Zbot.gen!AP and Fraud.Fedexword

mla34 · Jun 20, 2014

TDDSKiller log attachment

Hi, Adam,
After this scans I can click on the report but it does not save anywhere so I just did my own text file save. Just tried to attach and send but the problem remains that the file is too big to send. I am attaching the screen shot with the error msg. Do I compress it?

LiquidTension · Jun 20, 2014

Yes, please create a compressed folder, place the text document inside and attach the compressed folder.

mla34 · Jun 20, 2014

Here is the compressed TDDSKiller text log

LiquidTension · Jun 21, 2014

Hi Maureen,

Thank you for attaching the log. I do not see any signs of Zbot on your computer. The Spybot detection was for a generic threat (Zbot.gen) that may have behaved like Zbot. Your version of Spybot is also outdated, which may impact detection. However, I would still like to see the log created. Please locate the relevant log (that contains the Zbot.gen detection), copy and paste it in your next reply. You may find this link helps locate the log.

Considering your version is heavily outdated, I would like to uninstall Spybot for now. We can reinstall the updated version later.

Press the Windows Key

+ r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for Spybot - Search & Destroy, right-click and click Uninstall.
Follow the prompts.

STEP 1

Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key

+ r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.

start
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YXxdm003YYus&ptb=D20CA6D2-67BB-4B16-B801-67AC3EF1A618&ind=2012012515&ptnrS=YXxdm003YYus&si=CPTN3LWH7K0CFQnd4AodmlJ97Q&n=77ecdfe3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL =
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=3AF0B5F2-5A43-4A18-8482-542E3287C45C&psa=&ind=2014012022&st=sb&n=780b6276&searchfor={searchTerms}
FF Extension: InboxAce - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-05]
HKLM-x32\...\Run: [] => [X]
C:\Users\The Arnolds\AppData\Local\Temp\*.*
Task: {53A49C41-48C3-4636-952A-EE308B1A92AA} - \Security Center Update - 2855993320 No Task File <==== ATTENTION
Task: {587DBF42-2B68-4196-AFB9-1861CA0C7A62} - \Security Center Update - 2142642058 No Task File <==== ATTENTION
Task: {602E62B3-0434-4C3E-A076-AA8C922DF28F} - \Security Center Update - 430648085 No Task File <==== ATTENTION
Task: {DC0BE39B-3027-4087-A94F-8F57D73D9494} - \Security Center Update - 2612136593 No Task File <==== ATTENTION
Task: {F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED} - \Security Center Update - 3780038812 No Task File <==== ATTENTION
Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh
Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak
Folder: C:\Users\Greg\AppData\Roaming\Ogivxa
Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi
Folder: C:\Users\Greg\AppData\Roaming\Untieci
Folder: C:\Users\Greg\AppData\Roaming\Foikuv
Folder: C:\Users\Greg\AppData\Roaming\Haciew
Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
end

Click to expand...
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select

Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.

STEP 2

Folder Options

Press the Windows Key

+ r on your keyboard at the same time. Type Control Folders and click OK.
Click View. Under Hidden files and folders:
Place a checkmark next to Show hidden files, folders and drives.
Remove the checkmark next to Hide extensions for known file types.
Remove the checkmark next to Hide protected operating system Files (Recommended).
Click Apply followed by OK.

STEP 3

VirusTotal Upload

Please go to VirusTotal.com.
Click Choose File and locate the following file:
- C:\Windows\system32\Drivers\lvuvc.hs
Click Scan it!.
If you receive the following notification: File already analysed click Reanalyse.
Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
Please do the same for the files below:
- C:\Windows\system32\drivers\buddqjrj.sys
- C:\Windows\system32\drivers\bxdjryrn.sys
- C:\Users\Greg\AppData\Local\eagrnepa

