxaBqane => Moved successfully.
C:\Users\RevSusan\AppData\Roaming\gggrdik.dll => Moved successfully.
C:\Users\RevSusan\AppData\Roaming\acosjca.dll => Moved successfully.
C:\Users\RevSusan\AppData\Roaming\9cbbab17 => Moved successfully.
C:\Users\RevSusan\AppData\Roaming\9cbbab18 => Moved successfully.
C:\Users\RevSusan\AppData\Roaming\qjkgize.dll => Moved successfully.
C:\ProgramData\8d642hbfb.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81C71F2B-7C7D-4EB6-9762-F8C867B783D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81C71F2B-7C7D-4EB6-9762-F8C867B783D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CC42FF8E-ACCF-3AA3-9FDD-3CFDE6864795} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC42FF8E-ACCF-3AA3-9FDD-3CFDE6864795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A480541-BD7B-4925-8B24-0255FF13A6AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A480541-BD7B-4925-8B24-0255FF13A6AD}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AB064A4A-DD4E-E06D-E89C-87DF587FAA8F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB064A4A-DD4E-E06D-E89C-87DF587FAA8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C30D179F-FF6B-4988-8DF3-60B8359222AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C30D179F-FF6B-4988-8DF3-60B8359222AE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2A90E8FF-BE91-1EB5-E65B-D77CAE1D7D51} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A90E8FF-BE91-1EB5-E65B-D77CAE1D7D51}" => Key deleted successfully.
EmptyTemp: => Removed 1.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

____________________________________________

 

 

New FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by RevSusan (administrator) on SUSAN-LAPTOP on 09-11-2014 10:47:04
Running from C:\Users\RevSusan\Desktop
Loaded Profile: RevSusan (Available profiles: RevSusan & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\MountPoints2: {5f8dae55-7bc3-11e2-a042-806e6f6e6963} - E:\win\setup.exe -phs
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {FB1C16C0-64CE-400C-865A-82CA83B6FBCA} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4107538855-220118890-1200302164-1003: @citrixonline.com/appdetectorplugin -> C:\Users\RevSusan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4107538855-220118890-1200302164-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RevSusan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-11-05]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 0319911415215888mcinstcleanup; C:\Windows\TEMP\031991~1.EXE -cleanup -nolog [X]
S2 HPSLPSVC; C:\Users\RevSusan\AppData\Local\Temp\7zS3C94\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FastLynx; C:\Program Files (x86)\FastLynx\FastLynx.sys [2987 2002-10-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 10:36 - 2014-11-09 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-09 10:10 - 2014-11-09 10:46 - 00000000 ____D () C:\Users\RevSusan\Desktop\FRST-OlderVersion
2014-11-09 02:44 - 2014-11-09 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-09 02:37 - 2014-11-09 10:04 - 00000000 ____D () C:\Users\RevSusan\Desktop\mbar
2014-11-09 02:19 - 2014-11-09 02:19 - 00000847 _____ () C:\Users\RevSusan\Desktop\checkup.txt
2014-11-09 02:13 - 2014-11-09 02:13 - 14439144 _____ (Malwarebytes Corp.) C:\Users\RevSusan\Desktop\mbar-1.08.0.1001.exe
2014-11-09 02:12 - 2014-11-09 02:12 - 00854448 _____ () C:\Users\RevSusan\Desktop\SecurityCheck.exe
2014-11-07 13:36 - 2014-11-07 13:36 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\Citrix
2014-11-06 18:16 - 2014-11-06 18:16 - 00031296 _____ () C:\Users\RevSusan\Desktop\Addition.txt
2014-11-06 18:15 - 2014-11-09 10:47 - 00014216 _____ () C:\Users\RevSusan\Desktop\FRST.txt
2014-11-06 17:51 - 2014-11-06 17:52 - 00004496 _____ () C:\Users\RevSusan\Desktop\aswMBR.txt
2014-11-06 17:51 - 2014-11-06 17:52 - 00000512 _____ () C:\Users\RevSusan\Desktop\MBR.dat
2014-11-06 15:35 - 2014-11-09 10:47 - 00000000 ____D () C:\FRST
2014-11-06 15:32 - 2014-11-09 10:46 - 02116096 _____ (Farbar) C:\Users\RevSusan\Desktop\FRST64.exe
2014-11-06 15:28 - 2014-11-06 15:28 - 05194752 _____ (AVAST Software) C:\Users\RevSusan\Desktop\aswMBR.exe
2014-11-06 12:07 - 2014-11-06 12:07 - 00509440 _____ (Tech Support Guy System) C:\Users\RevSusan\Downloads\SysInfo.exe
2014-11-05 12:28 - 2014-11-09 10:31 - 00006926 _____ () C:\Windows\PFRO.log
2014-11-05 12:28 - 2014-11-09 10:31 - 00000672 _____ () C:\Windows\setupact.log
2014-11-05 12:28 - 2014-11-05 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-05 12:26 - 2014-11-05 12:26 - 00028622 _____ () C:\Windows\RPSETUP.EXE.LOG
2014-11-05 12:26 - 2014-11-05 12:26 - 00028622 _____ () C:\RPSetup.exe.log
2014-11-05 11:35 - 2014-11-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohnert Park Computers repair tool
2014-11-04 12:01 - 2014-11-04 12:13 - 00000000 ____D () C:\AdwCleaner
2014-11-04 09:47 - 2014-11-09 02:44 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 09:47 - 2014-11-04 09:47 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 09:47 - 2014-11-04 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 09:46 - 2014-11-09 02:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 09:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 09:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 09:38 - 2014-11-05 11:35 - 00001846 _____ () C:\Users\Public\Desktop\Rohnert Park Computers repair tool.lnk
2014-11-04 09:36 - 2014-11-06 13:28 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-10-28 16:12 - 2014-11-06 11:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-28 15:28 - 2014-10-28 15:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-28 15:28 - 2014-10-28 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 15:28 - 2014-10-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 13:56 - 2014-10-24 13:56 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-24 13:56 - 2014-10-24 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-24 13:55 - 2014-10-24 13:55 - 00000000 ____D () C:\Program Files\iPod
2014-10-15 03:02 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 03:02 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 03:02 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 03:02 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 03:02 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 03:02 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 03:02 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 03:02 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 03:02 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 03:02 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 03:02 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 03:02 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 03:02 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 03:02 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 03:02 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 03:02 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 03:02 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 03:02 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 03:02 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 03:02 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 03:01 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 03:01 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 03:01 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 03:01 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 03:01 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 03:01 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 03:01 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 03:01 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 03:01 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 03:01 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 03:01 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 03:01 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 03:01 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 03:01 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 03:01 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 03:01 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 03:01 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 03:01 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 03:01 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 03:01 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 03:01 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 03:01 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 03:01 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 03:01 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 03:01 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 03:01 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 03:01 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 03:01 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 03:01 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 03:01 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 03:01 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 03:01 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 03:01 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 03:01 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 03:01 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 03:01 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 03:01 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 03:01 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 03:01 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 03:01 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 03:01 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 03:01 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 03:01 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 03:01 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 03:01 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 03:01 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 03:01 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 03:01 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 03:01 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 03:01 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 03:01 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 03:01 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 03:01 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 03:01 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 03:01 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 03:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 03:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 03:01 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 03:01 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 03:01 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 03:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 03:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 03:01 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 03:01 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 03:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 03:01 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 03:01 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 03:01 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 03:01 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 03:01 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 03:01 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 03:01 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 03:01 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 03:01 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 03:01 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 03:01 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 03:00 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 03:00 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 03:00 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 03:00 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 10:38 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 10:38 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 10:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 10:30 - 2009-07-13 21:10 - 01334188 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 10:11 - 2012-04-08 13:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 02:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 15:01 - 2013-05-21 14:20 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-07 13:36 - 2009-12-09 14:49 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-11-06 19:04 - 2009-07-13 21:13 - 00854988 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 12:54 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-11-05 12:28 - 2009-12-09 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-05 12:26 - 2009-12-09 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-11-05 12:19 - 2009-12-09 15:00 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-11-05 12:01 - 2014-09-03 12:47 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\HpUpdate
2014-11-05 12:01 - 2013-12-27 14:04 - 00000000 ____D () C:\Users\RevSusan\Documents\MONEY
2014-11-05 12:01 - 2013-05-04 10:43 - 00000000 ____D () C:\Users\RevSusan\Documents\SelfMV
2014-11-05 12:01 - 2013-04-10 10:45 - 00000000 ____D () C:\Users\RevSusan\Documents\Writing
2014-11-05 12:01 - 2011-09-13 00:48 - 00000000 ____D () C:\Users\RevSusan\Documents\Family Tree Maker
2014-11-05 12:01 - 2011-01-14 11:59 - 00000000 ____D () C:\Program Files (x86)\FastLynx
2014-11-05 12:01 - 2010-12-03 00:09 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\Windows Live Writer
2014-11-05 12:01 - 2010-03-18 11:02 - 00000000 ___DC () C:\Users\RevSusan\AppData\Local\MigWiz
2014-11-05 12:01 - 2009-12-09 16:16 - 00000000 ____D () C:\Windows\Panther
2014-11-05 12:01 - 2009-12-09 15:05 - 00000000 ____D () C:\ProgramData\Roxio
2014-11-05 12:01 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-11-05 12:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-05 12:01 - 2007-12-25 11:09 - 00000000 ____D () C:\Users\RevSusan\Documents\Genealogy
2014-11-05 11:33 - 2009-12-15 23:39 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\SoftThinks
2014-11-05 11:33 - 2009-12-09 15:23 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-05 11:33 - 2009-12-09 15:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-04 11:35 - 2009-12-09 15:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-02 13:31 - 2013-05-04 09:53 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\Samsung
2014-11-02 13:30 - 2013-05-04 09:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-28 15:29 - 2013-10-17 13:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 13:55 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 13:55 - 2013-05-12 13:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 19:18 - 2013-09-24 15:00 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\PrimoPDF
2014-10-18 19:18 - 2008-04-07 12:16 - 00000000 ____D () C:\Users\RevSusan\Documents\e-books and pdf manuals
2014-10-18 19:16 - 2013-12-29 16:08 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\Nitro PDF
2014-10-18 18:03 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-16 15:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:45 - 2009-07-13 20:45 - 00418176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:42 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:21 - 2009-12-09 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:16 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2010-01-16 17:28 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 12:17 - 2012-11-25 12:15 - 00000000 ____D () C:\Users\RevSusan\Documents\Home

