Jump to content

MLM25

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I didn't see your prior response. Please bump the thread to keep it open. Thanks.
  2. So sorry. I thought I posted earlier. I'm away from my other laptop for a while. I do want to continue with this project but have to postpone any more activity for a while. Do we have to close this thread and reopen another one to continue?
  3. AdChoices is still prevalent. The others, not so much. I'd like to remove it, but can't do it right away as I'll be travelling tomorrow. Is it okay to keep the tools until after we work on AdChoices? Will the tools slow down or clutter my system?
  4. I think we've removed ScorpionSaver and DealSlider. Whew! What a mess. I still have some AdChoices, SailthruAds, and an occasional media.fastclick.net popup. If they become too much of a nuisance, I'll be back for more assistance. Thank you, Kevin, for your patience with me. I sometimes don't read and follow directions well. Mahalo and aloha.
  5. Zoek.exe v5.0.0.0 Updated 16-December-2013 Tool run by MaryLou on Wed 12/18/2013 at 8:04:12.79. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\MaryLou\Downloads\zoek\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 12/18/2013 8:05:48 AM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Neat\exec\NeatStartupService.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Users\MaryLou\Downloads\zoek\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util BrowseFox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BrowseFox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update BrowseFox deleted successfully ==== Deleting Files \ Folders ====================== "c:\Windows\Installer\180e6.msi" not found C:\extensions.sqlite deleted C:\ProgramData\boost_interprocess deleted C:\Users\MaryLou\AppData\Local\CRE deleted C:\Users\MaryLou\AppData\Local\avgchrome deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Public\Desktop\Picasa Album Downloader.lnk deleted ==== Registry Search Results for "standardsearch" ====================== No instances of string "standardsearch" found. ==== System Specs ====================== Operating System: Microsoft Windows 8 6.2.9200 64-bit Manufacturer: Hewlett-Packard - Model: HP 2000 Notebook PC Install Date: 8/8/2013 6:00:04 PM Last Boot: 12/17/2013 8:18:46 PM Processor: AMD E2-1800 APU with Radeon HD Graphics Number of Processors: 2 Work Station Bootmode: Normal boot Total RAM: 3682 MB (free 2104 MB - 57) Computername: HOME Domain: WORKGROUP User: MaryLou (Administrator account) Local Disk: C:\ - NTFS - 442 GB (free 386 GB) Local Disk: D:\ - NTFS - 22 GB (free 2 GB) CD \ DVD Drive: E:\ Bootdevice: \Device\HarddiskVolume2 Windows update: Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton Internet Security disabled (Outdated) Firewall: Norton Internet Security disabled Default Browser: Google Chrome 31.0.1650.63 Internet Explorer Version: 10.0.9200.16750 Google Chrome version: 31.0.1650.63 Sun Java version: 1.7.0_45 (32-bit) Shockwave Player version: 11.6.6r636 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-12-16 18:05:25 3EDF4B6DB245F018596627A53A0E420D 716293887 ----a-w- C:\Windows\MEMORY.DMP 2013-12-06 00:34:24 DEFDDE8D1E14D5129A2E14F1027CF345 182532 ----a-w- C:\Windows\hpwins19.dat 2013-12-06 00:34:24 540D4364D814D8B67FC7524316DDDD1A 633 ------w- C:\Windows\hpwmdl19.dat ====== C:\Users\MaryLou\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-12-12 08:14:30 55C7A599269BDC4772E795A1327ECFAA 156160 ----a-w- C:\Windows\SysWOW64\scrrun.dll 2013-12-12 08:14:29 6954431724A32132E8961D9BA2708786 115712 ----a-w- C:\Windows\SysWOW64\cscript.exe 2013-12-12 08:14:29 23D0BC752AB7539D9886D4E56BF8F69F 162304 ----a-w- C:\Windows\SysWOW64\scrobj.dll 2013-12-12 08:14:18 E88AA25060A1A9940298ED0A279D3D46 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-12-12 08:14:18 D9DFD27BCCE44BEE511B744E3E7ADF45 1140736 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-12-12 08:14:17 3AA6FD9B534F17CBD5D311DDC077973C 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-12-12 08:14:16 AAB1AAC2A837F11C23187FFE0F5D314E 13761536 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-12-12 08:12:59 B5F3BF5CFCB13282ACD790D5CBE52B80 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-12-12 08:12:59 AED28606A69169DF3D1142680AE8865A 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-12-12 08:12:37 EC9B165452E1F9F021913868EEB729F2 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-12-12 08:12:36 B8FAAC62ED026D87B3E743B339C92786 14356992 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-12-12 08:11:01 6E3FE9ED37F6B3EE671AB3893DF8717A 59392 ----a-w- C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 08:10:43 76260C0FC2B57D9B0CC225E373C3578F 628736 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2013-12-12 08:10:42 ED2612731F5D9DA4F22E2C6B311F0506 488960 ----a-w- C:\Windows\SysWOW64\resutils.dll 2013-12-12 08:10:41 F3C7A2A76A5262B68A98009A71987D2E 302080 ----a-w- C:\Windows\SysWOW64\clusapi.dll 2013-12-12 08:10:40 2C1467A6FF34E6E13920D9E546D47E50 551424 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2013-12-12 08:10:38 745090E87A3EEA65AD1EFFCD2CFEC366 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2013-12-12 08:10:38 1C4BD0C76158F05A3FF34436461C22DA 126976 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2013-12-12 08:10:38 008AC9B51D8EC5AC16921358A84B8FD6 84992 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2013-12-12 08:09:47 09246837DE0FB0AB51EF2CE4B17BDE83 368640 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 08:08:47 E7CCBE84264E073BB307839E01A33BF7 273408 ----a-w- C:\Windows\SysWOW64\msieftp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-12-13 17:15:03 950CF4063CEAB931E3B93DE1DBE580A0 323200 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2013-12-12 08:14:30 F5BAFB32D8EC6286B96C23E27CEF2578 146944 ----a-w- C:\Windows\Sysnative\cscript.exe 2013-12-12 08:14:30 D890ECBF9D1BE08B81C7832690DD16B0 143872 ----a-w- C:\Windows\Sysnative\wshom.ocx 2013-12-12 08:14:30 C867433D5C96E4F616F0AEC2E0E46B5D 222720 ----a-w- C:\Windows\Sysnative\scrobj.dll 2013-12-12 08:14:30 907B7589463313452942F17297D8CDB7 194048 ----a-w- C:\Windows\Sysnative\scrrun.dll 2013-12-12 08:14:18 2DA75D0CC0A3CE775C7F823E6C2355DA 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-12-12 08:14:16 4398619B257439867B80E7F5239479F1 