Jump to content

nhbeachguy

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Borislav, Thanks for your offer of help... But when I didn't get a reply for a while I forgot I had posted this so I didn't close it out. I ended up reloading the new Dell from the Dell 'restore partition' (since it was new and I had not done that much customization on it yet). And before I loaded the users data, I scanned and eliminated the virus and malware on the users backup disk - then loaded it onto the new system -- all scans are fine now and the system is running great. If I can figure out how to do it, I'll close this post. Thanks again. \Dave
  2. I tried to post just the FRST.txt from the Farbar Recovery Scan Tool - and I got post too long... (should I attach it someplace?) I'll try the Additional.txt here Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014Ran by Betty at 2014-04-15 10:51:48Running from C:\Users\Betty\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) HiddenCyberLink Media Suite 10 (x32 Version: 10.0.1.3214 - CyberLink Corp.) HiddenCyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.3123 - CyberLink Corp.) HiddenCyberLink PowerDirector 10 (x32 Version: 10.0.1.3126 - CyberLink Corp.) HiddenCyberLink PowerDVD 12 (x32 Version: 12.0.3205.55 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDashlane (HKCU\...\Dashlane) (Version: 2.4.0.60370 - Dashlane SAS)Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) HiddenEpson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) HiddenIntel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) HiddeniTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMovie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMy Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) <==== ATTENTIONTeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 12-04-2014 16:31:37 Revo Uninstaller's restore point - McAfee LiveSafe – Internet Security ==================== Hosts content: ========================== 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {1A607641-A786-4535-AD49-2A29A6EBB8A1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {21F73530-DAAB-4434-8386-AA68CEB4F83F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {35A994B6-A336-49F5-A2ED-0B0F9FCF31F6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {3E9AF056-324C-44C2-8362-341271DFE885} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)Task: {40A6302E-F1B3-4A28-956D-DB6F7560A77D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {675F56FA-B967-46B1-B76A-3CF019472F6A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6BA76143-5AE6-44A4-AE46-ED3E7C319135} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {6F6D6FBD-9641-4E90-B2D7-C92BB4B5329E} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7F541077-0E01-47BA-B36A-BF5D3507D07C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)Task: {81CC918C-DA75-436D-8207-DF5124B3EC08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {89CFE7FF-50C2-4255-A1AD-DCBA18241BB0} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {8F019529-CABC-415B-AB08-4590BFC91BAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A1797BD6-5004-474D-8711-B73EBC280A6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-31] (Microsoft Corporation)Task: {BA6899D4-BBF0-4DF4-8305-A128153F3733} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {C0EA8615-2F1A-484B-AD12-A3A882301A1E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {C248F75F-487D-40C2-8649-446B20726F14} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-12] (AVAST Software)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D1D88098-65B4-4484-86A4-408AC28C5BD6} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DB38F1F3-1CF9-457B-962D-FF94BD83459B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {DCC94845-34B8-4EEE-BE72-8BBC475510FB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {F1F9AE4C-575D-4B6C-9C30-8228626C3311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)Task: {FDD47862-BE66-462C-B21D-A5F24B6CF624} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeTask: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeTask: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-12 12:53 - 2014-04-12 12:53 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-04-03 15:28 - 2013-08-19 12:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll2014-04-03 15:28 - 2013-08-19 12:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll2014-04-12 15:53 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL2014-04-12 15:55 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll2014-04-12 12:52 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-04-12 10:51 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll2014-04-11 18:58 - 2014-04-11 18:58 - 00355328 _____ () C:\Users\Betty\AppData\Roaming\VOPackage\VOsrv.exe2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll2013-09-05 02:20 - 2013-09-05 02:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2013-09-05 02:17 - 2013-09-05 02:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2013-09-05 02:24 - 2013-09-05 02:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2014-04-12 11:38 - 2014-04-08 12:17 - 00219832 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\Dashlane.exe2014-04-15 09:29 - 2014-04-15 09:29 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041500\algo.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-12 11:36 - 2014-04-08 12:15 - 00254648 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 00363704 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 00423608 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 28202680 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 00263352 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 04799160 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.60370.dll2014-04-12 11:36 - 2014-04-08 12:15 - 04311736 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.60370.dll2014-04-12 12:48 - 2014-04-12 12:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-04-03 15:21 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2014-04-03 15:14 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Betty\Documents\Forwarded Msg.eml:OECustomPropertyAlternateDataStreams: C:\Users\Betty\Documents\Fwd_ Fw_ Irish Wish.