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 20:08

==================== End Of Log ============================

------------------------------------  END OF THIS Report :adios: --------------------------------------------



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 November 2014 - 09:16 PM

Hi SusanT,

Please do not "bold" the text of the logs, it makes it harder to read. I appreciate your cooperation. :thumbup:

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Rohnert Park Computers repair tool

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
2014-11-05 11:35 - 2014-11-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohnert Park Computers repair tool
2014-11-04 09:38 - 2014-11-05 11:35 - 00001846 _____ () C:\Users\Public\Desktop\Rohnert Park Computers repair tool.lnk
2014-11-04 09:36 - 2014-11-06 13:28 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
C:\ProgramData\Windows Genuine Advantage
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Check the Additions box.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 10 November 2014 - 07:09 PM

Sorry. I didn't intentionally bold the text.  My internet access is slow on the more popular web sites that I use, but okay on those that are not so popular.  As I said before, I think that is more due to the traffic on band than to my computer. But, I still don't trust my hard-wire network connection. Here are the 4 logs you requested:

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by RevSusan at 2014-11-10 12:57:02 Run:2
Running from C:\Users\RevSusan\Desktop
Loaded Profile: RevSusan (Available profiles: RevSusan & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
2014-11-05 11:35 - 2014-11-05 11:35 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohnert Park Computers repair tool
2014-11-04 09:38 - 2014-11-05 11:35 - 00001846 _____ () C:\Users\Public\Desktop\Rohnert Park Computers repair tool.lnk
2014-11-04 09:36 - 2014-11-06 13:28 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
C:\ProgramData\Windows Genuine Advantage
EmptyTemp:
End

*****************

Processes closed successfully.
"2014-11-05 11:35 - 2014-11-05 11:35 - 00000000 ____D ()" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohnert Park Computers repair tool" => File/Directory not found.
"C:\Users\Public\Desktop\Rohnert Park Computers repair tool.lnk" => File/Directory not found.
"C:\Program Files\UVK - Ultra Virus Killer" => File/Directory not found.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
EmptyTemp: => Removed 44.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

AdwCleaner

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 14:07:31
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RevSusan - SUSAN-LAPTOP
# Running from : C:\Users\RevSusan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [1576 octets] - [04/11/2014 12:01:06]
AdwCleaner[R1].txt - [1373 octets] - [10/11/2014 13:12:19]
AdwCleaner[S0].txt - [1429 octets] - [04/11/2014 12:12:58]
AdwCleaner[S1].txt - [1300 octets] - [10/11/2014 14:07:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1360 octets] ##########

