Solved Internet Explorer frozen

RichH

RichH

Posts: 144   +0
Windows Vista with Security Essentials. MBAM scan finds no infection.

I used McAfee Rootkit Remover to successfully remove "ZeroAccess Trojan" today, but IE9 remained very slow/frozen and six iterances of IE were running with a single tab open. So I removed IE9 and IE8. IE7 remains installed, but IE7 seems to work for only a few seconds, enough to browse to techspot.com, then it freezes and I can't do anything. Otherwise the computer seems to work OK.

I am writing from another computer because I can't use IE to post on the sick puter.

Thanks for any help!
Rich
 
You've been to this forum before so you should know better.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

If you have problems posting from infected computer see if you can install/use different browser.
Alternatively...
NOTE 1. Use another working computer to download necessary tools.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Bill @ Deb :: GINN-PC [administrator]

11/8/2013 2:34:43 PM
mbam-log-2013-11-08 (14-34-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213516
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.9.2
Run by Bill @ Deb at 11:50:43 on 2013-11-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2005 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mSearchAssistant = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll
BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
uRun: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [CyberDefender Update] regsvr32.exe "C:\Users\Bill @ Deb\AppData\Local\CyberDefender\vc1dc.dll"
mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
mRun: [IJNetworkScannerSelectorEX] "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\BILL@D~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\BILL@D~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{17929168-2EB5-4E72-B322-630113231E3B} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6D310A41-5EBE-4B12-9615-FD50BB1E47BA} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7B6A6A3F-C676-408A-9822-D65569ACA3DD} : DHCPNameServer = 192.168.100.1
AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Skytel] Skytel.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-12 53488]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2009-1-12 86016]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-1-5 20376]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-8-10 65657]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2009-1-12 26624]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca0d49557030b0;Google Update Service (gupdate1ca0d49557030b0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-25 133104]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-8-9 109352]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-12-23 60416]
S3 Rtnic64;Dynex DX-E102/E202 10/100Mb NDIS Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-12-23 60416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-11-06 20:55:470----a-w-C:\autoexec.bat
2013-11-05 21:32:43692616----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-05 21:32:4271048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 07:12:3680541720----a-w-C:\Windows\System32\mrt.exe
2013-09-30 23:38:1697176----a-w-C:\Windows\SysWow64\ElbyCDIO.dll
2013-09-20 15:49:3421040----a-w-C:\Windows\System32\sdnclean64.exe
2013-08-29 07:48:372775552----a-w-C:\Windows\System32\win32k.sys
2013-08-27 03:39:20327680----a-w-C:\Windows\System32\d3d10_1core.dll
2013-08-27 03:39:20287232----a-w-C:\Windows\System32\d3d10core.dll
2013-08-27 03:39:20196096----a-w-C:\Windows\System32\d3d10_1.dll
2013-08-27 03:39:201268224----a-w-C:\Windows\System32\d3d10.dll
2013-08-27 02:47:50219648----a-w-C:\Windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47:50189952----a-w-C:\Windows\SysWow64\d3d10core.dll
2013-08-27 02:47:50160768----a-w-C:\Windows\SysWow64\d3d10_1.dll
2013-08-27 02:47:501029120----a-w-C:\Windows\SysWow64\d3d10.dll
2013-08-27 02:32:302002944----a-w-C:\Windows\System32\d3d10warp.dll
2013-08-27 02:30:51566272----a-w-C:\Windows\System32\d3d10level9.dll
2013-08-27 02:06:03834048----a-w-C:\Windows\System32\d2d1.dll
2013-08-27 02:00:461556480----a-w-C:\Windows\System32\DWrite.dll
2013-08-27 02:00:461149952----a-w-C:\Windows\System32\FntCache.dll
2013-08-27 01:52:081172480----a-w-C:\Windows\SysWow64\d3d10warp.dll
2013-08-27 01:50:40486400----a-w-C:\Windows\SysWow64\d3d10level9.dll
2013-08-27 01:32:20683008----a-w-C:\Windows\SysWow64\d2d1.dll
2013-08-27 01:28:361069056----a-w-C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 11:51:56.50 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/12/2009 8:06:33 AM
System Uptime: 11/9/2013 11:38:33 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | CPU 1 | 2670/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 261.792 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.737 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Best Buy pc app
Bonjour
Canon Easy-PhotoPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MP830 User Registration
Canon MX880 series MP Drivers
Canon MX880 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CloneDVD2
Color Network ScanGear Ver.2.3
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Dell Resource CD
Dell Video Chat (remove only)
DELL0604
DING!
Dynex DX-E102 PCI 10/100Mb Network Adapter
EDocs
Elevated Installer
ffdshow [rev 2527] [2008-12-19]
Garmin Express
Garmin Express Tray
Garmin Update Service
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block North Carolina 2010
H&R Block North Carolina 2011
H&R Block North Carolina 2012
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFACE 4.01
Memorex exPressit Label Design Studio
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Office Access database engine 2007 (English)
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.2.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PokerStars.net
PowerDVD
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skins
Spelling Dictionaries Support For Adobe Reader 9
TaxCut Premium + State + Efile 2008
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
WebEx Support Manager for Internet Explorer
Windows Live ID Sign-in Assistant
.
==== End Of File ===========================
 
IE7 starts itself and opens spam type website. I kill the processes iexplore.exe and ieuser.exe with Task Manager, then they start themselves about a minute later.
 