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-12-12 08:14:12 C1AD905DCD475A88802FA8C4A5283AA6 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-12-12 08:14:12 62608962D83846E12529032E56D97AC2 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-12-12 08:14:07 E7099336BF7531B6FCC920DCB5101259 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-12-12 08:14:03 F164B9D9EB6AA4FED10AC2DA8CB4A89A 19271168 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-12-12 08:13:02 7A94C5BB4A430394B3C3800281CBD3D0 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-12-12 08:12:59 422EF1C2294F03C56F9639BAF837A4B4 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-12-12 08:12:34 69066C0F7E2BDF63462388390A5DFB2C 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-12-12 08:12:33 51107DD3E8DF825ED09CF028F6C8B138 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll 2013-12-12 08:11:01 544A2EB9629532C6C8D4FE7DB9181FA4 62976 ----a-w- C:\Windows\Sysnative\imagehlp.dll 2013-12-12 08:10:45 311E5E1976E0BD9110A88B93158055D5 3279872 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2013-12-12 08:10:44 C9549BC9C3E3DECD8BE81E527137B85F 773120 ----a-w- C:\Windows\Sysnative\wuapi.dll 2013-12-12 08:10:43 DE9FDB812157F77CA4EB46E3ABB40448 374784 ----a-w- C:\Windows\Sysnative\clusapi.dll 2013-12-12 08:10:43 D728042519B8FCBEE14EC250E3F050B8 626688 ----a-w- C:\Windows\Sysnative\resutils.dll 2013-12-12 08:10:42 BB1B37C53D09CA41E2A55DD9D6C1B32E 778752 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2013-12-12 08:10:40 AAE63132AEE6A66A8DA6DADB7EC6C28F 59416 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2013-12-12 08:10:40 A7045F139A9C3ABE4AA838E17D1DB8C7 1622016 ----a-w- C:\Windows\Sysnative\wucltux.dll 2013-12-12 08:10:39 D2096B322A5F8D9354B61B4BFDFA7132 385528 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2013-12-12 08:10:39 8C30507C9EAA8F1E7D62D4388DC5330E 252928 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll 2013-12-12 08:10:38 E6434F7D79D112FAB2EF83D340E06EE1 99328 ----a-w- C:\Windows\Sysnative\wudriver.dll 2013-12-12 08:10:38 E363AD0D35F79615E6596AE70184FEE2 40448 ----a-w- C:\Windows\Sysnative\wuapp.exe 2013-12-12 08:10:38 493C5728796ABBF760147CA38C3418E9 142848 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2013-12-12 08:10:38 1D40913DA534B116B8F15CCC747918A3 175104 ----a-w- C:\Windows\Sysnative\storewuauth.dll 2013-12-12 08:09:47 6669946CF2CF5B5299A90B22C9189350 420864 ----a-w- C:\Windows\Sysnative\WMPhoto.dll 2013-12-12 08:09:36 A10B2CB810FF727328872C8D5673D491 4036608 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-12-12 08:08:47 709AF101E72F2FB30B1A47B7EBD8034C 312320 ----a-w- C:\Windows\Sysnative\msieftp.dll ====== C:\Windows\Sysnative\drivers ===== 2013-12-12 08:10:43 E6AF4DF1817953D73C519B17CF849756 1455448 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2013-12-12 08:10:42 E5F7328B1D29BCE791862CD3C0DD382A 447320 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2013-12-12 08:10:41 9110193D93960E38B8692E4519C75D72 285016 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys 2013-12-12 08:08:49 857433889008F86728E8C099C740729D 288768 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys 2013-12-12 03:22:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== 2013-12-03 17:25:00 EED9ADCE1A1F6B01E2EAB90A664DA4DD 3106 ----a-w- C:\Windows\Sysnative\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-26 23:49:45 -------- d-----w- C:\Program Files\SAMSUNG ======= C:\PROGRA~2 ===== 2013-12-15 16:53:27 -------- d-----w- C:\PROGRA~2\VS Revo Group 2013-12-06 00:49:16 -------- d-----w- C:\PROGRA~2\Microsoft 2013-12-06 00:43:36 -------- d-----w- C:\PROGRA~2\COMMON~1\HP 2013-12-06 00:43:34 -------- d-----w- C:\PROGRA~2\COMMON~1\Hewlett-Packard 2013-12-06 00:41:19 -------- d-----w- C:\PROGRA~2\HP ======= C: ===== ====== C:\Users\MaryLou\AppData\Roaming ====== 2013-12-15 16:53:28 -------- d-----w- C:\Users\MaryLou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2013-12-06 00:48:27 -------- d-----w- C:\Users\MaryLou\AppData\Roaming\HpUpdate 2013-11-26 19:31:21 -------- d-----w- C:\Users\MaryLou\AppData\Local\NPE 2013-11-24 04:24:28 -------- d-----w- C:\Users\MaryLou\AppData\Locallow\{E4607B39-174A-44BA-AB08-8892366ECA13} 2013-11-24 00:19:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2013-11-20 21:07:24 1BC91ABD737539300F3E758D35EF5B32 4608 ----a-w- C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ====== C:\Users\MaryLou ====== 2013-12-17 18:47:24 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-15 16:52:24 9A457D1881309670E86337D2A99621FE 10031224 ----a-w- C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 16:51:44 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 21:09:26 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\MaryLou\Downloads\dds.com 2013-12-13 21:08:52 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 20:54:21 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 17:02:12 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-12 03:21:13 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-06 00:47:21 -------- d-----w- C:\ProgramData\HP Product Assistant 2013-12-06 00:43:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2013-12-06 00:33:45 -------- d-----w- C:\ProgramData\HP 2013-12-05 23:02:37 0E7382372E946BE2BDC0B6F5ADAC076A 291513352 ----a-w- C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe 2013-12-04 16:49:00 1EE758D4EF4AADE8A7BD32BA10FD7ED5 5485920 ----a-w- C:\Users\MaryLou\Downloads\SymHelp.exe 2013-12-03 21:02:30 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp 2013-11-26 23:48:39 -------- d-----w- C:\ProgramData\Samsung ====== C: exe-files == 2013-12-17 22:17:48 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLIAPM33\FRST64[1].exe 2013-12-17 22:17:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA0QZNJI\FRST64[1].exe 2013-12-17 18:47:24 3A09DC911885EC332EE3E6CC54016A1B 1928078 ----a-w- C:\Users\MaryLou\Downloads\FRST-OlderVersion\FRST64.exe 2013-12-17 18:47:24 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-15 16:53:30 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe 2013-12-15 16:52:24 9A457D1881309670E86337D2A99621FE 10031224 ----a-w- C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 16:51:44 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 04:50:53 F4CCCAB03392ECA3BCB6EAB9DB2089E0 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_NSPOS.exe 