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by RevSusan on Mon 11/10/2014 at 14:11:40.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/10/2014 at 14:16:14.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

New FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by RevSusan (administrator) on SUSAN-LAPTOP on 10-11-2014 16:15:24
Running from C:\Users\RevSusan\Desktop
Loaded Profile: RevSusan (Available profiles: RevSusan & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4107538855-220118890-1200302164-1003\...\MountPoints2: {5f8dae55-7bc3-11e2-a042-806e6f6e6963} - E:\win\setup.exe -phs
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {FB1C16C0-64CE-400C-865A-82CA83B6FBCA} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4107538855-220118890-1200302164-1003: @citrixonline.com/appdetectorplugin -> C:\Users\RevSusan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4107538855-220118890-1200302164-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RevSusan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-11-05]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 0319911415215888mcinstcleanup; C:\Windows\TEMP\031991~1.EXE -cleanup -nolog [X]
S2 HPSLPSVC; C:\Users\RevSusan\AppData\Local\Temp\7zS3C94\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FastLynx; C:\Program Files (x86)\FastLynx\FastLynx.sys [2987 2002-10-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:16 - 2014-11-10 14:16 - 00000765 _____ () C:\Users\RevSusan\Desktop\JRT.txt
2014-11-10 14:12 - 2014-11-10 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-10 14:11 - 2014-11-10 14:11 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 14:10 - 2014-11-10 14:10 - 00001448 _____ () C:\Users\RevSusan\Desktop\AdwCleaner[S1].txt
2014-11-10 13:10 - 2014-11-10 13:10 - 02140160 _____ () C:\Users\RevSusan\Desktop\AdwCleaner.exe
2014-11-09 22:29 - 2014-11-09 22:29 - 01706808 _____ (Thisisu) C:\Users\RevSusan\Desktop\JRT.exe
2014-11-09 10:10 - 2014-11-10 12:56 - 00000000 ____D () C:\Users\RevSusan\Desktop\FRST-OlderVersion
2014-11-09 02:44 - 2014-11-09 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-09 02:37 - 2014-11-09 10:04 - 00000000 ____D () C:\Users\RevSusan\Desktop\mbar
2014-11-09 02:19 - 2014-11-09 02:19 - 00000847 _____ () C:\Users\RevSusan\Desktop\checkup.txt
2014-11-09 02:13 - 2014-11-09 02:13 - 14439144 _____ (Malwarebytes Corp.) C:\Users\RevSusan\Desktop\mbar-1.08.0.1001.exe
2014-11-09 02:12 - 2014-11-09 02:12 - 00854448 _____ () C:\Users\RevSusan\Desktop\SecurityCheck.exe
2014-11-07 13:36 - 2014-11-07 13:36 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\Citrix
2014-11-06 18:16 - 2014-11-06 18:16 - 00031296 _____ () C:\Users\RevSusan\Desktop\Addition.txt
2014-11-06 18:15 - 2014-11-10 16:17 - 00014216 _____ () C:\Users\RevSusan\Desktop\FRST.txt
2014-11-06 17:51 - 2014-11-06 17:52 - 00004496 _____ () C:\Users\RevSusan\Desktop\aswMBR.txt
2014-11-06 17:51 - 2014-11-06 17:52 - 00000512 _____ () C:\Users\RevSusan\Desktop\MBR.dat
2014-11-06 15:35 - 2014-11-10 16:15 - 00000000 ____D () C:\FRST
2014-11-06 15:32 - 2014-11-09 10:46 - 02116096 _____ (Farbar) C:\Users\RevSusan\Desktop\FRST64.exe
2014-11-06 15:28 - 2014-11-06 15:28 - 05194752 _____ (AVAST Software) C:\Users\RevSusan\Desktop\aswMBR.exe
2014-11-06 12:07 - 2014-11-06 12:07 - 00509440 _____ (Tech Support Guy System) C:\Users\RevSusan\Downloads\SysInfo.exe
2014-11-05 12:28 - 2014-11-10 16:13 - 00000896 _____ () C:\Windows\setupact.log
2014-11-05 12:28 - 2014-11-10 14:09 - 00007564 _____ () C:\Windows\PFRO.log
2014-11-05 12:28 - 2014-11-05 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-05 12:26 - 2014-11-05 12:26 - 00028622 _____ () C:\Windows\RPSETUP.EXE.LOG
2014-11-05 12:26 - 2014-11-05 12:26 - 00028622 _____ () C:\RPSetup.exe.log
2014-11-04 12:01 - 2014-11-10 14:07 - 00000000 ____D () C:\AdwCleaner
2014-11-04 09:47 - 2014-11-09 02:44 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 09:47 - 2014-11-04 09:47 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 09:47 - 2014-11-04 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 09:46 - 2014-11-09 02:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 09:46 - 2014-11-04 09:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 09:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 09:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 15:28 - 2014-10-28 15:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-28 15:28 - 2014-10-28 15:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-28 15:28 - 2014-10-28 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 15:28 - 2014-10-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 13:56 - 2014-10-24 13:56 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-24 13:56 - 2014-10-24 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-10-24 13:55 - 2014-10-24 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-24 13:55 - 2014-10-24 13:55 - 00000000 ____D () C:\Program Files\iPod
2014-10-15 03:02 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 03:02 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 03:02 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 03:02 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 03:02 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 03:02 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 03:02 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 03:02 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 03:02 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 03:02 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 03:02 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 03:02 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 03:02 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 03:02 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 03:02 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 03:02 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 03:02 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 03:02 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 03:02 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 03:02 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 03:02 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 03:02 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 03:02 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 03:01 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 03:01 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 03:01 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 03:01 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 03:01 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 03:01 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 03:01 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 03:01 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 03:01 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 03:01 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 03:01 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 03:01 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 03:01 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 03:01 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 03:01 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 03:01 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 03:01 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 03:01 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 03:01 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 03:01 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 03:01 