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3560906 Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 3560906 Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6455844 Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6455844 Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2014 10:18:42 AM) (Source: Software Protection Platform Service) (User: )Description: License Activation (slui.exe) failed with the following error code:hr=0xC004E028Command-line arguments:RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c7c00280-b24d-4e82-89ca-4f1288eb1d9e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/12/2014 09:08:57 AM) (Source: Windows Search Service Profile Notification) (User: )Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-04-12T13:08:57.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Bettys-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200650074007400790073002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion. Error code %2. %3. Error: (04/12/2014 09:08:56 AM) (Source: AVLogEvent) (User: NT AUTHORITY)Description: a7f42014 System errors:=============Error: (04/15/2014 08:16:05 AM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/14/2014 08:44:09 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/14/2014 06:25:02 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/14/2014 05:01:29 AM) (Source: DCOM) (User: Bettys-PC)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/14/2014 05:00:59 AM) (Source: DCOM) (User: Bettys-PC)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/13/2014 11:20:11 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/13/2014 10:03:49 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/13/2014 06:28:40 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/13/2014 05:33:51 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/13/2014 02:53:01 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Microsoft Office Sessions:=========================Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3560906 Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 3560906 Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6455844 Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 6455844 Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2014 10:18:42 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c7c00280-b24d-4e82-89ca-4f1288eb1d9e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/12/2014 09:08:57 AM) (Source: Windows Search Service Profile Notification)(User: )Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-04-12T13:08:57.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Bettys-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200650074007400790073002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event> Error: (04/12/2014 09:08:56 AM) (Source: AVLogEvent)(User: NT AUTHORITY)Description: a7f42014 ==================== Memory info =========================== Percentage of memory in use: 32%Total physical RAM: 4012.94 MBAvailable physical RAM: 2719.31 MBTotal Pagefile: 5420.94 MBAvailable Pagefile: 3968.84 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.08 GB) (Free:886.74 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: 5A21E20E) Partition: GPT Partition Type. ==================== End Of Log ============================
  3. I’m the local tech support guy for my friends and family, but need help when it comes to malware and viruses. I’m helping my friend set up a new Dell Inspiron Small Desktop 3000 Series machine running Windows 8.1 (my first look at Windows 8). Not sure if these issues came from the Dell install (I hope not!) or my friend’s files that I moved over (wish I had run a virus scan before I moved them). Didn’t do much on the Dell except moved over my friends “My Documents” folder. I did install a few programs… couple of printer drivers, TeamViewer, iTunes, Dashlane, Revo Uninstaller, Google Chrome… I used Revo Uninstaller to uninstall the Dell McAfee anti-virus and I installed the free version of Avast. The malware / virus messages I’m getting are: Continue VuuPC Installation, Windows Version Installer, and messages from Avast: C:\Users\Betty\AppData\Local\...\AnyProtect[1].exe Threat: Win32:Dropper-gen [Drp] C:\$Recycle.Bin\...\AnyProtect.exe Threat: Win32:Dropper-gen [Drp] And messages from Malwarebytes PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\nsiF609.tmp, , [554d50daabd03bfbbe0027448e73c23e], PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\nsq389F.tmp, , [0b971c0e7b0074c247775d0e847d4fb1], PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\ICReinstall_nsiF609.tmp, , [c7db44e6f982a4927945096208f9e917], PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\ICReinstall_nsq389F.tmp, , [742eb179502b9d99635bcba00100eb15], Following the instructions here: https://forums.malwarebytes.org/index.php?showtopic=9573 I ran the Farbar Recovery Scan Tool and as instructed I have cut/passed the results below. (well I tried to and I got an error that my post was too long - I'll remove them and try to post them separately Thanks in advance for any help/advice you can provide… \Dave
  4. Wow! What a great resource. Fixed my system and was very responsive. THANK YOU!

  5. OK Thanks. I didn't realize you replied - for some reason this went into versions of this post rather than just one after the other like before.