2013-12-14 04:50:53 F228ECDCDF7D094326F43ADF29A0DBD5 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_EMEA.exe 2013-12-14 04:50:53 C7EC72A8673DD2CC88A8384CA6D00120 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_US.exe 2013-12-14 04:50:53 5288FEC36ADB27C8A24623F6DB8858B8 72920 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_toastNotify.exe 2013-12-13 21:08:52 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 20:54:21 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 17:02:12 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-12 08:12:34 A48AA87D52D2CC1D5E017A08D2409386 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2013-12-12 08:12:33 407A04BA1AC87A2F40F592191B62F3D0 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2013-12-12 03:21:13 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-12 02:44:25 292498C29B4D7FAA420C7FF1111E1467 11136160 ----a-w- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0oemBingBarSetup-Partner.EXE === C: other files == 2013-12-14 21:09:26 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\MaryLou\Downloads\dds.com 2013-12-12 08:10:43 E6AF4DF1817953D73C519B17CF849756 1455448 ----a-w- C:\Windows\System32\Drivers\dxgkrnl.sys 2013-12-12 08:10:42 E5F7328B1D29BCE791862CD3C0DD382A 447320 ----a-w- C:\Windows\System32\Drivers\USBHUB3.SYS 2013-12-12 08:10:41 9110193D93960E38B8692E4519C75D72 285016 ----a-w- C:\Windows\System32\Drivers\spaceport.sys 2013-12-12 08:09:36 A10B2CB810FF727328872C8D5673D491 4036608 ----a-w- C:\Windows\System32\win32k.sys 2013-12-12 08:08:49 857433889008F86728E8C099C740729D 288768 ----a-w- C:\Windows\System32\Drivers\portcls.sys 2013-12-12 03:22:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\Drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 545" [HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"" "FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 545" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\bitguard\\271769~1.27\\{c16c1~1\\loader.dll" ==== Startup Folders ====================== 2013-12-06 00:45:25 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2013-09-04 08:56:56 2221 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk 2013-09-04 08:56:58 2434 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk 2013-09-04 08:56:57 2030 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job --a-------- C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/13/2013 07:40 PM] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job --a-------- C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/13/2013 07:40 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/15/2013 06:19 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/15/2013 06:19 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core" [C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA" [C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe"] "C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9EFAFB1E-C4BA-4F62-AF85-A060F251D5D6}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF" [10/09/2013 10:45 AM] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[12/09/2013 02:38 AM] Norton Identity Protection - MaryLou - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - MaryLou - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage deleted successfully C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage-journal deleted successfully C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage deleted successfully C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.msn.com/hpnot13/1" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://g.msn.com/hpnot13/1" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" O4 - HKCU\..\RunOnce: [uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: VPDAgent (Agent) - Two Pilots - C:\Windows\VPDAgent_x64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Neat Startup Service - The Neat Company - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\MaryLou\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MaryLou\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Wed 12/18/2013 at 10:07:29.42 ======================
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2013 02 Ran by MaryLou at 2013-12-17 15:38:15 Run:1 Running from C:\Users\MaryLou\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File C:\Program Files (x86)\Deal Slider Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File CHR DefaultSearchKeyword: babylon.com CHR DefaultSearchProvider: Search the web (Babylon) CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980 CHR DefaultNewTabURL: CHR Extension: (Deal Slider ) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0 End Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.17.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 MaryLou :: HOME [administrator] Protection: Enabled 12/17/2013 3:41:58 PM mbam-log-2013-12-17 (15-41-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208936 Time elapsed: 9 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ***************** HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4607B39-174A-44BA-AB08-8892366ECA13} => Key deleted successfully. HKCR\CLSID\{E4607B39-174A-44BA-AB08-8892366ECA13} => Key deleted successfully. "C:\Program Files (x86)\Deal Slider" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E13BF069-886E-416B-B532-6B14242CC508} => Value deleted successfully. HKCR\CLSID\{E13BF069-886E-416B-B532-6B14242CC508} => Key deleted successfully. CHR DefaultSearchKeyword: babylon.com ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultSearchProvider: Search the web (Babylon) ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980 ==> The Chrome "Settings" can be used to fix the entry. C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm => Moved successfully. ==== End of Fixlog ====