Broni, these are the before and after logs from McAfee Rootkit Remover program that I ran yesterday:

BEFORE:
[ TimeStamp: 20131108 111046 ]Rootkit Remover v0.8.9.170 [Oct 25 2013 - 15:43:38]
McAfee Labs.

Windows build 6.0.6002 x64 Service Pack 2
Checking for updates ...


Scanning for user-mode threats ...
Malware Found --> ZeroAccess trojan detected!!!
--> Registry key: HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 ( fixed )
--> Malicious file: \\?\globalroot\device\harddiskvolume3\users\bill @ deb\appdata\local\temp\sbtrswb\spvjteb\wow.dll ( will be deleted after restart )
ZeroAccess trojan was cleaned successfully!


Scanning for kernel-mode threats ...
Detected MD5s:
Scan Finished

PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING.

Other recommendations:
1. Perform full scan with McAfee VirusScan product after reboot.



AFTER:
[ TimeStamp: 20131108 112055 ]Rootkit Remover v0.8.9.170 [Oct 25 2013 - 15:43:38]
McAfee Labs.

Windows build 6.0.6002 x64 Service Pack 2
Checking for updates ...


Scanning for user-mode threats ...

Scanning for kernel-mode threats ...
Scan Result --> No trojan or viruses found!
Scan Finished
 
The BitDefender USB immunizer works well, thanks for recommending that! And thanks for your help with this.
Rich
 
:)

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Bill @ Deb [Admin rights]
Mode : Scan -- Date : 11/11/2013 09:48:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : CyberDefender Update (regsvr32.exe "C:\Users\Bill @ Deb\AppData\Local\CyberDefender\vc1dc.dll" [x][-]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\GoogleUpdate.exe" >) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3019524111-4037514643-3121634874-1000\[...]\Run : CyberDefender Update (regsvr32.exe "C:\Users\Bill @ Deb\AppData\Local\CyberDefender\vc1dc.dll" [x][-]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-3019524111-4037514643-3121634874-1000\[...]\Run : Google Update ("C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\GoogleUpdate.exe" >) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (\\?\globalroot\Device\HarddiskVolume3\Users\Bill @ Deb\AppData\Local\Temp\sbtrswb\spvjteb\wow.dll [x][x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 6e5202b924cc4983417374a41be90a7f
[BSP] a728b1d7551bab7d154456b68bf4972c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 461516 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11112013_094800.txt >>
 
RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Bill @ Deb [Admin rights]
Mode : Remove -- Date : 11/11/2013 09:48:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : CyberDefender Update (regsvr32.exe "C:\Users\Bill @ Deb\AppData\Local\CyberDefender\vc1dc.dll" [x][-]) -> DELETED
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\GoogleUpdate.exe" >) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3019524111-4037514643-3121634874-1000\[...]\Run : CyberDefender Update (regsvr32.exe "C:\Users\Bill @ Deb\AppData\Local\CyberDefender\vc1dc.dll" [x][-]) -> [0x2] The system cannot find the file specified.
[RUN][ZeroAccess] HKUS\S-1-5-21-3019524111-4037514643-3121634874-1000\[...]\Run : Google Update ("C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (\\?\globalroot\Device\HarddiskVolume3\Users\Bill @ Deb\AppData\Local\Temp\sbtrswb\spvjteb\wow.dll [x][x]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a}\U [-] --> DELETED
[ZeroAccess][Folder] {d283c716-9978-154a-f156-668df39abe7a} : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛\{d283c716-9978-154a-f156-668df39abe7a} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {d283c716-9978-154a-f156-668df39abe7a} : C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a} [-] --> DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 6e5202b924cc4983417374a41be90a7f
[BSP] a728b1d7551bab7d154456b68bf4972c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 461516 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11112013_094846.txt >>
RKreport[0]_S_11112013_094800.txt
 
(RogueKiller Quarantine Report:)



[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
ERROR [Install.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[L.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???\???\???\{d283c716-9978-154a-f156-668df39abe7a}\L


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[U.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???\???\???\{d283c716-9978-154a-f156-668df39abe7a}\U


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[{d283c716-9978-154a-f156-668df39abe7a}.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???\???\???\{d283c716-9978-154a-f156-668df39abe7a}


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[???.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???\???\???