======================================================

STEP 4

Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Spybot log
Did Spybot uninstall successfully?
Fixlog.txt
VirusTotal results (4 URLs)

mla34 · Jun 21, 2014

Hi, Adam,
Before I read and follow your instructions, I will tell you that Spybot did not pick up the Zbot, it was Microsoft Security Essentials. And even when I ran the scan and removed it, almost immediately, I would get another message from MSE that there was a Zbot. It also picked up Kuluoz.D. Should I run MSE and send you anything from that? Or not worry about that and continue with the "homework" you have sent me?

mla34 · Jun 21, 2014

MSE screen capture

Here is the screen shot from the last scan I did. Also, a side note, the icon for MSE disappears from the task bar occasionally when I reboot, in addition to some of the other icons. Not sure if that is anything related to any of this.
Thanks.

LiquidTension · Jun 21, 2014

Hi Maureen,

Does MSE provide the filename of the various detections? Please have a look, and note down the filenames (along with the associated detection) if available.

Then proceed with the instructions in my previous post. If you cannot find the filenames, please proceed with my instructions anyway.

mla34 · Jun 21, 2014

Hi, Adam,
Uninstalled Spybot ok.
Fixlist log text below.
Changed folder options
Cannot find file for VirusTotal.com - I can find the file if I just go through the menu but when I choose file on the virustotal website, it does not show up. I am attaching the screen shot of what I get. Any suggestions?
I am heading out for the day, possibly overnight so I won't be back until tomorrow night. Don't want you to think I'm ignoring you! I'd rather be sitting here than rebuilding a deck from Superstorm Sandy, believe me! lol
Thanks for all your help. I will wait to see what you need me to do next.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by The Arnolds at 2014-06-21 08:04:26 Run:1
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YXxdm003YYus&ptb=D20CA6D2-67BB-4B16-B801-67AC3EF1A618&ind=2012012515&ptnrS=YXxdm003YYus&si=CPTN3LWH7K0CFQnd4AodmlJ97Q&n=77ecdfe3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL =
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=3AF0B5F2-5A43-4A18-8482-542E3287C45C&psa=&ind=2014012022&st=sb&n=780b6276&searchfor={searchTerms}
FF Extension: InboxAce - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-05]
HKLM-x32\...\Run: [] => [X]
C:\Users\The Arnolds\AppData\Local\Temp\*.*
Task: {53A49C41-48C3-4636-952A-EE308B1A92AA} - \Security Center Update - 2855993320 No Task File <==== ATTENTION
Task: {587DBF42-2B68-4196-AFB9-1861CA0C7A62} - \Security Center Update - 2142642058 No Task File <==== ATTENTION
Task: {602E62B3-0434-4C3E-A076-AA8C922DF28F} - \Security Center Update - 430648085 No Task File <==== ATTENTION
Task: {DC0BE39B-3027-4087-A94F-8F57D73D9494} - \Security Center Update - 2612136593 No Task File <==== ATTENTION
Task: {F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED} - \Security Center Update - 3780038812 No Task File <==== ATTENTION
Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh
Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak
Folder: C:\Users\Greg\AppData\Roaming\Ogivxa
Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi
Folder: C:\Users\Greg\AppData\Roaming\Untieci
Folder: C:\Users\Greg\AppData\Roaming\Foikuv
Folder: C:\Users\Greg\AppData\Roaming\Haciew
Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}' => Key deleted successfully.
'HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}' => Key deleted successfully.
'HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e}'=> Key not found.
C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"C:\Users\The Arnolds\AppData\Local\Temp\*.*" directory move:

Could not move "C:\Users\The Arnolds\AppData\Local\Temp\*.*" directory. => Scheduled to move on reboot.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53A49C41-48C3-4636-952A-EE308B1A92AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53A49C41-48C3-4636-952A-EE308B1A92AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2855993320' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{587DBF42-2B68-4196-AFB9-1861CA0C7A62}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{587DBF42-2B68-4196-AFB9-1861CA0C7A62}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2142642058' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{602E62B3-0434-4C3E-A076-AA8C922DF28F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{602E62B3-0434-4C3E-A076-AA8C922DF28F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 430648085' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC0BE39B-3027-4087-A94F-8F57D73D9494}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC0BE39B-3027-4087-A94F-8F57D73D9494}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2612136593' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3780038812' => Key deleted successfully.