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 03:01 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 03:01 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 03:01 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 03:01 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 03:01 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 03:01 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 03:01 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 03:01 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 03:01 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 03:01 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 03:01 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 03:01 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 03:01 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 03:01 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 03:01 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 03:01 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 03:01 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 03:01 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 03:01 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 03:01 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 03:01 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 03:01 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 03:01 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 03:01 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 03:01 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 03:01 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 03:01 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 03:01 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 03:01 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 03:01 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 03:01 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 03:01 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 03:01 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 03:01 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 03:01 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 03:01 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 03:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 03:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 03:01 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 03:01 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 03:01 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 03:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 03:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 03:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 03:01 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 03:01 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 03:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 03:01 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 03:01 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 03:01 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 03:01 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 03:01 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 03:01 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 03:01 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 03:01 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 03:01 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 03:01 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 03:01 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 03:00 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 03:00 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 03:00 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 03:00 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 03:00 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 03:00 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 16:13 - 2009-07-13 21:10 - 01372916 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 16:13 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 16:11 - 2012-04-08 13:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 15:02 - 2013-05-21 14:20 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-10 14:16 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:16 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 02:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-07 13:36 - 2009-12-09 14:49 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-11-06 19:04 - 2009-07-13 21:13 - 00854988 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 12:54 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-11-05 12:28 - 2009-12-09 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-05 12:26 - 2009-12-09 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-11-05 12:19 - 2009-12-09 15:00 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-11-05 12:01 - 2014-09-03 12:47 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\HpUpdate
2014-11-05 12:01 - 2013-12-27 14:04 - 00000000 ____D () C:\Users\RevSusan\Documents\MONEY
2014-11-05 12:01 - 2013-05-04 10:43 - 00000000 ____D () C:\Users\RevSusan\Documents\SelfMV
2014-11-05 12:01 - 2013-04-10 10:45 - 00000000 ____D () C:\Users\RevSusan\Documents\Writing
2014-11-05 12:01 - 2011-09-13 00:48 - 00000000 ____D () C:\Users\RevSusan\Documents\Family Tree Maker
2014-11-05 12:01 - 2011-01-14 11:59 - 00000000 ____D () C:\Program Files (x86)\FastLynx
2014-11-05 12:01 - 2010-12-03 00:09 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\Windows Live Writer
2014-11-05 12:01 - 2010-03-18 11:02 - 00000000 ___DC () C:\Users\RevSusan\AppData\Local\MigWiz
2014-11-05 12:01 - 2009-12-09 16:16 - 00000000 ____D () C:\Windows\Panther
2014-11-05 12:01 - 2009-12-09 15:05 - 00000000 ____D () C:\ProgramData\Roxio
2014-11-05 12:01 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-11-05 12:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-05 12:01 - 2007-12-25 11:09 - 00000000 ____D () C:\Users\RevSusan\Documents\Genealogy
2014-11-05 11:33 - 2009-12-15 23:39 - 00000000 ____D () C:\Users\RevSusan\AppData\Local\SoftThinks
2014-11-05 11:33 - 2009-12-09 15:23 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-05 11:33 - 2009-12-09 15:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-04 11:35 - 2009-12-09 15:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-02 13:31 - 2013-05-04 09:53 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\Samsung
2014-11-02 13:30 - 2013-05-04 09:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-28 15:29 - 2013-10-17 13:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 13:55 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 13:55 - 2013-05-12 13:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 19:18 - 2013-09-24 15:00 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\PrimoPDF
2014-10-18 19:18 - 2008-04-07 12:16 - 00000000 ____D () C:\Users\RevSusan\Documents\e-books and pdf manuals
2014-10-18 19:16 - 2013-12-29 16:08 - 00000000 ____D () C:\Users\RevSusan\AppData\Roaming\Nitro PDF
2014-10-18 18:03 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-16 15:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:45 - 2009-07-13 20:45 - 00418176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:42 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:21 - 2009-12-09 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:16 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2010-01-16 17:28 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 12:17 - 2012-11-25 12:15 - 00000000 ____D () C:\Users\RevSusan\Documents\Home