  6. Forgot the report: RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : DNG [Admin rights]Mode : Scan -- Date : 07/23/2013 12:48:54| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\DNG\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 37b981ee7dc847d0ab5ac94a355315a8-a9e221ad765d4bda292d68908e24ad2fc2ff4341 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3060508525-46462133-2878884125-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\DNG\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 37b981ee7dc847d0ab5ac94a355315a8-a9e221ad765d4bda292d68908e24ad2fc2ff4341 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST32000641AS +++++--- User ---[MBR] fec3924a5cf58494f91c0ad906df8394[bSP] fb0e84880b8dc2d01d7d3e9fb7fa8190 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 1483958 Mo3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 3067011072 | Size: 410165 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07232013_124854.txt >>
  7. Forgot the new report RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : DNG [Admin rights]Mode : Scan -- Date : 07/23/2013 12:48:54| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\DNG\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 37b981ee7dc847d0ab5ac94a355315a8-a9e221ad765d4bda292d68908e24ad2fc2ff4341 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3060508525-46462133-2878884125-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\DNG\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 37b981ee7dc847d0ab5ac94a355315a8-a9e221ad765d4bda292d68908e24ad2fc2ff4341 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST32000641AS +++++--- User ---[MBR] fec3924a5cf58494f91c0ad906df8394[bSP] fb0e84880b8dc2d01d7d3e9fb7fa8190 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 1483958 Mo3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 3067011072 | Size: 410165 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07232013_124854.txt >>
  8. Regarding the RK_Quarantine folder - I did notice a RK report (below) maybe that explains the folder? Is it anything I need to worry about? Does not look like it - was just not sure about the PhysicalDrive0_User.dat
  9. The reboot did it... Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  10. In looking at my desktop I noticed a new folder that was not here earlier called: RK_Quarantine In that folder there are two files PhysicalDrive0_User.dat - todays date at 12:48pm - 1KB and RogueKiller.ini - todays date at 12:51pm - 1kb Is this anything?
  11. OK - I cleaned everything up. In some cases I re-ran the tool just to make sure everything was OK When I ran SecurityCheck.exe I got the following: UNSUPPORTED OPERATING SYSTEM! ABORTED! Any idea what is going on here? When I ran it the first time I got this: Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  12. Here is the report... Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  13. I was already running a full scan before you replied. I had the PUP settings set to display but not check for removal - but when it ended there was nothing detected anyway. I then ran the quick scan with PUP displayed and checked for removal - clean again - as expected (see below). Is there anything else I should do to make sure this system is OK now? Or just use it and see what happens? Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.23.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635DNG :: NICKELCITY [administrator] 7/23/2013 9:17:52 AMmbam-log-2013-07-23 (09-17-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 218313Time elapsed: 2 minute(s), 18 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  14. Have not used the system since the last post. Here is the DDS report. Will try using the system and see if things are fixed. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by DNG at 7:43:56 on 2013-07-23.============== Running Processes ================.C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exeC:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exeC:\Users\DNG\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exeC:\Program Files (x86)\Cyberlink\Shared files\brs.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Nero\Update\NASvc.exec:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN258BS1NJ05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1uRun: [ROC_ROC_APR2013_AV] C:\Users\DNG\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 37b981ee7dc847d0ab5ac94a355315a8-a9e221ad765d4bda292d68908e24ad2fc2ff4341 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exemRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /rmRun: [updReg] C:\Windows\UpdReg.EXEmRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exemRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{03EBDA24-9E2F-45FB-BC3B-E4D9AEF93F2D} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\DNG\AppData\Roaming\Mozilla\Firefox\Profiles\pyb6tyfn.default-1362492069482\FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-07-16 17:13; ffxtlbr@zonealarm.com; C:\Users\DNG\AppData\Roaming\Mozilla\Firefox\Profiles\pyb6tyfn.default-1362492069482\extensions\ffxtlbr@zonealarm.comFF - ExtSQL: 2013-07-16 17:13; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker.============= SERVICES / DRIVERS ===============.R? CLKMSVC10_9EC60124;CyberLink Product - 2011/09/12 21:09:26R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64R? DellDigitalDelivery;Dell Digital Delivery ServiceR? Impcd;ImpcdR? PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper DriverR? RoxMediaDB12OEM;RoxMediaDB12OEMR? RoxWatch12;Roxio Hard Drive Watcher 12R? SkypeUpdate;Skype UpdaterR? TsUsbFlt;TsUsbFltR? TsUsbGD;Remote Desktop Generic USB DeviceR? USBAAPL64;Apple Mobile USB DriverR? WatAdminSvc;Windows Activation Technologies ServiceR? wlcrasvc;Windows Live Mesh remote connections serviceS? afcdp;afcdpS? afcdpsrv;Acronis Nonstop Backup ServiceS? AMD External Events Utility;AMD External Events UtilityS? AtiHDAudioService;ATI Function Driver for HD Audio ServiceS? AVGIDSAgent;AVGIDSAgentS? AVGIDSDriver;AVGIDSDriverS? AVGIDSHA;AVGIDSHAS? Avgldx64;AVG AVI Loader DriverS? Avgloga;AVG Logging DriverS? Avgmfx64;AVG Mini-Filter Resident Anti-Virus ShieldS? Avgrkx64;AVG Anti-Rootkit DriverS? Avgtdia;AVG TDI DriverS? avgwd;AVG WatchDogS? BBSvc;BingBar ServiceS? BBUpdate;BBUpdateS? CompFilter64;UVCCompositeFilterS? HCW85BDA;Hauppauge WinTV 885 Video CaptureS? IAStorDataMgrSvc;Intel® Rapid Storage TechnologyS? IntcDAud;Intel® Display AudioS? ISWKL;ZoneAlarm LTD Toolbar ISWKLS? IswSvc;ZoneAlarm LTD Toolbar IswSvcS? k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0S? LVRS64;Logitech RightSound Filter DriverS? LVUVC64;Logitech HD Webcam C510(UVC)S? NAUpdate;Nero UpdateS? NOBU;Dell DataSafe OnlineS? nusb3hub;NEC Electronics USB 3.0 Hub DriverS? nusb3xhc;NEC Electronics USB 3.0 Host Controller DriverS? PxHlpa64;PxHlpa64S? SftService;SoftThinks Agent ServiceS? tdrpman273;Acronis Try&Decide and Restore Points filter (build 273)S? TeamViewer8;TeamViewer 8S? UMVPFSrv;UMVPFSrv.=============== Created Last 30 ================.2013-07-22 21:30:58 -------- d-----w- C:\Windows\ERUNT2013-07-22 16:44:40 388096 ----a-r- C:\Users\DNG\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-07-22 16:44:40 -------- d-----w- C:\Program Files (x86)\Trend Micro2013-07-20 16:27:21 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-07-20 16:17:34 -------- d-----w- C:\Users\DNG\AppData\Local\Programs2013-07-16 21:12:40 -------- d-----w- C:\Windows\System32\MRT2013-07-16 21:11:16 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD2013-07-16 21:11:13 -------- d-----w- C:\Users\DNG\AppData\Roaming\Check Point Software Technologies LTD2013-07-16 20:49:00 -------- d-----w- C:\Users\DNG\AppData\Roaming\CANON INC2013-07-16 20:46:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-16 20:35:05 -------- d-----w- C:\Users\DNG\AppData\Roaming\Canon_Inc_IC2013-07-16 20:34:40 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC2013-07-16 20:34:40 -------- d-----w- C:\Program Files (x86)\Canon2013-07-16 20:29:57 -------- d-----w- C:\ProgramData\Canon_Inc_IC2013-07-13 21:36:22 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-13 21:36:22 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-13 21:36:22 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-13 21:36:22 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-13 21:36:22 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-13 21:36:22 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-13 21:36:21 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-13 21:35:39 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-13 21:35:39 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-13 21:34:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-13 21:34:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-13 21:33:34 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-13 21:33:10 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-13 21:33:10 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-13 21:33:10 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-13 21:33:10 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-13 21:33:10 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-13 21:31:02 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-13 21:31:02 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll.==================== Find3M ====================.2013-07-16 20:46:00 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-07-16 20:46:00 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-11 21:48:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-11 21:48:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.============= FINISH: 7:44:21.13 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.