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 01 Ran by MaryLou (administrator) on HOME on 17-12-2013 11:52:22 Running from C:\Users\MaryLou\Downloads Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Two Pilots) C:\Windows\VPDAgent_x64.exe (AMD) C:\Windows\System32\atiesrxx.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (AMD) C:\Windows\System32\atieclxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msdt.exe (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard) HKCU\...\Run: [Facebook Update] - C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-13] (Facebook Inc.) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) HKCU\...\Runonce: [uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKCU\...\Policies\Explorer: [NofolderOptions] 0 HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-23] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpnot13/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation) BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation) Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 Chrome: ======= CHR DefaultSearchKeyword: babylon.com CHR DefaultSearchProvider: Search the web (Babylon) CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980 CHR DefaultNewTabURL: CHR Extension: (Deal Slider ) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0 CHR Extension: (Norton Identity Protection) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0 CHR Extension: (Google Wallet) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S2 Util BrowseFox; "C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131216.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\ENG64.SYS [126040 2013-12-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\EX64.SYS [2099288 2013-12-10] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-07-31] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-17 11:52 - 2013-12-17 11:56 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt 2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST 2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt 2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt 2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt# 2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt 2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt 2013-12-16 11:05 - 2013-12-16 11:06 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp 2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP 2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump 2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt 2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk 2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 14:12 - 2013-12-14 14:23 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt 2013-12-14 14:12 - 2013-12-14 14:11 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt 2013-12-14 14:11 - 2013-12-14 14:20 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos 2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com 2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots 2013-12-14 11:41 - 2013-12-14 11:42 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts 2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt 2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM 2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 13:55 - 2013-12-15 18:21 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt 2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-12 01:14 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 01:14 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 01:14 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 01:14 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-12 01:14 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 01:14 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-12 01:14 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 01:14 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 01:14 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 01:14 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-12 01:14 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 01:14 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2013-12-12 01:14 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 01:14 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 01:14 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 01:14 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2013-12-12 01:14 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 01:13 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 01:12 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-12-12 01:12 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 01:12 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 01:12 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-12 01:11 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 01:11 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 01:10 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-12-12 01:10 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-12-12 01:10 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-12-12 01:10 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-12-12 01:10 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2013-12-12 01:10 - 2013-10-03 15:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml 2013-12-12 01:10 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2013-12-12 01:10 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-12-12 01:10 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-12-12 01:10 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-12-12 01:10 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2013-12-12 01:10 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2013-12-12 01:10 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2013-12-12 01:10 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2013-12-12 01:09 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 01:09 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 01:09 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 01:08 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 01:08 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 01:08 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-11 20:22 - 2013-12-11 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-11 20:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu 2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk 2013-12-05 17:48 - 2013-12-13 09:00 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate 2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-05 17:41 - 2013-12-13 08:46 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-05 17:34 - 2013-12-05 22:53 - 00182532 _____ C:\Windows\hpwins19.dat 2013-12-05 17:34 - 2013-12-05 22:53 - 00000359 _____ C:\ProgramData\hpzinstall.log 2013-12-05 17:34 - 2012-09-27 13:32 - 00000633 ____N C:\Windows\hpwmdl19.dat 2013-12-05 17:33 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP 2013-12-05 16:02 - 2013-12-05 16:16 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe 2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe 2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1} 2013-11-29 14:02 - 2013-12-15 18:11 - 00000000 ____D C:\AdwCleaner 2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe 2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung 2013-11-26 16:46 - 2013-11-26 16:47 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe 2013-11-26 12:31 - 2013-11-26 16:34 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE 2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25 2013-11-25 12:51 - 2013-11-25 12:59 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip 2013-11-24 00:51 - 2013-11-25 13:41 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db 2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk 2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe 2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en 2013-11-23 16:17 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-11-23 16:17 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-11-23 16:17 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-11-23 16:16 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-11-23 16:16 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-11-20 14:07 - 2013-11-20 14:09 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== One Month Modified Files and Folders ======= 2013-12-17 11:56 - 2013-12-17 11:52 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt 2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST 2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-17 11:34 - 2013-08-15 18:19 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-17 11:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru 2013-12-17 10:45 - 2013-09-13 19:40 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job 2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt 2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt 2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt# 2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt 2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt 2013-12-17 07:07 - 2013-08-15 18:19 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-16 19:45 - 2013-08-08 17:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EFAFB1E-C4BA-4F62-AF85-A060F251D5D6} 2013-12-16 16:45 - 2013-09-13 19:40 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job 2013-12-16 13:17 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 13:16 - 2012-07-25 22:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-16 11:12 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-12-16 11:06 - 2013-12-16 11:05 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp 2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP 2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump 2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt 2013-12-15 18:21 - 2013-12-13 13:55 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt 2013-12-15 18:21 - 2013-08-08 17:00 - 01092364 _____ C:\Windows\WindowsUpdate.log 2013-12-15 18:11 - 2013-11-29 14:02 - 00000000 ____D C:\AdwCleaner 2013-12-15 18:06 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2013-12-15 12:08 - 2013-08-13 22:24 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 12:00 - 2013-08-12 17:46 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk 2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 14:23 - 2013-12-14 14:12 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt 2013-12-14 14:20 - 2013-12-14 14:11 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos 2013-12-14 14:11 - 2013-12-14 14:12 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt 2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com 2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots 2013-12-14 11:42 - 2013-12-14 11:41 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts 2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt 2013-12-13 21:54 - 2013-08-09 22:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-12-13 21:52 - 2013-08-09 22:29 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM 2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-13 09:00 - 2013-12-05 17:48 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate 2013-12-13 08:47 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-12-13 08:46 - 2013-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-13 08:45 - 2013-04-29 01:20 - 00000000 ____D C:\Windows\Hewlett-Packard 2013-12-12 08:43 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache 2013-12-12 08:20 - 2012-07-26 00:28 - 00941178 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-12 08:14 - 2012-08-03 15:23 - 00272662 _____ C:\Windows\PFRO.log 2013-12-12 08:10 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2013-12-12 01:11 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe 2013-12-12 01:09 - 2013-08-08 17:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734144309-4116549082-540705525-1002 2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-10 12:21 - 2013-09-29 01:17 - 00000000 ____D C:\Users\MaryLou\AppData\Local\CrashDumps 2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 09:35 - 2013-08-15 18:19 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu 2013-12-07 14:20 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF 2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk 2013-12-05 22:53 - 2013-12-05 17:34 - 00182532 _____ C:\Windows\hpwins19.dat 2013-12-05 22:53 - 2013-12-05 17:34 - 00000359 _____ C:\ProgramData\hpzinstall.log 2013-12-05 22:29 - 2013-08-15 18:19 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-05 22:29 - 2013-08-15 18:19 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-05 17:47 - 2013-12-05 17:33 - 00000000 ____D C:\ProgramData\HP 2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-05 16:16 - 2013-12-05 16:02 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe 2013-12-05 15:38 - 2013-08-15 18:21 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe 2013-12-03 19:43 - 2012-07-26 00:21 - 00036257 _____ C:\Windows\setupact.log 2013-12-03 17:53 - 2013-11-13 22:08 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-03 17:53 - 2013-11-13 22:08 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1} 2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe 2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung 2013-11-26 16:47 - 2013-11-26 16:46 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe 2013-11-26 16:34 - 2013-11-26 12:31 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE 2013-11-26 12:31 - 2013-04-29 01:54 - 00000000 ____D C:\ProgramData\Norton 2013-11-26 09:55 - 2013-08-08 17:05 - 00000000 ___RD C:\Users\MaryLou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-25 13:41 - 2013-11-24 00:51 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db 2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25 2013-11-25 12:59 - 2013-11-25 12:51 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip 2013-11-24 12:53 - 2013-09-03 22:41 - 00224768 ___SH C:\Users\MaryLou\Desktop\Thumbs.db 2013-11-23 22:45 - 2013-08-08 17:05 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Adobe 2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk 2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe 2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en 2013-11-23 16:18 - 2012-10-19 19:32 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-11-23 16:17 - 2012-10-19 19:32 - 00000547 _____ C:\Windows\DirectX.log 2013-11-23 16:11 - 2013-11-03 22:46 - 1042329780 _____ C:\Users\MaryLou\Downloads\Photos (7).zip 2013-11-23 16:02 - 2013-11-11 21:52 - 00000000 ____D C:\Users\MaryLou\AppData\Local\Windows Live 2013-11-22 23:43 - 2013-12-12 01:09 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-11-22 22:05 - 2013-12-12 01:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-21 01:27 - 2013-08-08 16:58 - 00000000 ____D C:\Users\MaryLou 2013-11-20 14:09 - 2013-11-20 14:07 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-17 11:17 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 01 Ran by MaryLou at 2013-12-17 11:57:34 Running from C:\Users\MaryLou\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 4 Elements II (x32 Version: 2.2.0.98) 4500_Help (x32 Version: 1.00.0000) 64 Bit HP CIO Components Installer (Version: 7.2.8) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) AMD Fuel (Version: 2012.0912.1709.28839) AMD Quick Stream (Version: 3.3.26.0) AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839) Bejeweled 3 (x32 Version: 2.2.0.98) Bing Bar (x32 Version: 7.2.241.0) Bonjour (Version: 3.0.0.10) bpd_scan (x32 Version: 3.00.0000) BPDSoftware (x32 Version: 140.0.001.000) BPDSoftware_Ini (x32 Version: 1.00.0000) BufferChm (x32 Version: 140.0.298.000) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98) Canon MX870 series MP Drivers Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0912.1709.28839) Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839) Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839) CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839) CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839) CCC Help Czech (x32 Version: 2012.0912.1708.28839) CCC Help Danish (x32 Version: 2012.0912.1708.28839) CCC Help Dutch (x32 Version: 2012.0912.1708.28839) CCC Help English (x32 Version: 2012.0912.1708.28839) CCC Help Finnish (x32 Version: 2012.0912.1708.28839) CCC Help French (x32 Version: 2012.0912.1708.28839) CCC Help German (x32 Version: 2012.0912.1708.28839) CCC Help Greek (x32 Version: 2012.0912.1708.28839) CCC Help Hungarian (x32 Version: 2012.0912.1708.28839) CCC Help Italian (x32 Version: 2012.0912.1708.28839) CCC Help Japanese (x32 Version: 2012.0912.1708.28839) CCC Help Korean (x32 Version: 2012.0912.1708.28839) CCC Help Norwegian (x32 Version: 2012.0912.1708.28839) CCC Help Polish (x32 Version: 2012.0912.1708.28839) CCC Help Portuguese (x32 Version: 2012.0912.1708.28839) CCC Help Russian (x32 Version: 2012.0912.1708.28839) CCC Help Spanish (x32 Version: 2012.0912.1708.28839) CCC Help Swedish (x32 Version: 2012.0912.1708.28839) CCC Help Thai (x32 Version: 2012.0912.1708.28839) CCC Help Turkish (x32 Version: 2012.0912.1708.28839) ccc-utility64 (Version: 2012.0912.1709.28839) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98) Cradle of Rome 2 (x32 Version: 2.2.0.98) CyberLink Media Suite 10 (x32 Version: 10.0.2.2114) CyberLink Power2Go 8 (x32 Version: 8.0.2.2110) CyberLink PowerDVD (x32 Version: 10.0.7.4528) CyberLink YouCam (x32 Version: 3.5.5.5811) D3DX10 (x32 Version: 15.4.2368.0902) Destinations (x32 Version: 140.0.253.000) DeviceDiscovery (x32 Version: 140.0.298.000) DocProc (x32 Version: 140.0.185.000) Energy Star (x32 Version: 1.0.9) Epson Connect (x32) Epson Customer Participation (Version: 1.0.0.0) Epson Download Navigator (x32 Version: 1.0.1) Epson Event Manager (x32 Version: 2.50.0001) Epson FAX Utility (x32 Version: 1.20.00) Epson PC-FAX Driver (x32) EPSON Scan (x32) EPSON WorkForce 545 Series Printer Uninstall EpsonNet Print (x32 Version: 2.4j) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Farm Frenzy (x32 Version: 2.2.0.98) FATE: The Cursed King (x32 Version: 2.2.0.97) Fax (x32 Version: 140.0.307.000) Final Drive Fury (x32 Version: 2.2.0.95) Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32) Google Chrome (x32 Version: 31.0.1650.63) Google Earth (x32 Version: 7.1.2.2041) Google Update Helper (x32 Version: 1.3.22.3) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95) GPBaseService2 (x32 Version: 140.0.297.000) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98) Hoyle Card Games (x32 Version: 2.2.0.95) HP Connected Remote (x32 Version: 1.0.1218) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Customer Participation Program 14.0 (Version: 14.0) HP Documentation (x32 Version: 1.2.0.0) HP Games (x32 Version: 1.0.3.