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[???.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???\???


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[???.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}\???


[ZeroAccess] Time : 11/11/2013 09:48:45
--------------------------
[{d283c716-9978-154a-f156-668df39abe7a}.vir] -> C:\Users\Bill @ Deb\AppData\Local\Google\Desktop\Install\{d283c716-9978-154a-f156-668df39abe7a}
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.11.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Bill @ Deb :: GINN-PC [administrator]

11/11/2013 10:00:31 AM
mbar-log-2013-11-11 (10-00-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 240542
Time elapsed: 19 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 4293144576, free: 1971867648

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 4293144576, free: 2066685952

Downloaded database version: v2013.11.11.07
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/11/2013 10:00:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xfffffa8005bec790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8004578060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8006890790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xfffffa8006872060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8006871790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xfffffa800686f060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800687b790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8006870b70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006872790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa800686f760
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800586d2d0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004875060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800586d2d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005972b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800586d2d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800487d520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004875060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 90000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 128457

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 129024 Numsec = 31457280

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31586304 Numsec = 945184768
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006872790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800687b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006872790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800686f760, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800687b790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006871040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800687b790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006870b70, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8006871790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006890040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006871790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800686f060, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8006890790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006891040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006890790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006872060, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8005bec790, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004abf7a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005bec790, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004578060, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 545C2249

Partition information:

Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 2008125
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1033371648 bytes
Sector size: 512 bytes

Done!
Scan finished
 
Looks like the McAfee Rootkit Remover that I tried before coming to you did not remove the ZeroAccess Trojan as it said it did. But Rogue Killer seems to have removed it because IE does not start itself anymore.

Looks like MBAR did not find any problems. :)

The computer works well now. Windows Update finished downloading some patches during the RogueKiller scan, so I rebooted the PC after the scans to allow Update to finish. Windows Update reinstalled IE9 which I had uninstalled before. IE works well now, no hijacks, no autorun instances anymore.

Should I delete the Quarantine folder on the Desktop that was created by Rogue Killer now? It contains registry keys, etc.

