bluffwood

No nothing happened, as you can see on the screen print. But no error messages either.

The instructions were really clear, but I am including a screen print of exactly what I entered. Did I do it right? Rebooted. Tried install of MB, got CoCreateInstance failed, code 0x80040154. Class not registered.

I can try unzipping on another pc, and taking all the files over.

Sorry to hear about the family emergency. I downloaded the tool, and it failed on install (see attached screen print). in the start menu, it is listed as Start > all programs > > tweaking.com > > > Windows repair (all in one) (empty) and because it looked like maybe the shortcut in the start menu was the problem (perhaps this is about not being able to add stuff to the start menu) I drilled down into program files, found the app, and double clicked on the .exe. It didn't seem to work, either. As an aside, the attach files button on this forum doesn't work on the laptop either. I have to copy the image files and text files to a thumb drive, and port it to a working computer.

What to try next?

No. And but I got a screen print. I just tried a reinstall of mbam, and it's been spinning a disc for half hour. This happens a lot. a forced power off and reboot and I can try the install again. this spinning disc - getting nothing done -- occurs anytime the system has been running a while. But no error msgs. After the boot, the mbam install goes most of the way thru, including "accept the agreement" extracting the files... then a window with the header "setup" says CoCreateInstance failed; code 0x80040154. Class not registered. I get two more errors (attached also). In the start mendu I have a Malwarebytes Anti-Malware folder, containing a Tools folder which is empty. Nothing but the folder within a folder.

sfc log: sfc.txt

gmer: GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-04-16 07:09:50Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.D005DEM1 465.76GBRunning: o6e6bihy.exe; Driver: C:\Users\yvonne\AppData\Local\Temp\awdiqkow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002e02000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff80002e02036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\winlogon.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\System32\svchost.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\svchost.exe[296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\WLANExt.exe[1136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\System32\spoolsv.exe[1400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Windows\Explorer.EXE[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[1244] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Windows\system32\dleacoms.exe[2612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75].text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75].text ... * 2.text C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075911465 2 bytes [91, 75].text C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759114bb 2 bytes [91, 75].text ... * 2.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[3080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62].text C:\Windows\servicing\TrustedInstaller.exe[3032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Windows\system32\msiexec.exe[1080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f2ef8d 1 byte [62].text C:\Users\yvonne\Downloads\o6e6bihy.exe[2988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3116:3476] 000007fef1829688Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4896:4848] 000007fefb212a7cThread C:\Program Files\Windows Media Player\wmpnetwk.exe [4896:3540] 000007feedfe4830---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\Nuance\Nuance Cloud Connector\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2728] (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)(2011-06-27 04:22:06) 0000000000590000 ---- EOF - GMER 2.1 ----

Here is the log: ==================================================== = Logging started on Tue 15 Apr 2014 09:38:50 AM UTC ==================================================== List of objects to be scanned: - /run/media/livecd/DellUtility - /run/media/livecd/907A32997A327BD2 - /run/media/livecd/RECOVERY Object '/run/media/livecd/907A32997A327BD2/Users/yvonne/Downloads/winzip180-lan_en.exe' is infected with 'Gen:Trojan.Heur2.GZ.YGZ@bCYURdai' Object '/run/media/livecd/907A32997A327BD2/FRST/Quarantine/C/ProgramData/hgblcglc.zvv.xBAD' is infected with 'Trojan.Generic.11029940' ================================================== = Applying actions ================================================== Object '/run/media/livecd/907A32997A327BD2/FRST/Quarantine/C/ProgramData/hgblcglc.zvv.xBAD' has been deleted Object '/run/media/livecd/907A32997A327BD2/Users/yvonne/Downloads/winzip180-lan_en.exe' has been deleted

I did find this, to do a manual uninstall of system mechanic. But I opted not to anything without checking with you first. http://www.iolo.com/customercare/PrintArticle.aspx?id=KBA-02081

using control panel, I tried, when you asked. It said it couldn't find it and it would remove it from the list. So the uninstall failed.