========================= Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Ogivxa ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Untieci ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Foikuv ========================

====== End of Folder: ======

========================= Folder: C:\Users\Greg\AppData\Roaming\Haciew ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ========================

2012-08-21 13:01 - 2012-08-21 13:01 - 1977816 _____ (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
2014-06-09 16:18 - 2014-06-09 16:18 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0519048 _____ (Microsoft Corporation) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0131544 _____ (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
2014-06-09 16:18 - 2014-06-09 16:18 - 0004842 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt
2012-08-21 13:01 - 2012-08-21 13:01 - 0106928 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0125872 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0002561 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf
2012-08-21 13:01 - 2012-08-21 13:01 - 0007638 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat
2014-06-09 16:18 - 2014-06-09 16:18 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0033240 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys

====== End of Folder: ======

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-21 08:05:50)<=

"C:\Users\The Arnolds\AppData\Local\Temp\*.*" => Directory could not move.

==== End of Fixlog ====

mla34 · Jun 21, 2014

Forgot to send spybot log....sorry

--- Report generated: 2014-06-14 12:04 ---

Fraud.FedexWord: [SBI $04FDF9E1] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Sft

Zedo: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

CasaleMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

DoubleClick: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

Statcounter: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

MediaPlex: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

Zedo: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

FastClick: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-04-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-05-09 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-09 Includes\Trojans-020.sbi (*)
2014-01-09 Includes\Trojans-021.sbi (*)
2014-01-09 Includes\Trojans-022.sbi (*)
2014-01-09 Includes\Trojans-023.sbi (*)
2014-05-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

LiquidTension · Jun 21, 2014

Hello Maureen,

I am heading out for the day, possibly overnight so I won't be back until tomorrow night. Don't want you to think I'm ignoring you! I'd rather be sitting here than rebuilding a deck from Superstorm Sandy, believe me! lol

Rather you than me.

Good luck!

Forgot to send spybot log....sorry

Not a problem. Please do not forget to answer my question on the MSE detections as well. Does MSE provide a filename?

Cannot find file for VirusTotal.com - I can find the file if I just go through the menu but when I choose file on the virustotal website, it does not show up. I am attaching the screen shot of what I get. Any suggestions?

Using Windows Explorer, please navigate to the location of the files. Right-click each file and click Copy. Paste the files onto your desktop. You should now have 4 copied files on your desktop.

Please repeat the VirusTotal upload - only this time, scan the files you copied to your desktop.

======================================================

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Does MSE provide filenames for the detections? If so, what are they?
VirusTotal results for files copied to desktop (4 URLs).

mla34 · Jun 21, 2014

I'm back, Adam, change of plans. No deck work yet, just pitching leftover sheetrock and tossing stuff! Home now and will probably head back out tomorrow morning. For now, I will play catch up on everything.

I do not see any logs or filenames from MSE - the only thing I see is what is on the screen shot I sent to you.

I could only find two of the four files you want me to scan. The other two are not there. Here are the URLs

lvuvc.hs results
https://www.virustotal.com/en/file/...649b934ca495991b7852b855/analysis/1403380841/

eagrnepa results
https://www.virustotal.com/en/file/...d76dbdc1cfabab4529df5e86/analysis/1403380972/

On another side note, I shut down the computer each time I post to you. When I see on my IPad that you have responded, I turn the computer on again. Sometimes, not each time, I get two error msgs about ERUNT. I am attaching the first error screen shot here. I will copy the second one the next time it happens. Not sure if this is something or nothing to worry about. I mentioned that sometimes the task bar icons don't show up. This time they all did. Not sure what that glitch is all about. Weird too, is that the shade of green for the MSE and Slype icons has changed....strange, huh? I know, very strange.

Thanks so much!

mla34 · Jun 21, 2014

Ok, my bad.