Some content of TEMP:
====================
C:\Users\RevSusan\AppData\Local\Temp\Quarantine.exe
C:\Users\RevSusan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 20:08

==================== End Of Log ============================



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 November 2014 - 07:38 PM

Hi SusanT,
 

But, I still don't trust my hard-wire network connection.

What don't you trust about a hard wired connection?

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 12 November 2014 - 03:31 AM

To answer your question, concerning my hard-wired connection, here's what I wrote before:

I'm on a wireless connection, and because it was slow, due to "traffic," switched to a hard-wire connection a week or so ago.That's when all my trouble began. I took it to someone to fix, and the day after I brought it back, I "plugged in" to hard wire again, and my problems started all over again. We called the provider (Comcast), on the advice of the tech I was working with hoping to get a different IP address, and they advised us that they could not force a new IP address. So, for now, I'm still running on a heavily trafficked, slow wireless connection.

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2014
Scan Time: 1:18:04 PM
Logfile: mbam-log-2014-11-11.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.11.08
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RevSusan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362422
Time Elapsed: 16 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ESET Scan Log

C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{323AED40-E4BD-4D39-AA42-6FCDF7717B0E}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{356C7A2B-0C81-4A99-9A71-C65FFDEF3F6A}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan cleaned by deleting - quarantined
C:\Users\RevSusan\AppData\LocalLow\iiizvxd.dll a variant of MSIL/Injector.FWI trojan cleaned by deleting - quarantined

#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 November 2014 - 09:12 AM

Hi SusanT ,

From a "security" standpoint a wired connections is actually more secure. But the issue you may be encountering is most likely due to your internet provider.

We can try a few steps and see if that improves your wireless connection.

bullseye_zpse9eaf36e.gif Reset TCP/IP stack to installation defaults

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "netsh int ip reset reset.log" then hit Enter
=========================

bullseye_zpse9eaf36e.gif Flush the DNS cache
  • Click Start > Run and type in cmd
  • Click OK.
  • This will open a command prompt.
  • Type or copy and paste the following line in the command window:
  • ipconfig /flushdns (be sure to include the space between ipconfig /)
  • Hit Enter
  • Exit the command window
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Chek and see if there is any improvement.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 13 November 2014 - 03:36 AM

1. I am unable to connect (without a horribly painful delay time) to the Internet tonight.  I'm writing this from my husband's computer.

 

2. With regard to your previous instruction, I don't know if it matters or not, but we have a "home network" set up here.

 

3. to be clear: you want me to connect to the hard wire, and run the cmd from the "prompt" while connected on my machine via the hard-wire.  I was going to ask "what if my machine starts acting up" but, perhaps it already has.  Unless, of course, the painful delays have anything to do with the fact that there are a gazillion wireless connections in our neighborhood, and a distinct possiblity that some of the neighboring college students are up at 1:00 a.m. and on their connections ..????  I'm frankly stumped, by this inability to get on the internet easily.