Cannot install malwarebytes: error reads CoCreateInstance failed: code 0x80040154. Class not registered

checkup.txt: Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.117 Google Chrome 33.0.1750.146 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01 Ran by yvonne at 2014-04-13 01:31:34 Run:1 Running from C:\Users\yvonne\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - No File BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - No File Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - No File Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - No File Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Task: {075EE03F-838E-4C28-8B4F-4500D209E6C7} - \weDownload Manager Pro-chromeinstaller No Task File Task: {6915E614-4FF8-4316-84BA-7BA34BD4A6CC} - \weDownload Manager Pro-firefoxinstaller No Task File Task: {9372897B-1001-44E8-ADDB-799AB31CDBA6} - \weDownload Manager Pro-enabler No Task File Task: {B5C133C2-81FD-4535-BB4B-0E17D344AB1B} - \weDownload Manager Pro-codedownloader No Task File Task: {BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} - \weDownload Manager Pro-updater No Task File Task: {BFC1AFE7-8F30-4ABD-9995-D514FE819526} - \LaunchApp No Task File C:\ProgramData\hgblcglc.zvv C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X] ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\about => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\cdl => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3dd53d40-7b8b-11D0-b013-00aa0059ce02} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\dvd => Key deleted successfully. HKCR\Wow6432Node\CLSID\{12D51199-0DB5-46FE-A120-47A3D7D937CC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\file => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\ftp => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e3-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\http => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e2-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\https => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e5-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\its => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\javascript => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\local => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\mailto => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\mhtml => Key deleted successfully. HKCR\Wow6432Node\CLSID\{05300401-BCBC-11d0-85E3-00C04FD85AB4} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\mk => Key deleted successfully. HKCR\Wow6432Node\CLSID\{79eac9e6-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\ms-its => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\res => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully. HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\tv => Key deleted successfully. HKCR\Wow6432Node\CLSID\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\vbscript => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\PROTOCOLS\Filter\ica => Key deleted successfully. HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/octet-stream => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-complus => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-msdownload => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\ica => Key not found. HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Filter\text/xml => Key deleted successfully. HKCR\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{075EE03F-838E-4C28-8B4F-4500D209E6C7} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{075EE03F-838E-4C28-8B4F-4500D209E6C7} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-chromeinstaller => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6915E614-4FF8-4316-84BA-7BA34BD4A6CC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6915E614-4FF8-4316-84BA-7BA34BD4A6CC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-firefoxinstaller => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9372897B-1001-44E8-ADDB-799AB31CDBA6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9372897B-1001-44E8-ADDB-799AB31CDBA6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-enabler => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5C133C2-81FD-4535-BB4B-0E17D344AB1B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5C133C2-81FD-4535-BB4B-0E17D344AB1B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-codedownloader => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-updater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFC1AFE7-8F30-4ABD-9995-D514FE819526} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFC1AFE7-8F30-4ABD-9995-D514FE819526} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully. C:\ProgramData\hgblcglc.zvv => Moved successfully. C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe => Moved successfully. vToolbarUpdater18.0.0 => Service deleted successfully. ==== End of Fixlog ====

I saw uTorrent on the system earlier (this belongs to a friend). I have now removed it.