I did just find the file locations of the stuff that was picked up in the MSE scan. So sorry - I'm sure you are tearing your hair out at my ineptness! Here is the info:

TrojanDownloader:Win32/Kuluoz.D
file:C:\Users\Greg\AppData\Local\ugipkiae.exe
regkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\rasdxdbw
runkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\rasdxdbw

PWS:Win32/Zbot
file:C:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exe
regkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Arafaqguuh
runkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Arafaqguuh

PWS:Win32/Zbot.gen!AP
The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
Items:
process

id:3736,ProcessStart:130472358946706584
process

id:5796,ProcessStart:130472359159246957

PWS:Win32/Zbot.gen!AP
Items:
process

id:3736,ProcessStart:130472358946706584
process

id:5796,ProcessStart:130472359159246957

Hope this is what you need. Let me know if not and I will try again. Thanks!

mla34 · Jun 22, 2014

Here is the second error msg I sometimes get when I reboot. I just keep hitting "No" but maybe you can tell me if I should be hitting "Yes" and following up on it.
Also, my MSE icon is here but telling me that it is turned off. I did not turn it off yesterday so not sure what that's about either. When I clicked on the icon to turn program on, it changed back to green and now says I am protected. That's the first time that has happened. Thanks!

LiquidTension · Jun 22, 2014

Hello Maureen,

I'm sure you are tearing your hair out at my ineptness!

Not at all.

I could only find two of the four files you want me to scan. The other two are not there. Here are the URLs

Not too worry. Thank you for the URLs.

Sometimes, not each time, I get two error msgs about ERUNT.

This error is caused by the UAC (User Account Control) blocking ERUNT. We can stop the error by removing ERUNT from starting up at boot.

I mentioned that sometimes the task bar icons don't show up.

By "task bar", are you referring to the Notification Area (often referred to as the "System Tray")?

Weird too, is that the shade of green for the MSE and Slype icons has changed....strange, huh? I know, very strange.

This may be coincidental, related to the issue described above, or something completely different. Difficult to say. I can't really comment on this at the moment.

STEP 1

Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key

+ r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document (do not include the word "Quote").

start
S1 buddqjrj; \??\C:\Windows\system32\drivers\buddqjrj.sys [X]
S1 bxdjryrn; \??\C:\Windows\system32\drivers\bxdjryrn.sys [X]
Startup: C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
C:\Users\Greg\AppData\Roaming\Ymnaeh
C:\Users\Greg\AppData\Roaming\Ucoxmeak
C:\Users\Greg\AppData\Roaming\Ogivxa
C:\Users\Greg\AppData\Roaming\Diimuvzi
C:\Users\Greg\AppData\Roaming\Untieci
C:\Users\Greg\AppData\Roaming\Foikuv
C:\Users\Greg\AppData\Roaming\Haciew
end

Click to expand...
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select

Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.

STEP 2

Windows Explorer

Press the Windows Key

+ r on your keyboard at the same time. Type Explorer and click OK.
Navigate to the following folder: C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine
Without double-clicking or opening any files, confirm the presence of the following file in the quarantine: C:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exe.
Proceed with STEP 3.

STEP 3

VirusTotal Upload

Please go to VirusTotal.com.
Click Choose File and locate the file you found in STEP 2. Select the file.
Click Scan it!.
If you receive the following notification: File already analysed click Reanalyse.