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 November 2014 - 09:06 AM

Hi SusanT,
  • Does your husbands computer experience the same sluggish issues?
  • The home network set-up shouldn't make a difference. (how many devices do you have on your home network?)
  • I need you to run those commands while connected via a wireless connection, not hard wired.
  • With regards to all the college students being connected. There may be a setting within your router settings that would allow you to select a different channel with which to connect to the Internet. Maybe there are just too many people connecting via a particular channel.
  • What router are you using? (Make and Model)
  • Was the router provided by your ISP?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 13 November 2014 - 03:41 PM

I am responding to your last two posts. (Sorry, I haven't figured out how to use the neat quote option effectively.)

1. I reset the TCP/IP stack to installation defaults.
2. Flush the DNS cache. This instruction started with "Run and type cmd...". Therefore, I exited the previous screen (which was being run "as administrator"), and started a new screen by typing "cmd" again. This time NOT as administrator since it was not explicitly stated, and completed the task, then rebooted.

Last Post:
1. No, my husband has no problems on his desktop machine.
2. Devices running on the network: This laptop and our 2 phones are on the Wi-Fi connection. Occasionally he will connect to WiFi using his Asus tablet and sometimes his Kindle. His desktop is on the network, hard-wired.
3. Our router is a combined modem / router supplied by Comcast / Xfinity. It is an Arris Model TG862.

Lastly:
I did some exploring of the network connection,(Control Panel - Network and Internet - Network Connections, right click on Wireless Network Connection, click Diagnose) and completed diagnostics where permitted. On a couple of occasions, I received error messages, some of which flew by so fast that I could not catch them for you and were "fixed" by windows. One that I did catch stated "Your computer appears to be correctly configured but the device or resource (DNS) is not responding.

Thank you, again, OCD.

#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 November 2014 - 09:51 PM

Hi SusanT,
 

(Sorry, I haven't figured out how to use the neat quote option effectively.)


There are two (2) ways to include text within a quote window.

1. Locate this menu on the previous post
quotecapture_zps4688e6da.gif

Click the word "Quote" and that will quote the entire previous post, just add your comments and hit reply. You can also edit out any of text that might not be vital to your comment.

2. In the reply window, select the More Reply Options box, Click the toggle switch in the upper left hand corner. Then locate the quote button, highlight any text you want to quote then click the quote button.
WTTToggleandQuote_zpsee85e1da.gif

= = = = = = = = = = = = = = = = = = = =
 

Flush the DNS cache. This instruction started with "Run and type cmd...". Therefore, I exited the previous screen (which was being run "as administrator"), and started a new screen by typing "cmd" again. This time NOT as administrator since it was not explicitly stated,

My mistake, but we will address this later in this post.
 

I'm on a wireless connection, and because it was slow, due to "traffic," switched to a hard-wire connection a week or so ago.That's when all my trouble began.

Can you explain what you mean by "that's when all my trouble began", what trouble?

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:

  • Flush DNS
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

=========================

Click Start, type command prompt in the Search Programs and files box, right-click Command Prompt, and then click Run as administrator.
At the command prompt, type the following commands. Press Enter after each command. (be sure to include the space between ipconfig /)

ipconfig /flushdns

ipconfig /registerdns

ipconfig /release

ipconfig /renew


=========================

bullseye_zpse9eaf36e.gif Reboot and test

=========================

In your next post please provide the following:

  • Result.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 SusanT

SusanT

    Authentic Member

  • Authentic Member
  • PipPip
  • 67 posts

Posted 15 November 2014 - 07:21 PM

Can you explain what you mean by "that's when all my trouble began", what trouble?

It's been a couple of weeks, and my memory is not the best any longer, but I'll try. (A year ago, I fell and had a bad concussion, and I still have not been able to get my memory back to where it was.)
  • The machine was running slowly, and so I plugged into hard wire to see if that would help.
  • The first thing that happened was that I received two separate notifications from McAfee telling me that I had been infected by a Trojan, and instructing me to shut down the machine so it could complete the cleaning. On both occasions, I did as instructed.
  • Sometime after that, maybe a couple of days, I started experiencing difficulty while using IE Explorer. The first thing being that I would receive a message any time I tried to download a file saying that my security would not allow me to download a file. Around the same time, I started losing my home page assignment. I tried to download Malwarebytes, but received the message saying my security would not allow it.
  • In addition, McAfee started running a "scan" that literally never ended.  I had it set to automatically run a scan every Thursday at 3:00 a.m., but this was not part of the regularly scheduled scan.  I could not shut it down, and the process was using 100% of my CPU.
  • I also noticed several duplicate processes running ... don't remember exactly which ones, but the "typical" processes that happen when you're infected by a Trojan.
  • I did not remember how to reset my security to allow downloads, nor did I remember that I was a member here. I tried to find a way to get help online, but was unable to download files.
  • Finally, in exasperation, I took the machine to someone local to fix. I left it there in his shop for 2 days, brought it home and plugged it in again the next day. I started experiencing the same behavior ... changed print settings, and changed home page. I called the guy who I had paid and left a message.
  • He called me back two days later saying he would have time to help ...only he didn't.
  • I remembered that this was the board I had used successfully before, and here I am.
=========================================
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by RevSusan (administrator) on 15-11-2014 at 14:36:58
Running from "C:\Users\RevSusan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset

popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Susan-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.
Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-24-D6-42-A3-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:9:3980:34f:1928:79dc:3c42:5d90(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:9:3980:34f:289d:d013:8f0:45a0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1928:79dc:3c42:5d90%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, November 13, 2014 1:21:54 PM
   Lease Expires . . . . . . . . . . : Saturday, November 22, 2014 2:08:31 PM
   Default Gateway . . . . . . . . . : fe80::ea89:2cff:fe29:ac41%11
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 218113238
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-B1-FA-62-00-25-64-79-07-12
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-25-64-79-07-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:384f:1531:b3ea:9bac(Preferred)
   Link-local IPv6 Address . . . . . : fe80::384f:1531:b3ea:9bac%18(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.hsd1.ca.comcast.net.:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
Name:    google.com
Addresses:  2607:f8b0:4005:802::1008
   74.125.239.132
   74.125.239.136
   74.125.239.137
   74.125.239.133
   74.125.239.131
   74.125.239.142
   74.125.239.134
   74.125.239.130
   74.125.239.135
   74.125.239.128
   74.125.239.129

Pinging google.com [2607:f8b0:4010:801::1000] with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 2607:f8b0:4010:801::1000:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::1
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 24 d6 42 a3 ea ......Intel® WiFi Link 5100 AGN
 10...00 25 64 79 07 12 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.8     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.8    281
         10.0.0.8  255.255.255.255         On-link          10.0.0.8    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.8    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.8    281
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    281 ::/0                     fe80::ea89:2cff:fe29:ac41
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:9d38:90d7:384f:1531:b3ea:9bac/128
                                    On-link
 11     33 2601:9:3980:34f::/64     On-link
 11    281 2601:9:3980:34f:1928:79dc:3c42:5d90/128
                                    On-link
 11    281 2601:9:3980:34f:289d:d013:8f0:45a0/128
                                    On-link
 11    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 11    281 fe80::1928:79dc:3c42:5d90/128
                                    On-link
 18    306 fe80::384f:1531:b3ea:9bac/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
System errors:
=============
Error: (11/13/2014 00:39:05 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (11/13/2014 01:11:05 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (11/13/2014 01:07:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (11/12/2014 01:16:44 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (11/12/2014 01:16:21 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (11/11/2014 03:48:40 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (11/10/2014 04:16:28 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
  Date: 2011-01-14 14:00:31.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 14:00:31.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 13:00:38.374
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 13:00:38.343
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 12:34:19.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 12:34:19.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 12:00:49.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2011-01-14 12:00:49.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FastLynx\FastLynx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Memory info: ===================================
Percentage of memory in use: 41%
Total physical RAM: 4092.36 MB
Available physical RAM: 2392.88 MB
Total Pagefile: 8182.89 MB
Available Pagefile: 6255.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.66 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:205.1 GB) NTFS
========================= Users: ========================================
User accounts for \\SUSAN-LAPTOP
Administrator            Guest                    RevSusan                
========================= Minidump Files ==================================
No minidump file found

**** End of log ****
 

Click Start, type command prompt in the Search Programs and files box, right-click Command Prompt, and then click Run as administrator.
At the command prompt, type the following commands. Press Enter after each command. (be sure to include the space between ipconfig /)

 
I saved the output from this on Notepad.  Did you want to see it?
 
I've tested a bit today.  It's a weekend, and some sites are worse than others.  I just assume that this is to be expected.  Nothing is lightening fast. This site is fairly slow to respond, but once I'm on this page, it's fine.
 
Thank you.
Susan

Edited by OCD, 15 November 2014 - 09:41 PM.

Related Topics




Also tagged with one or more of these keywords: Windows7, Laptop, Trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users