Thanks Broni.
Rich
 
Wait with that.
We're dealing here with not only ZeroAccess rootkit but also Alueron rootkit.
We need to double check things.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Bill @ Deb (administrator) on GINN-PC on 11-11-2013 12:01:37
Running from C:\Users\Bill @ Deb\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Southwest Airlines) C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Skytel] - Skytel.exe
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6431232 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [94296 2013-10-25] (SlySoft, Inc.)
HKCU\...\Run: [MotoCast] - C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [1888 2012-12-13] ()
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll [1453192 2012-06-06] (MusicLab, LLC)
Startup: C:\Users\Bill @ Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Bill @ Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} URL = http://startsear.ch/?q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=221&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (MusicLab, LLC)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll (MusicLab, LLC)
BHO-x32: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{57425637-0076-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
Toolbar: HKLM-x32 - No Name - !{57425637-0076-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Chrome:
=======
CHR Extension: (AT_Porsche) - C:\Users\BILL@D~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3
==================== Services (Whitelisted) =================
R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
R2 atashost; C:\Windows\SysWOW64\atashost.exe [20376 2009-03-06] (WebEx Communications, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 gupdate1ca0d49557030b0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-07-25] (Google Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-11-03] (SurfRight B.V.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2007-08-23] (Dynex)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
S3 Rtnic64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2007-08-23] (Dynex)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MFE_RR; \??\C:\Users\BILL@D~1\AppData\Local\Temp\mfe_rr.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-11 12:00 - 2013-11-11 12:00 - 00000000 ____D C:\FRST
2013-11-11 11:59 - 2013-11-11 11:59 - 01957590 _____ (Farbar) C:\Users\Bill @ Deb\Desktop\FRST64.exe
2013-11-11 10:00 - 2013-11-11 10:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-11 10:00 - 2013-11-11 10:00 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-11 09:59 - 2013-11-11 09:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-11 09:58 - 2013-11-11 10:28 - 00000000 ____D C:\Users\Bill @ Deb\Desktop\mbar
2013-11-11 09:50 - 2013-11-11 09:50 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 09:50 - 2013-11-11 09:50 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 09:50 - 2013-11-11 09:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 09:50 - 2013-11-11 09:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 09:50 - 2013-11-11 09:50 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 09:50 - 2013-11-11 09:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 09:50 - 2013-11-11 09:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 09:50 - 2013-11-11 09:50 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 09:50 - 2013-11-11 09:50 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 09:50 - 2013-11-11 09:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 09:50 - 2013-11-11 09:50 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 09:42 - 2013-11-11 09:51 - 00000000 ____D C:\Users\Bill @ Deb\Desktop\RK_Quarantine
2013-11-08 12:33 - 2013-11-11 11:57 - 00003686 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1099519-36B7-4C24-AFAA-22586259D54C}
2013-11-08 11:10 - 2013-11-08 11:10 - 00782640 _____ (McAfee, Inc.) C:\Users\Bill @ Deb\Downloads\rootkitremover.exe
2013-11-07 11:05 - 2013-11-07 11:05 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Roaming\LavasoftStatistics
2013-11-07 09:18 - 2013-11-07 09:18 - 00000085 _____ C:\Windows\wininit.ini
2013-11-06 19:10 - 2013-11-07 09:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 19:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-11-06 15:55 - 2013-11-06 15:55 - 00000000 _____ C:\autoexec.bat
2013-11-06 15:51 - 2013-11-06 15:51 - 00000126 _____ C:\sh4_service.log
2013-11-06 15:49 - 2013-10-18 15:01 - 00285747 _____ C:\shldr
2013-11-06 15:49 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr
2013-11-06 15:48 - 2013-11-06 15:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-06 15:47 - 2013-11-06 19:49 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-06 15:46 - 2013-11-06 15:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bill @ Deb\Downloads\SpyHunter-Installer.exe
2013-11-06 15:24 - 2013-11-06 15:24 - 01071584 _____ (Solid State Networks) C:\Users\Bill @ Deb\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-11-06 10:50 - 2013-11-06 10:50 - 00000351 _____ C:\spyhunter.log
2013-11-05 16:47 - 2013-11-05 16:47 - 00000024 _____ C:\Windows\8458CEBF4414B328.log
2013-10-27 12:02 - 2013-10-27 12:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 12:02 - 2013-10-27 12:04 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 12:02 - 2013-10-27 12:02 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-11-11 12:02 - 2009-01-12 08:04 - 01763390 _____ C:\Windows\WindowsUpdate.log
2013-11-11 12:00 - 2013-11-11 12:00 - 00000000 ____D C:\FRST
2013-11-11 11:59 - 2013-11-11 11:59 - 01957590 _____ (Farbar) C:\Users\Bill @ Deb\Desktop\FRST64.exe
2013-11-11 11:57 - 2013-11-08 12:33 - 00003686 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1099519-36B7-4C24-AFAA-22586259D54C}
2013-11-11 11:56 - 2009-07-25 12:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 10:48 - 2012-12-13 17:29 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Roaming\MotoCast
2013-11-11 10:48 - 2012-06-23 15:15 - 00000000 ____D C:\Users\Bill @ Deb\.gstreamer-0.10
2013-11-11 10:46 - 2009-07-25 12:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 10:45 - 2009-01-12 13:18 - 00000288 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2013-11-11 10:43 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 10:43 - 2006-11-02 10:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 10:43 - 2006-11-02 10:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 10:31 - 2006-11-02 10:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 10:31 - 2006-11-02 08:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-11-11 10:31 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-11 10:28 - 2013-11-11 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-11 10:28 - 2013-11-11 09:58 - 00000000 ____D C:\Users\Bill @ Deb\Desktop\mbar