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP MyRoom (x32 Version: 9.0.0.0) HP Officejet J4500 Series 14.0 Rel. 6 (Version: 14.0) HP Postscript Converter (Version: 3.1.3591) HP Quick Launch (x32 Version: 3.0.6) HP Recovery Manager (x32 Version: 8.00) HP Registration Service (Version: 1.1.6232.4245) HP Solution Center 14.0 (Version: 14.0) HP Support Assistant (x32 Version: 7.0.39.15) HP Update (x32 Version: 5.005.000.002) HP Utility Center (x32 Version: 1.0.8) HP Wireless Button Driver (x32 Version: 1.0.6.1) HPProductAssistant (x32 Version: 140.0.298.000) HPSSupply (x32 Version: 140.0.297.000) J4500 (x32 Version: 140.0.001.000) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jewel Match 3 (x32 Version: 2.2.0.98) John Deere Drive Green (x32 Version: 2.2.0.95) Luxor Evolved (x32 Version: 2.2.0.98) Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 140.0.212.000) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 2.2.173.0) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Silverlight (x32 Version: 5.1.20913.0) Microsoft SkyDrive (HKCU Version: 17.0.2015.0811) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98) Movie Maker (x32 Version: 16.4.3505.0912) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98) Neat (x32 Version: 5.2.2.3) Neat ADF Scanner 2008 Driver (Version: 2.0.1.5) Neat ADF Scanner Driver (Version: 2.0.2.1) Neat Core Files (x32 Version: 5.2.2.3) Neat Mobile Scanner (Silver) Driver (Version: 2.0.1.5) Neat Mobile Scanner 2008 Driver (Version: 2.0.1.4) Neat Mobile Scanner Driver (Version: 2.0.1.2) Norton Internet Security (x32 Version: 21.1.0.18) OCR Software by I.R.I.S. 14.0 (Version: 14.0) OpenOffice 4.0.1 (x32 Version: 4.01.9714) Peggle Nights (x32 Version: 2.2.0.98) Penguins! (x32 Version: 2.2.0.98) Photo Gallery (x32 Version: 16.4.3505.0912) Picasa 3 (x32 Version: 3.9) PicasaAlbumDownloader (x32 Version: 1.0.0) Polar Bowler (x32 Version: 2.2.0.97) Polar Golfer (x32 Version: 2.2.0.98) ProductContext (x32 Version: 140.0.001.000) Qualcomm Atheros Driver Installation Program (x32 Version: 10.0) QuickBooks (x32 Version: 23.0.4008.2305) QuickBooks Pro 2013 (x32 Version: 23.0.4006.2305) Quicken 2012 (x32 Version: 21.1.7.18) Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034) Revo Uninstaller 1.95 (x32 Version: 1.95) Roads of Rome 3 (x32 Version: 2.2.0.98) Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0) Scan (x32 Version: 140.0.253.000) Send To Neat (Version: 1.1.0.0) Shop for HP Supplies (Version: 14.0) SolutionCenter (x32 Version: 140.0.299.000) Status (x32 Version: 140.0.342.000) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 16.6.1.3) Tales of Lagoona (x32 Version: 2.2.0.110) Toolbox (x32 Version: 140.0.596.000) TrayApp (x32 Version: 140.0.297.000) Update Installer for WildTangent Games App (x32) WebReg (x32 Version: 140.0.297.017) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (x32 Version: 4.0.9.7) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Youda Jewel Shop (x32 Version: 3.0.2.32) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 03-12-2013 17:00:16 Removed ScorpionSaver Services 12-12-2013 02:54:00 Removed ScorpionSaver 15-12-2013 16:55:57 Revo Uninstaller's restore point - ScorpionSaver ==================== Hosts content: ========================== 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {115A30F5-9629-4E2E-993E-F2EF77734558} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange Task: {19A08E02-785C-4BB0-82A8-96E26E65BFB5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1AD73C55-6B72-473D-A75F-008416D8979C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft) Task: {1CE5E7C2-112F-4B3F-AC7A-4A17594C5109} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {24A33188-FE98-45B3-8971-1F1803EA3456} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {272BE9F1-710E-4053-A994-CD0750DC7C9B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink) Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations Task: {38579B1B-B002-4BAA-B506-970485B471EE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation) Task: {3FA523AC-271E-4DB5-AAAF-653AA97A52BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated) Task: {543CFAC7-896B-4582-9AB6-74AA62511742} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {563C3C5A-73D7-4864-89D6-ABD97175BAD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {5DE87850-2C97-42C3-B459-92CD70BCE6C7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.) Task: {6405F8F1-9876-4FD0-B722-45B9A83B913B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate Task: {7D310CF1-0382-4A17-9849-D04BD2020D47} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {9140BC77-8D6A-4769-BC3F-706FBF3B6483} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3734144309-4116549082-540705525-1002 => Rundll32.exe portabledeviceapi.dll,#1 Task: {95910494-74FE-42BF-B162-E6E38E9D1E84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A92ED75F-D21C-4AB4-B972-007FE6731950} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {B6A5EAD2-461D-4E3E-8902-EDB39E00343C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {BEF2E280-C7B4-4519-A226-B62D912DD30B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D08952E6-D64C-4569-9628-EAA6BCD69825} - \EPUpdater No Task File Task: {D8BA9F4E-1BA1-4C45-9B53-94E1E74C6BEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {DCE4C1F2-B6D5-42FD-9966-443C9C4D8979} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {E7B1763E-F5A7-4225-8261-F7CD1A60AFF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {E9ED0144-07A9-436F-ABAD-CCA07A0078D5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART Task: {EA1C51EE-128F-44A6-9302-D7FC9AD085CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F78C3C0C-6D6C-4C86-9AFE-E64816DD2778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-12 16:24 - 2013-08-12 16:27 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2013-08-08 17:01 - 2013-08-08 17:01 - 00120224 _____ () C:\Users\MaryLou\AppData\Local\assembly\dl3\D691AXL8.A61\B2JXPM9P.K64\d4e7ec06\008b7bc6_d8a8cd01\HPItunesModule.DLL 2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2012-09-12 17:20 - 2012-09-12 17:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-09-12 17:07 - 2012-09-12 17:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-04-29 01:44 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll 2013-09-20 16:50 - 2013-09-20 16:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll 2013-09-17 07:54 - 2013-09-17 07:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 279694 System errors: ============= Error: (12/16/2013 01:17:44 PM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 01:14:35 PM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2013 11:06:38 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 11:06:23 AM) (Source: BugCheck) (User: ) Description: 0x0000009f (0x0000000000000003, 0xfffffa8003f55060, 0xfffff802c3f27930, 0xfffffa8007b9e5a0)C:\Windows\MEMORY.DMP121613-46644-01 Error: (12/16/2013 11:05:53 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:32:32 AM on ‎12/‎16/‎2013 was unexpected. Error: (12/16/2013 08:02:47 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 08:01:00 AM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2013 07:36:53 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 07:35:21 AM) (Source: Service Control Manager) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/16/2013 07:35:02 AM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 279694 ==================== Memory info =========================== Percentage of memory in use: 63% Total physical RAM: 3682.26 MB Available physical RAM: 1328.56 MB Total Pagefile: 7394.26 MB Available Pagefile: 4788.45 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.88 GB) (Free:386.66 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1E1F4777) Partition: GPT Partition Type ==================== End Of Log ============================