listing of addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by yvonne at 2014-04-07 18:47:52 Running from C:\Users\yvonne\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: System Shield (Disabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: System Shield (Disabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated) Allyrics-23 (HKLM-x32\...\Allyrics-23) (Version: 1.29.153.3 - software-AumLLpost) <==== ATTENTION Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty® 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.2 - Activision) Call of Duty® 2 (x32 Version: 1.2 - Activision) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Authentication Manager (x32 Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.) Citrix Receiver Inside (x32 Version: 3.1.0.64094 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver(DV) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver(USB) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Dell C1765 Color MFP (HKLM-x32\...\InstallShield_{11447787-B300-4F1A-8F75-E54349DA9670}) (Version: 1.006.0 - Dell Inc.) Dell C1765 Color MFP (x32 Version: 1.006.0 - Dell Inc.) Hidden Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - ) Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 11.7.1 - iolo technologies, LLC) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia) Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia) Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia) Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Nuance Cloud Connector (HKLM-x32\...\{9E63B181-A826-4765-9348-35E439AF7941}) (Version: 3.2.761 - Nuance Communications, Inc.) Nuance PaperPort 14 (HKLM-x32\...\{848ABE9C-B7AA-4064-809F-7F38616918FF}) (Version: 14.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{12D745BA-7DEE-45C4-B2EA-E8CABE4361DE}) (Version: 7.10.3211 - Nuance Communications, Inc.) Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Scansoft PDF Professional (x32 Version: - ) Hidden Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation) Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) System Mechanic 11 Professional (x32 Version: 11.7.1 - ) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) ==================== Restore Points ========================= 17-02-2014 01:52:40 Windows Update 23-02-2014 00:27:10 Windows Update 28-02-2014 20:27:39 Windows Update 05-03-2014 00:12:11 Windows Update 05-03-2014 01:02:20 Windows Update 13-03-2014 13:30:21 Windows Update 13-03-2014 13:56:11 Windows Update 21-03-2014 19:19:21 Restore Operation 23-03-2014 18:28:09 Windows Update 24-03-2014 07:00:38 Windows Update 06-04-2014 20:31:28 Windows Update 07-04-2014 07:00:33 Windows Update 07-04-2014 22:12:44 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-03-22 23:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {075EE03F-838E-4C28-8B4F-4500D209E6C7} - \weDownload Manager Pro-chromeinstaller No Task File Task: {0F8C4BF0-159A-4E74-BC84-FF8F344F77C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {23455561-E814-49D0-8263-F8CD561C51C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.) Task: {6915E614-4FF8-4316-84BA-7BA34BD4A6CC} - \weDownload Manager Pro-firefoxinstaller No Task File Task: {9372897B-1001-44E8-ADDB-799AB31CDBA6} - \weDownload Manager Pro-enabler No Task File Task: {B5C133C2-81FD-4535-BB4B-0E17D344AB1B} - \weDownload Manager Pro-codedownloader No Task File Task: {BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} - \weDownload Manager Pro-updater No Task File Task: {BFC1AFE7-8F30-4ABD-9995-D514FE819526} - \LaunchApp No Task File Task: {C61EB912-EE2E-49C9-B1CB-972EE67A8A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-18 23:38 - 2012-03-14 13:03 - 00028160 _____ () C:\Windows\System32\dltfm1zlm.DLL 2011-12-30 20:31 - 2009-12-31 02:17 - 00053760 _____ () C:\Windows\System32\DLEAPMON.DLL 2011-12-30 20:31 - 2009-01-13 09:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL 2011-12-30 20:33 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll 2013-10-18 23:38 - 2012-06-20 15:15 - 00032768 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dltfm1zPP.dll 2013-10-18 23:38 - 2012-08-17 08:44 - 12874752 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlthm1zRC.DLL 2011-12-30 20:33 - 2010-05-21 18:20 - 00045224 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe 2012-08-21 10:41 - 2012-08-21 10:41 - 00243048 _____ () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe 2011-09-29 22:07 - 2011-09-29 22:07 - 00222064 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe 2014-04-07 03:20 - 2014-04-07 03:20 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040700\algo.dll 2011-11-02 03:26 - 2011-11-02 03:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 03:26 - 2011-11-02 03:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-09-29 13:58 - 2011-09-29 13:58 - 00292720 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll 2011-09-29 13:58 - 2011-09-29 13:58 - 00079728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll 2011-09-29 13:58 - 2011-09-29 13:58 - 00015728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll 2014-03-22 23:49 - 2014-03-22 23:49 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll 2014-03-04 20:36 - 2014-03-01 22:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk => C:\Windows\pss\Nuance Cloud Connector.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Dell Printers\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LauncherC1765nf => "C:\Program Files (x86)\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe" /S Dell C1765nf Color MFP MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDFProHook => C:\Program Files (x86)\Dell Printers\PDFViewer\pdfpro7hook.exe MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StatusAutoRunC1765nf => "C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe" RUNSTART MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 - Update 'Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Proof (English) 2010 - Update 'Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Proof (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. System errors: ============= Error: (04/07/2014 06:46:15 PM) (Source: DCOM) (User: ) Description: {71A1D2C4-D49F-426C-8352-C74A9BD1FF15} Error: (04/07/2014 06:44:14 PM) (Source: DCOM) (User: ) Description: {641463B9-FCF9-4EDB-9A8E-235DB56F3BB0} Error: (04/07/2014 06:41:28 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: FileDisk Error: (04/07/2014 06:41:13 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater18.0.0 