2013-11-11 10:00 - 2013-11-11 10:00 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-11 09:59 - 2013-11-11 09:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-11 09:51 - 2013-11-11 09:42 - 00000000 ____D C:\Users\Bill @ Deb\Desktop\RK_Quarantine
2013-11-11 09:50 - 2013-11-11 09:50 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 09:50 - 2013-11-11 09:50 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 09:50 - 2013-11-11 09:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 09:50 - 2013-11-11 09:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 09:50 - 2013-11-11 09:50 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 09:50 - 2013-11-11 09:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 09:50 - 2013-11-11 09:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 09:50 - 2013-11-11 09:50 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 09:50 - 2013-11-11 09:50 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 09:50 - 2013-11-11 09:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 09:50 - 2013-11-11 09:50 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 09:50 - 2013-11-11 09:50 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 09:50 - 2013-11-11 09:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 09:50 - 2011-06-01 07:38 - 00005660 _____ C:\Windows\IE9_main.log
2013-11-11 09:50 - 2006-11-02 07:16 - 00008798 _____ C:\Windows\SysWOW64\icrav03.rat
2013-11-11 09:50 - 2006-11-02 07:16 - 00001988 _____ C:\Windows\SysWOW64\ticrf.rat
2013-11-11 09:50 - 2006-11-02 01:36 - 00008798 _____ C:\Windows\system32\icrav03.rat
2013-11-11 09:50 - 2006-11-02 01:36 - 00001988 _____ C:\Windows\system32\ticrf.rat
2013-11-09 11:43 - 2006-11-02 07:46 - 00756338 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-08 14:16 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2013-11-08 11:58 - 2012-12-29 11:32 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-11-08 11:54 - 2009-01-12 13:29 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-08 11:10 - 2013-11-08 11:10 - 00782640 _____ (McAfee, Inc.) C:\Users\Bill @ Deb\Downloads\rootkitremover.exe
2013-11-08 10:41 - 2009-01-16 14:11 - 00000000 ____D C:\Users\Bill @ Deb
2013-11-08 10:13 - 2012-03-31 17:46 - 00018363 _____ C:\Windows\setupact.log
2013-11-07 12:55 - 2009-01-18 12:24 - 00000000 ____D C:\Users\Bill @ Deb\Documents\Bill
2013-11-07 11:05 - 2013-11-07 11:05 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Roaming\LavasoftStatistics
2013-11-07 11:03 - 2012-02-19 14:17 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-07 09:34 - 2009-01-17 23:29 - 00221696 _____ C:\Users\Bill @ Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-07 09:19 - 2013-11-06 19:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-07 09:19 - 2008-01-20 22:26 - 00178036 _____ C:\Windows\PFRO.log
2013-11-07 09:18 - 2013-11-07 09:18 - 00000085 _____ C:\Windows\wininit.ini
2013-11-07 09:18 - 2012-02-19 14:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-07 00:01 - 2012-06-15 10:16 - 00000000 ____D C:\ProgramData\pdf995
2013-11-07 00:01 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\spool
2013-11-07 00:01 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-11-07 00:01 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\registration
2013-11-07 00:01 - 2006-11-02 07:33 - 79429632 _____ C:\Windows\system32\config\software_previous
2013-11-07 00:01 - 2006-11-02 07:33 - 29360128 _____ C:\Windows\system32\config\system_previous
2013-11-06 23:58 - 2006-11-02 07:33 - 54001664 _____ C:\Windows\system32\config\components_previous
2013-11-06 23:58 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-11-06 20:55 - 2006-11-02 07:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-11-06 20:55 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-11-06 20:38 - 2013-06-21 17:22 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-06 19:49 - 2013-11-06 15:47 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-06 19:16 - 2009-09-25 08:16 - 00000000 ____D C:\Program Files\Google
2013-11-06 19:16 - 2009-01-12 13:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-06 19:02 - 2009-01-16 17:37 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Local\Google
2013-11-06 18:51 - 2009-01-12 13:21 - 00000000 ____D C:\ProgramData\Google
2013-11-06 15:55 - 2013-11-06 15:55 - 00000000 _____ C:\autoexec.bat
2013-11-06 15:51 - 2013-11-06 15:51 - 00000126 _____ C:\sh4_service.log
2013-11-06 15:48 - 2013-11-06 15:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-06 15:46 - 2013-11-06 15:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bill @ Deb\Downloads\SpyHunter-Installer.exe
2013-11-06 15:44 - 2009-01-18 12:32 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Local\Adobe
2013-11-06 15:24 - 2013-11-06 15:24 - 01071584 _____ (Solid State Networks) C:\Users\Bill @ Deb\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-11-06 10:50 - 2013-11-06 10:50 - 00000351 _____ C:\spyhunter.log
2013-11-05 16:47 - 2013-11-05 16:47 - 00000024 _____ C:\Windows\8458CEBF4414B328.log
2013-11-05 16:32 - 2012-08-30 18:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 16:32 - 2012-08-30 18:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 15:41 - 2009-01-17 17:20 - 00000125 ___SH C:\ProgramData\.zreglib
2013-11-01 08:29 - 2009-01-17 16:59 - 00000376 _____ C:\Windows\ODBC.INI
2013-11-01 08:29 - 2006-11-02 07:34 - 00000240 _____ C:\Windows\win.ini
2013-10-27 12:04 - 2013-10-27 12:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 12:04 - 2013-10-27 12:02 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 12:04 - 2013-07-01 12:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-27 12:02 - 2013-10-27 12:02 - 00000000 ____D C:\Program Files\iPod
2013-10-21 07:04 - 2009-01-18 16:05 - 00120976 _____ C:\Users\Bill @ Deb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2013-10-18 15:01 - 2013-11-06 15:49 - 00285747 _____ C:\shldr
2013-10-18 15:01 - 2013-11-06 15:49 - 00008192 _____ C:\shldr.mbr
2013-10-16 12:29 - 2012-07-08 10:59 - 00000000 ____D C:\Users\Bill @ Deb\AppData\Roaming\MusicNet
2013-10-12 06:13 - 2009-07-25 12:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 06:13 - 2009-07-25 12:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\Users\Bill @ Deb\AppData\Roaming\skype.ini
C:\Users\Bill @ Deb\CTX.DAT
C:\Users\Bill @ Deb\msconfig.exe
C:\Users\Bill @ Deb\vlcplayer.exe