======================================================

STEP 4

Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Were you referring to the Notification Area icons (as shown in the image)?
Fixlog.txt
VirusTotal results

mla34 · Jun 23, 2014

Hi, Adam,
Yes, I was referring to the Notification Area icons.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by The Arnolds at 2014-06-22 19:39:51 Run:2
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
S1 buddqjrj; \??\C:\Windows\system32\drivers\buddqjrj.sys [X]
S1 bxdjryrn; \??\C:\Windows\system32\drivers\bxdjryrn.sys [X]
Startup: C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
C:\Users\Greg\AppData\Roaming\Ymnaeh
C:\Users\Greg\AppData\Roaming\Ucoxmeak
C:\Users\Greg\AppData\Roaming\Ogivxa
C:\Users\Greg\AppData\Roaming\Diimuvzi
C:\Users\Greg\AppData\Roaming\Untieci
C:\Users\Greg\AppData\Roaming\Foikuv
C:\Users\Greg\AppData\Roaming\Haciew
end
*****************

buddqjrj => Service deleted successfully.
bxdjryrn => Service deleted successfully.
C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk => Moved successfully.
C:\Program Files (x86)\ERUNT\AUTOBACK.EXE => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ymnaeh => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ucoxmeak => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ogivxa => Moved successfully.
C:\Users\Greg\AppData\Roaming\Diimuvzi => Moved successfully.
C:\Users\Greg\AppData\Roaming\Untieci => Moved successfully.
C:\Users\Greg\AppData\Roaming\Foikuv => Moved successfully.
C:\Users\Greg\AppData\Roaming\Haciew => Moved successfully.

==== End of Fixlog ====

There is nothing in the Quarantine folder in Microsoft. The folder has three folders in it. All three are empty. "Entries", "Resource Data", and "Resources"
Nothing to scan in VirusTotal

Thanks!

LiquidTension · Jun 24, 2014

Hello Maureen,

There is nothing in the Quarantine folder in Microsoft. The folder has three folders in it. All three are empty. "Entries", "Resource Data", and "Resources"
Nothing to scan in VirusTotal

Thank you for checking. We will proceed without the VirusTotal scan.

Yes, I was referring to the Notification Area icons.

We will deal with your Notification Area icons towards the end. For now, please proceed with the following tools.

STEP 1

AdwCleaner

Please download AdwCleaner and save the file to your desktop.
Right-Click AdwCleaner.exe and select

Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

STEP 2

Junkware Removal Tool (JRT)

Please download Junkware Removal Tool and save the file to your desktop.
Note: If you unchecked any items in AdwCleaner, please backup the associated files/folders prior to running JRT.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click JRT.exe and select

Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.

======================================================

STEP 3

Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

AdwCleaner[S0].txt
JRT.txt

mla34 · Jun 24, 2014

Hi, Adam,

I did the first scan, copied and pasted into the new thread but did not save the txt file on my desktop. Then did the second scan and walked away from the computer. Came back in 10 minutes to see that the computer must have rebooted so the thread is no longer active and the stuff I pasted in there (the AdwCleaner[SO]) is gone. Before realizing this, I copied the JRT file so what I had originally copied was no longer available. Here is the JRT text