service failed to start due to the following error: %%2 Error: (04/07/2014 06:15:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition. Error: (04/07/2014 06:14:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229). Error: (04/07/2014 06:14:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition. Error: (04/07/2014 06:14:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition. Error: (04/07/2014 06:14:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition. Error: (04/07/2014 06:13:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition. Microsoft Office Sessions: ========================= Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office Single Image 2010Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition1603(NULL)(NULL)(NULL) Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office Single Image 2010Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition1603(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office Proof (English) 2010Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition1603(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Office Proof (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office Single Image 2010Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition1603(NULL)(NULL)(NULL) Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office Single Image 2010Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition1603(NULL)(NULL)(NULL) Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2014-03-22 23:28:40.341 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:28:40.189 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:42.192 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:42.039 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:41.884 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:41.732 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:41.557 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-22 23:25:41.404 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3892.52 MB Available physical RAM: 1975.19 MB Total Pagefile: 7783.23 MB Available Pagefile: 5821.32 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.01 GB) (Free:391.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================ listing for frst.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by yvonne (administrator) on YVONNE-LAPTOP on 07-04-2014 18:46:17 Running from C:\Users\yvonne\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe ( ) C:\Windows\system32\dleacoms.exe () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe (Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-22] (AVAST Software) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - No File BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - No File Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - No File Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - No File Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.111.254 FireFox: ======== FF ProfilePath: C:\Users\yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\fvrahd6z.default FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Dell Printers\PDFViewer\bin\nppdf.dll (Zeon Corporation) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-22] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23] CHR Extension: (Google Drive) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23] CHR Extension: (YouTube) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28] CHR Extension: (Google Search) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28] CHR Extension: (avast! Online Security) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-22] CHR Extension: (The Weather Channel for Chrome) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-10-24] CHR Extension: (Skype Click to Call) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-13] CHR Extension: (Google Wallet) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24] CHR Extension: (Gmail) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-22] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-22] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation) R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] () R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( ) R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( ) R2 DLNBDB; C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [243048 2012-08-21] () R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-09-29] (Gladinet, INC) R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [219536 2012-06-21] (Nuance Communications, Inc.) R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.) R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.) R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.) S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.) S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.) R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-22] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-22] () R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation) S1 FileDisk; No ImagePath S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-22] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-23] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 18:46 - 2014-04-07 18:46 - 00017173 _____ () C:\Users\yvonne\Downloads\FRST.txt 2014-04-07 18:46 - 2014-04-07 18:46 - 00000000 ____D () C:\FRST 2014-04-07 18:45 - 2014-04-07 18:45 - 02157056 _____ (Farbar) C:\Users\yvonne\Downloads\FRST64.exe 2014-04-06 16:30 - 2014-04-06 16:30 - 00688992 _____ (Swearware) C:\Users\yvonne\Downloads\dds.scr 2014-04-06 16:30 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-06 16:30 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-06 16:30 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-06 16:30 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-06 16:30 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-06 16:30 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-06 16:30 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-06 16:30 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-06 16:30 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-06 16:30 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-06 16:30 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-06 16:30 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-06 16:30 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-06 16:30 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-06 16:30 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-06 16:30 