Some content of TEMP:
====================
C:\Users\Bill @ Deb\AppData\Local\Temp\5cf8a65e-decc-4761-8c43-071f91b09b56.exe
C:\Users\Bill @ Deb\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Bill @ Deb\AppData\Local\Temp\pn2683.exe
C:\Users\Bill @ Deb\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Bill @ Deb\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-11 10:49
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Bill @ Deb at 2013-11-11 12:03:35
Running from C:\Users\Bill @ Deb\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 2.7.0.19480)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader 9.5.5 (x32 Version: 9.5.5)
AnyDVD (x32 Version: 7.3.6.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Control Center (x32 Version: 2.008.0728.2150)
Best Buy pc app (Version: 3.5.1.1)
Best Buy pc app (x32 Version: 3.5.1.1)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon MP Navigator EX 4.1 (x32)
Canon MP830 User Registration (x32)
Canon MX880 series MP Drivers
Canon MX880 series User Registration (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon Speed Dial Utility (x32)
Catalyst Control Center Core Implementation (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Graphics Full New (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Graphics Light (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center InstallProxy (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization French (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization German (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Italian (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Japanese (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Korean (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Spanish (x32 Version: 2008.0728.2151.37274)
Catalyst Control Center Localization Turkish (x32 Version: 2008.0728.2151.37274)
CCC Help Chinese Standard (x32 Version: 2008.0728.2150.37274)
CCC Help Chinese Traditional (x32 Version: 2008.0728.2150.37274)
CCC Help English (x32 Version: 2008.0728.2150.37274)
CCC Help French (x32 Version: 2008.0728.2150.37274)
CCC Help German (x32 Version: 2008.0728.2150.37274)
CCC Help Hungarian (x32 Version: 2008.0728.2150.37274)
CCC Help Italian (x32 Version: 2008.0728.2150.37274)
CCC Help Japanese (x32 Version: 2008.0728.2150.37274)
CCC Help Korean (x32 Version: 2008.0728.2150.37274)
CCC Help Portuguese (x32 Version: 2008.0728.2150.37274)
CCC Help Spanish (x32 Version: 2008.0728.2150.37274)
CCC Help Turkish (x32 Version: 2008.0728.2150.37274)
ccc-core-static (x32 Version: 2008.0728.2151.37274)
ccc-utility64 (Version: 2008.0728.2151.37274)
CloneDVD2 (x32 Version: 2.9.3.0)
Color Network ScanGear Ver.2.3 (x32 Version: 2.30.0000)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Dell Best of Web (x32 Version: 1.00.0000)
Dell Dock (Version: 2.0)
Dell Dock (x32 Version: 2.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Resource CD (x32 Version: 1.00.0000)
Dell Video Chat (remove only) (x32 Version: 6.0 (6551))
DELL0604 (x32 Version: 1.0.0)
Dell-eBay (x32 Version: 1.00.0000)
DING! (x32 Version: 1.05.005)
Dynex DX-E102 PCI 10/100Mb Network Adapter (x32 Version: 1.00.0000)
EDocs (x32)
Elevated Installer (x32 Version: 2.1.13)
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin Update Service (x32 Version: 2.1.13)
Google Update Helper (x32 Version: 1.3.21.165)
H&R Block Deluxe + Efile + State 2010 (x32 Version: 10.04.6301)
H&R Block Deluxe + Efile + State 2011 (x32 Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (x32 Version: 12.05.7803)
H&R Block North Carolina 2010 (x32 Version: 1.10.3701)
H&R Block North Carolina 2011 (x32 Version: 1.11.4401)
H&R Block North Carolina 2012 (x32 Version: 1.12.4201)
HitmanPro 3.7 (Version: 3.7.8.208)
iTunes (Version: 11.1.2.32)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaFACE 4.01 (x32 Version: 4.01)
Memorex exPressit Label Design Studio (x32)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (x32 Version: 14.0.6029.1000)
Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office XP Media Content (x32 Version: 10.0.2619.0)
Microsoft Office XP Small Business (x32 Version: 10.0.6626.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
MotoCast (x32 Version: 2.0.31)
Motorola Device Manager (x32 Version: 2.4.3)
Motorola Device Software Update (x32 Version: 13.07.3101)
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Pdf995 (installed by H&R Block) (x32)
PdfEdit995 (installed by H&R Block) (x32)
PokerStars.net (x32)
PowerDVD (x32 Version: 8.1)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (x32 Version: 1.00)
Realtek High Definition Audio Driver (x32)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Update Manager (x32 Version: 6.0.0)
ScanSoft OmniPage SE 4.0 (x32 Version: 15.00.0020)
Skins (x32 Version: 2008.0728.2151.37274)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
TaxCut Premium + State + Efile 2008 (x32 Version: 08.07.7101)
The Weather Channel App (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
WebEx Support Manager for Internet Explorer (x32 Version: 6.5.4917)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
==================== Restore Points =========================
01-11-2013 21:19:55 Scheduled Checkpoint
02-11-2013 15:25:53 Windows Update
03-11-2013 04:00:02 Scheduled Checkpoint
04-11-2013 05:00:03 Scheduled Checkpoint
05-11-2013 05:00:02 Scheduled Checkpoint
05-11-2013 22:46:36 Scheduled Checkpoint
06-11-2013 13:59:33 Scheduled Checkpoint
06-11-2013 20:48:16 Installed SpyHunter
06-11-2013 21:03:28 Windows Update
07-11-2013 00:21:45 Removed SpyHunter
07-11-2013 00:25:29 Removed SpyHunter
07-11-2013 00:44:07 Removed SpyHunter
07-11-2013 00:48:33 Removed SpyHunter
07-11-2013 00:51:17 Revo Uninstaller's restore point - Spybot - Search & Destroy
07-11-2013 02:14:38 Revo Uninstaller's restore point - Spybot - Search & Destroy
07-11-2013 02:22:01 Revo Uninstaller's restore point - Spybot - Search & Destroy
07-11-2013 14:16:32 Revo Uninstaller's restore point - Spybot - Search & Destroy
07-11-2013 16:03:04 AA11
08-11-2013 16:48:13 Revo Uninstaller's restore point - Browser Address Error Redirector
08-11-2013 16:54:04 Revo Uninstaller's restore point - WildTangent Games
08-11-2013 16:57:23 Revo Uninstaller's restore point - Uninstall Helper
08-11-2013 16:57:35 Removed Uninstall Helper
08-11-2013 18:09:07 Windows Modules Installer
08-11-2013 18:37:45 Windows Modules Installer
11-11-2013 14:35:21 Windows Update
11-11-2013 14:55:53 Before MBAR 11-11-13 9:55AM
==================== Hosts content: ==========================
2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {058C80D8-6F62-4508-A71E-EB75329385CC} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {07A3743D-A05F-453E-9336-3FBD8C186726} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {15F138AE-B4D4-460F-8CD5-56CE840FD329} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {33B82C82-ECD3-4B8C-8269-E3712C5ED641} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-07-25] (Google Inc.)