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by The Arnolds on Tue 06/24/2014 at 15:40:17.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\The Arnolds\appdata\locallow\minddabble_4p"

~~~ FireFox

Emptied folder: C:\Users\The Arnolds\AppData\Roaming\mozilla\firefox\profiles\3r6yn46d.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/24/2014 at 15:44:33.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I am pasting the AdwCleaner[RO] below in hopes that you can glean something from it. So sorry for not paying attention during the second scan. Let me know if there is something I can do to retrieve it for you. Thanks.

# AdwCleaner v3.213 - Report created 24/06/2014 at 15:29:32
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : The Arnolds - 2011
# Running from : C:\Users\The Arnolds\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\chatzum_nt.exe
Folder Found : C:\Program Files (x86)\ChatZum Toolbar
Folder Found : C:\Users\Greg\AppData\LocalLow\iac
Folder Found : C:\Users\Greg\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\The Arnolds\AppData\LocalLow\InboxAce_1g

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\ChatZum Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\ChatZum Toolbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\ChatZum Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\26h841ax.default\prefs.js ]

[ File : C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3624 octets] - [24/06/2014 15:29:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3684 octets] ##########

LiquidTension · Jun 25, 2014

Hello Maureen,

Let me know if there is something I can do to retrieve it for you.

Press the Windows Start button, and type AdwCleaner[S0] in the Search bar. A text file should appear - copy the contents of the file and paste in your next reply.

I would like to get a fresh FRST scan to ensure no adware/malware entries remain in your logs. Please provide an update on your computer's performance as well. Excluding the issue with your Notification Area icons, are you experiencing any issues?

Right-click FRST64.exe and select Run as administrator.
Ensure the Addition box is checked.
Click Scan.
Copy the contents of FRST.txt and Addition.txt and paste in your next reply.

mla34 · Jun 26, 2014

Hi, Adam,
I typed AdwCleaner[SO] but got "no results found". I'm so sorry if I did something to make it disappear. As far as any performance issues, I only saw what MSE picked up on a regular scan and it scared me a lot! There have not been any "quirky" issues that I have noticed. To be fair, however, I have not really spent any time on the computer with the exception of coming here to work with you. Occasionally checking my mail or googling something but that is it.

I just tried to send with both txt files pasted but again, got the error msg so please find Addition.txt pasted in the next submission. Thanks so much!

Below are the txt files you asked for. Thanks so much!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by The Arnolds (administrator) on 2011 on 25-06-2014 19:27:00
Running from C:\Users\The Arnolds\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2307240755-147757143-1248280979-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default
FF Homepage: hxxp://home.ancestry.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 15:44 - 2014-06-24 15:44 - 00000864 _____ () C:\Users\The Arnolds\Desktop\JRT.txt
2014-06-24 15:40 - 2014-06-24 15:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 15:38 - 2014-06-24 15:38 - 01016261 _____ (Thisisu) C:\Users\The Arnolds\Desktop\JRT.exe
2014-06-24 15:31 - 2014-06-24 15:31 - 00003780 _____ () C:\Users\The Arnolds\Desktop\1 AdwCleaner[R0].txt
2014-06-24 15:29 - 2014-06-24 15:58 - 00000000 ____D () C:\AdwCleaner
2014-06-24 15:28 - 2014-06-24 15:28 - 01342659 _____ () C:\Users\The Arnolds\Desktop\AdwCleaner.exe
2014-06-21 15:58 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\The Arnolds\Desktop\eagrnepa
2014-06-21 15:54 - 2014-06-21 15:43 - 00000000 _____ () C:\Users\The Arnolds\Desktop\lvuvc.hs
2014-06-21 08:04 - 2014-06-22 19:39 - 00000000 ____D () C:\Users\The Arnolds\Desktop\FRST-OlderVersion
2014-06-20 16:52 - 2014-06-20 16:52 - 00127045 _____ () C:\Users\The Arnolds\Desktop\TDSSKiller log.zip
2014-06-19 19:58 - 2014-06-19 19:58 - 00000512 _____ () C:\Users\The Arnolds\Desktop\MBR.dat
2014-06-19 17:21 - 2014-06-19 17:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Arnolds\Desktop\tdsskiller.exe
2014-06-19 17:16 - 2014-06-19 17:16 - 00029968 _____ () C:\Users\The Arnolds\Desktop\Addition.txt
2014-06-19 17:15 - 2014-06-25 19:27 - 00015194 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-19 17:15 - 2014-06-25 19:27 - 00000000 ____D () C:\FRST
2014-06-19 17:14 - 2014-06-22 19:39 - 02082816 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:06 - 2014-06-19 19:58 - 00002292 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-22 19:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-11 04:06 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 04:06 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 04:06 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 04:06 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 04:06 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 04:06 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 04:06 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 04:06 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 04:06 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 04:06 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 04:06 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 04:06 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 04:06 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 04:06 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 04:06 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 04:06 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 04:06 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 04:06 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 04:06 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 04:06 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 04:06 