  8. screenshot 1.txt I'm still getting DealSlider ads down the side of my screen as in the first screen shot and those little green circles with arrows indicating a link in the text. My computer is much better. The popups seem to have subsided. screenshot 1.txt
  9. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.16.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 MaryLou :: HOME [administrator] Protection: Enabled 12/16/2013 3:18:32 PM mbam-log-2013-12-16 (15-18-32).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 423933 Time elapsed: 1 hour(s), 45 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. All processes killed ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7\ not found. Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver\ not found. Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP\ not found. ========== FILES ========== C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage moved successfully. C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journal moved successfully. File/Folder c:\Program Files (x86)\ScorpionSaver not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: MaryLou ->Temp folder emptied: 1102391 bytes ->Temporary Internet Files folder emptied: 18647185 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 90582895 bytes ->Flash cache emptied: 492 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 382955 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 106.00 mb ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: MaryLou ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 128 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3965 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 12162013_131435 Files moved on Reboot... C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\temp\UploadUI.log moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. Registry entries deleted on Reboot...
  11. C:\ProgramData\MalwareBytes'Anti-Malware\Logs\protection-log-2013-12-16.txt 2#0#1#3#/#1#2#/#1#6# #0#7#:#3#6#:#5#4# #-#0#7#0#0# #H#O#M#E# #M#a#r#y#L#o#u# #M#E#S#S#A#G#E# #S#t#a#r#t#i#n#g# #p#r#o#t#e#c#t#i#o#n#
  12. All processes killed Error: Unable to interpret <:Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files (x86)\ScorpionSaver\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\> in the current context! Error: Unable to interpret <S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33][-HKEY_LOCAL_MACHINE\SOFTWA> in the current context! Error: Unable to interpret <RE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP]:FilesC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorageC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local > in the current context! Error: Unable to interpret <Storage\http_static.scorpionsaver.com_0.localstorage-journalc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]> in the current context! OTM by OldTimer - Version 3.1.21.0 log created on 12162013_080100
  13. RevoUninstaller was unable to uninstall ScorpionSaver. # AdwCleaner v3.015 - Report created 15/12/2013 at 17:57:13 # Updated 10/12/2013 by Xplode # Operating System : Windows 8 (64 bits) # Username : MaryLou - HOME # Running from : C:\Users\MaryLou\Downloads\AdwCleaner (1).exe # Option : Scan ***** [ Services ] ***** SystemLook 30.07.11 by jpshortstuffLog created at 18:12 on 15/12/2013 by MaryLouAdministrator - Elevation successful ========== filefind ========== Searching for "*adpeak*"No files found. Searching for "Adpeak.*"No files found. Searching for "*Scorpion*"C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage --a---- 2691072 bytes [17:47 10/12/2013] [19:23 10/12/2013] 27416CEB4C2FAF2A346FE79E9497524FC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journal --a---- 16384 bytes [17:47 10/12/2013] [19:23 10/12/2013] 6A8902A9C903D0390A9547F7D0DD5E07 Searching for "Scopion.*"No files found. ========== folderfind ========== Searching for "*Scorpion*"No folders found. Searching for "*adpeak*"No folders found. ========== regfind ========== Searching for "*Scorpion*"No data found. Searching for "Scorpion"[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]"ProductName"="ScorpionSaver"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]"PackageName"="ScorpionSaver.msi"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files (x86)\ScorpionSaver\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\background.js"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]"DisplayName"="ScorpionSaver"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]"DisplayName"="ScorpionSaver"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver] Searching for "*adpeak*"No data found. Searching for "adpeak"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]"HelpLink"="http://www.adpeak.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]"HelpLink"="http://www.adpeak.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP] -= EOF =- ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : icon_url Found : search_url Found : keyword Found : search_url Found : search_url ************************* AdwCleaner[R0].txt - [8736 octets] - [29/11/2013 14:02:22] AdwCleaner[R1].txt - [952 octets] - [29/11/2013 14:19:15] AdwCleaner[R2].txt - [2123 octets] - [13/12/2013 10:05:12] AdwCleaner[R3].txt - [877 octets] - [15/12/2013 17:57:13] AdwCleaner[s0].txt - [8435 octets] - [29/11/2013 14:03:39] AdwCleaner[s1].txt - [978 octets] - [29/11/2013 14:22:03] AdwCleaner[s2].txt - [1980 octets] - [13/12/2013 10:12:19] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1115 octets] ##########
  14. I'm sorry and also apologize for the blank posts. My pasting is not sticking to the page. The log appears on my screen but isn't posting to the forum.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.