Task: {43E35690-C9B2-427A-A6A1-D39ED7171387} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {73E43EBD-BB2F-4008-B66F-000107197FE0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {BCFD3ED4-EDB6-4C6C-AE34-4E3A26D17A54} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Bill @ Deb => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {C878ECD4-5D86-413D-ACEA-3091DEE80270} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {E38C8742-9268-41AC-B4D0-89F9C505C0F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE8DA8AE-4EEA-4376-9489-1581A9ABB42A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-07-25] (Google Inc.)
Task: {FA0DE107-E518-448F-8AED-2745A9C1A051} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe
==================== Loaded Modules (whitelisted) =============
2009-01-12 15:34 - 2008-10-29 01:06 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2013-08-14 02:39 - 2013-08-14 02:39 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\0e712174cb630e7b2ffe1a2adb6955cc\VistaBridgeLibrary.ni.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-06-20 16:35 - 2013-06-20 16:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-11-11 10:46 - 2013-11-11 10:46 - 00205824 ____N () C:\Users\Bill @ Deb\AppData\Local\Temp\WindowsAPI.dll628751481593888526.lib
2012-06-23 15:15 - 2012-06-23 15:15 - 00509440 _____ () C:\Users\Bill @ Deb\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
2013-11-11 10:47 - 2013-11-11 10:47 - 00314368 ____N () C:\Users\Bill @ Deb\AppData\Local\Temp\WindowsFolderWatcher.dll1236541175074705331.lib
2013-11-11 10:47 - 2013-11-11 10:47 - 00160256 ____N () C:\Users\Bill @ Deb\AppData\Local\Temp\ZumoLocalGateway.dll3203063283152720772.lib
2013-11-11 10:48 - 2013-11-11 10:48 - 00553984 ____N () C:\Users\Bill @ Deb\AppData\Local\Temp\zumotaglib.dll405756528624231532.lib
2012-10-19 14:46 - 2012-10-19 14:46 - 00699392 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01396736 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00085504 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00030208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00471552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00253440 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00109568 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00038400 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00048640 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00126976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00038912 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00017920 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00248352 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00123947 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00133120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00098304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00078848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00052224 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00123904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00041984 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00212480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00011776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00016896 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00086016 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00091136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00073216 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00026624 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00187904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00069120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00331264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00023552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01694208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00122880 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 02009600 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00033280 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00036864 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00088064 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01376256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01563136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00363008 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00531968 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00119296 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029696 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00037888 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00035840 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00276480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00069632 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00276992 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00207872 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00047616 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00150528 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00039936 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00025088 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00132608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00190976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00035328 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00011264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00054784 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00051712 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00061952 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032768 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00162304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01520128 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00050688 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00196608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00042496 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00013312 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:14D859577049ACCA
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:62E4E252
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2013 10:44:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/11/2013 09:38:26 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bfc
Start Time: 01cedeeaefb38bf0
Termination Time: 10
Error: (11/11/2013 09:31:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/09/2013 11:39:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:57:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:35:09 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 13e0
Start Time: 01cedcb11ea4f041
Termination Time: 105
Error: (11/08/2013 01:25:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:23:23 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (11/08/2013 00:52:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 00:50:31 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