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 04:05 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 04:05 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 04:05 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 04:05 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 04:05 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 04:05 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 04:05 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 04:05 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 04:05 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 04:05 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 04:05 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 04:05 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 04:05 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 04:05 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 04:05 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia

==================== One Month Modified Files and Folders =======

2014-06-25 19:27 - 2014-06-19 17:15 - 00015194 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-25 19:27 - 2014-06-19 17:15 - 00000000 ____D () C:\FRST
2014-06-25 19:26 - 2011-10-12 08:12 - 01678567 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 19:24 - 2011-12-09 12:38 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Skype
2014-06-25 19:22 - 2013-07-10 20:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 19:22 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-25 19:22 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-25 19:22 - 2011-10-12 08:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-25 19:21 - 2011-12-09 13:28 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-25 19:21 - 2010-11-20 23:47 - 00412348 _____ () C:\Windows\PFRO.log
2014-06-25 19:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 19:21 - 2009-07-14 00:51 - 00068906 _____ () C:\Windows\setupact.log
2014-06-25 13:14 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 13:14 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 17:17 - 2012-01-14 15:42 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Nero
2014-06-24 17:03 - 2013-07-10 20:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 15:58 - 2014-06-24 15:29 - 00000000 ____D () C:\AdwCleaner
2014-06-24 15:49 - 2013-05-21 16:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-06-24 15:49 - 2011-12-09 13:28 - 00046576 _____ () C:\Windows\system32\lvcoinst.log
2014-06-24 15:44 - 2014-06-24 15:44 - 00000864 _____ () C:\Users\The Arnolds\Desktop\JRT.txt
2014-06-24 15:40 - 2014-06-24 15:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 15:38 - 2014-06-24 15:38 - 01016261 _____ (Thisisu) C:\Users\The Arnolds\Desktop\JRT.exe
2014-06-24 15:31 - 2014-06-24 15:31 - 00003780 _____ () C:\Users\The Arnolds\Desktop\1 AdwCleaner[R0].txt
2014-06-24 15:31 - 2012-03-30 18:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 15:28 - 2014-06-24 15:28 - 01342659 _____ () C:\Users\The Arnolds\Desktop\AdwCleaner.exe
2014-06-22 19:39 - 2014-06-21 08:04 - 00000000 ____D () C:\Users\The Arnolds\Desktop\FRST-OlderVersion
2014-06-22 19:39 - 2014-06-19 17:14 - 02082816 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-22 19:39 - 2014-06-16 18:58 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-21 15:43 - 2014-06-21 15:54 - 00000000 _____ () C:\Users\The Arnolds\Desktop\lvuvc.hs
2014-06-21 08:01 - 2012-04-14 18:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-21 08:01 - 2012-04-14 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-21 07:58 - 2013-07-10 20:19 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 07:58 - 2013-07-10 20:19 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:52 - 2014-06-20 16:52 - 00127045 _____ () C:\Users\The Arnolds\Desktop\TDSSKiller log.zip
2014-06-20 16:12 - 2011-12-13 09:12 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\SoftGrid Client
2014-06-19 19:58 - 2014-06-19 19:58 - 00000512 _____ () C:\Users\The Arnolds\Desktop\MBR.dat
2014-06-19 19:58 - 2014-06-16 19:06 - 00002292 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-19 17:21 - 2014-06-19 17:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Arnolds\Desktop\tdsskiller.exe
2014-06-19 17:16 - 2014-06-19 17:16 - 00029968 _____ () C:\Users\The Arnolds\Desktop\Addition.txt
2014-06-16 19:26 - 2011-12-01 16:16 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\VirtualStore
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 12:14 - 2014-03-09 12:43 - 00004954 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011
2014-06-14 12:14 - 2011-10-12 08:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 08:45 - 2012-03-24 13:21 - 00000000 ____D () C:\Users\The Arnolds\Documents\genealogy
2014-06-14 08:44 - 2012-10-05 10:23 - 00000000 ____D () C:\Users\The Arnolds\Desktop\unused
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-14 07:04 - 2012-06-18 15:20 - 00000000 ____D () C:\Users\Greg\AppData\Local\Nero
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 11:34 - 2014-06-21 15:58 - 00068609 _____ () C:\Users\The Arnolds\Desktop\eagrnepa
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-12 08:12 - 2013-11-12 18:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 07:55 - 2011-10-12 08:45 - 00000000 ____D () C:\ProgramData\Sonic