System errors:
=============
Error: (11/11/2013 10:44:12 AM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Service%%2
Error: (11/11/2013 10:28:05 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume3\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE
Error: (11/11/2013 10:28:05 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume3\PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE
Error: (11/11/2013 10:28:05 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume3\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE
Error: (11/11/2013 10:27:55 AM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 10:27:55 AM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 10:27:25 AM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 10:27:25 AM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 10:27:22 AM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 10:27:22 AM) (Source: mbamchameleon) (User: )
Description: C0000022

Microsoft Office Sessions:
=========================
Error: (11/11/2013 10:44:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/11/2013 09:38:26 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005bfc01cedeeaefb38bf010
Error: (11/11/2013 09:31:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/09/2013 11:39:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:57:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:35:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1651413e001cedcb11ea4f041105
Error: (11/08/2013 01:25:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 01:23:23 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (11/08/2013 00:52:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 00:50:31 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

CodeIntegrity Errors:
===================================
Date: 2013-11-11 12:03:11.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:10.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-11 12:03:09.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-07 01:09:07.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.
Date: 2013-11-07 01:09:07.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4094.26 MB
Available physical RAM: 2141.36 MB
Total Pagefile: 8361.8 MB
Available Pagefile: 6475.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:258.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    768 bytes · Views: 1
When trying to post these last two logs, IE would slow/freeze whie trying to post the logs. I was getting a error message from Windows saying that techspot.com had a long running script, would I like to stop the script. I stopped it which allowed posting each log. I am using IE9 64bit. Thanks
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by Bill @ Deb at 2013-11-11 12:26:09 Run:1
Running from C:\Users\Bill @ Deb\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKLM-x32\...\Run: [] - [x]
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Toolbar: HKLM-x32 - No Name - !{57425637-0076-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
C:\Users\Bill @ Deb\AppData\Roaming\skype.ini
C:\Users\Bill @ Deb\CTX.DAT
C:\Users\Bill @ Deb\msconfig.exe
C:\Users\Bill @ Deb\vlcplayer.exe
AlternateDataStreams: C:\Windows:14D859577049ACCA
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:62E4E252
*****************
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{57425637-0076-A76A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{57425637-0076-A76A-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
C:\Users\Bill @ Deb\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Bill @ Deb\CTX.DAT => Moved successfully.
C:\Users\Bill @ Deb\msconfig.exe => Moved successfully.
C:\Users\Bill @ Deb\vlcplayer.exe => Moved successfully.
C:\Windows => ":14D859577049ACCA" ADS removed successfully.
C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully.
C:\ProgramData\TEMP => ":62E4E252" ADS removed successfully.
==== End of Fixlog ====
 
Good :)

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix ran and completed stage 1 through 50. Then it completed Deleting Files and started Deleting Folders. Then the screensaver turned on and when I turned off the screen saver Combofix was stalled. Nothing new in the Combofix window for 10 minutes. The cursor is blinking in the deleting folders section. 5 folders deleted. HDD activity light is flashing. swxcads.3XE process is using 25% CPU. Total CPU is 50% so something else is running. All other processes are 0%.
What should I do?
Thanks Broni
 
You must log in or register to reply here.

Similar threads

midian182
Skull and Bones has the lowest Metacritic user score of 2024 so far
2
Replies
27
Views
590
trieste1s
T
midian182
Elon Musk fires Twitter engineer for arguing with him publicly
2 3
Replies
73
Views
3K
RudyBob
RudyBob
Scorpus
  • Locked
AMD Radeon RX 7900 XTX and 7900 XT launched at $999 and $899
2 3 4
Replies
81
Views
5K
EdmondRC
E

Latest posts

Back