2014-06-12 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:19 - 2014-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 03:03 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2011-12-09 18:02 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-06-08 05:13 - 2014-06-11 04:05 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:28 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 06:21 - 2014-06-11 04:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 04:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-11 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 04:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 04:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 04:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 04:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 04:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 04:06 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 04:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 04:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 04:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 04:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 04:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 04:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 04:06 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 04:06 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 04:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 04:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 04:06 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 04:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 04:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 04:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 04:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 04:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 04:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 04:06 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 04:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 04:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 04:06 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 04:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 04:06 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 04:06 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 04:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 04:06 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 00:12 - 2012-12-06 08:34 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Apple Computer
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia
2014-05-26 20:12 - 2012-06-22 13:38 - 00000000 ____D () C:\Users\The Arnolds\Documents\Recipes
2014-05-26 18:21 - 2011-12-01 17:29 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Adobe
2014-05-26 18:20 - 2012-03-30 18:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 18:20 - 2012-03-30 18:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 18:20 - 2011-10-12 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\The Arnolds\jobq.dat

Some content of TEMP:
====================
C:\Users\The Arnolds\AppData\Local\Temp\jqweil5a.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:18

==================== End Of Log ============================

mla34 · Jun 26, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by The Arnolds at 2014-06-25 19:28:00
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
FamilySearch Indexing 3.11.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.11.0 - FamilySearch)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20010 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points =========================

07-06-2014 19:27:23 Windows Update
10-06-2014 20:21:07 Windows Update
12-06-2014 07:00:11 Windows Update
16-06-2014 22:58:57 Windows Update
20-06-2014 11:54:03 Windows Update
24-06-2014 19:46:09 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-04-16 09:42 - 00442669 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {49A290FF-113F-44E0-99D4-35CEC754443D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {517241ED-C24A-4BF5-A069-04076654AEEA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {584CAE2E-A612-40E5-868C-48DD1FD45CC8} - System32\Tasks\{2CD8D41C-8923-4422-A94E-554C67A7733C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {637A953F-D675-4575-BDB1-8024C78F3AC3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-12] (Microsoft Corporation)
Task: {783E7ACB-0D10-4E61-90ED-BBDBC22FDB97} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {7D18245B-57A1-4C62-9CE0-78853CC89742} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8142211D-2FAA-4ACF-BD4C-1A2BAF75182D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26] (Adobe Systems Incorporated)
Task: {8CC07400-10E3-480A-993C-468828D5C9D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-12] (Microsoft Corporation)
Task: {A520B0F6-144C-4F22-AD53-11AC95063C43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {A7F8EF9D-4591-426E-A148-5B66C3493DD7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B4BFD874-B65E-4E6B-A046-E5A039479898} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB73F895-56A2-4E6C-AA6F-4401989E6989} - System32\Tasks\{C132595D-2BA6-44BE-98C5-8DCBDED0F80C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-08 10:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-12 08:11 - 2014-06-12 08:11 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-10-12 08:26 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-10-12 09:52 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 15:20 - 2012-08-21 15:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 07:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 01:11:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:34:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 03:44:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

System errors:
=============
Error: (06/25/2014 07:22:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/25/2014 07:22:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/24/2014 04:20:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/24/2014 04:14:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (06/25/2014 07:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 01:11:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:34:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 03:44:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 6056.63 MB
Available physical RAM: 3597.21 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 9501.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:802.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 31547343)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Zbot.gen!AP and Fraud.Fedexword

New member

Attachments

Security Expert- Visiting Fellow

New member

Attachments

Security Expert- Visiting Fellow

New member

New member

Attachments

Security Expert- Visiting Fellow

New member

Attachments

New member

Security Expert- Visiting Fellow

New member

Attachments

New member

New member

Attachments

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

New member