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-06 16:30 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-06 16:30 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-06 16:30 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-06 16:30 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-06 16:30 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-06 16:30 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-06 16:30 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-06 16:30 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-06 16:30 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-06 16:30 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-06 16:30 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-06 16:30 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-06 16:30 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-06 16:30 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-06 16:30 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-06 16:30 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-06 16:30 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-06 16:30 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-06 16:30 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-06 16:30 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-06 16:30 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-06 16:30 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-06 16:30 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-06 16:30 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-06 15:54 - 2014-04-06 15:54 - 00005667 _____ () C:\Users\yvonne\Desktop\dds.zip 2014-04-06 15:54 - 2014-04-06 15:54 - 00002523 _____ () C:\Users\yvonne\Desktop\attach.zip 2014-04-06 15:53 - 2014-04-06 15:53 - 00831384 _____ () C:\Users\yvonne\Downloads\winzip180-lan_en.exe 2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-04-06 15:50 - 2014-04-06 15:50 - 01110476 _____ () C:\Users\yvonne\Downloads\7z920.exe 2014-04-06 15:44 - 2014-04-06 15:44 - 00021384 _____ () C:\Users\yvonne\Desktop\dds.txt 2014-04-06 15:44 - 2014-04-06 15:44 - 00008184 _____ () C:\Users\yvonne\Desktop\attach.txt 2014-04-06 15:39 - 2014-04-06 15:39 - 00688992 ____R (Swearware) C:\Users\yvonne\Downloads\dds.com 2014-04-06 15:36 - 2014-04-06 15:36 - 00000000 ____D () C:\Users\yvonne\AppData\Local\Mozilla 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\ProgramData\Mozilla 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-06 15:34 - 2014-04-06 15:34 - 00282880 _____ (Mozilla) C:\Users\yvonne\Downloads\Firefox Setup Stub 28.0.exe 2014-03-24 03:23 - 2014-03-24 03:23 - 00000000 __SHD () C:\found.001 2014-03-24 03:12 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-23 21:24 - 2014-03-23 21:25 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu (1).exe 2014-03-23 16:40 - 2014-03-23 16:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-23 16:39 - 2014-03-23 16:40 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu.exe 2014-03-23 16:34 - 2014-03-23 16:35 - 01682336 _____ (ESET) C:\Users\yvonne\Downloads\eset_nod32_antivirus_live_installer.exe 2014-03-23 16:18 - 2014-03-23 16:26 - 00000000 ____D () C:\AdwCleaner 2014-03-23 16:16 - 2014-03-23 16:17 - 01950720 _____ () C:\Users\yvonne\Downloads\AdwCleaner.exe 2014-03-23 16:12 - 2014-03-23 16:12 - 00007466 _____ () C:\Users\yvonne\Desktop\JRT.txt 2014-03-23 16:07 - 2014-03-23 16:07 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 16:05 - 2014-03-23 16:06 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT (1).exe 2014-03-23 16:04 - 2014-03-23 16:05 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT.exe 2014-03-23 15:51 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-23 15:51 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-23 15:51 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-23 15:39 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-23 15:39 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-23 15:35 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-23 15:35 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-23 14:47 - 2014-03-23 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-23 14:47 - 2014-03-23 15:33 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-23 14:44 - 2014-03-23 15:55 - 00000000 ____D () C:\Users\yvonne\Desktop\mbar 2014-03-23 14:44 - 2014-03-23 14:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-23 14:37 - 2014-03-23 14:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\yvonne\Downloads\mbar-1.07.0.1009.exe 2014-03-23 14:35 - 2014-03-23 14:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-23 14:33 - 2014-03-23 14:33 - 00791393 _____ (Lars Hederer ) C:\Users\yvonne\Downloads\erunt-setup.exe 2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Dropbox 2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\AVAST Software 2014-03-22 23:49 - 2014-03-22 23:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-22 23:49 - 2014-03-22 23:49 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-22 23:48 - 2014-03-22 23:48 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-22 23:47 - 2014-03-22 23:47 - 00055011 _____ () C:\ComboFix.txt 2014-03-22 23:47 - 2014-03-22 23:47 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-22 23:18 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-22 23:18 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-22 23:18 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-22 23:18 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-22 23:18 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-22 23:18 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-22 23:18 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-22 23:18 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-22 23:17 - 2014-03-23 14:36 - 00000000 ____D () C:\Windows\erdnt 2014-03-22 23:17 - 2014-03-22 23:47 - 00000000 ____D () C:\Qoobox 2014-03-22 23:17 - 2014-03-22 23:47 - 00000000 ____D () C:\ComboFix 2014-03-22 23:14 - 2014-03-22 23:15 - 05190773 ____R (Swearware) C:\Users\yvonne\Downloads\ComboFix.exe 2014-03-22 23:06 - 2014-03-22 23:06 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-03-22 23:04 - 2014-03-22 23:04 - 00001318 _____ () C:\Windows\system32\.crusader 2014-03-22 22:58 - 2014-03-22 21:52 - 88551496 _____ (AVAST Software) C:\Users\yvonne\Desktop\avast_free_antivirus_setup.exe 2014-03-22 22:58 - 2014-03-22 21:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\yvonne\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-22 22:47 - 2014-03-22 22:47 - 00000000 ____D () C:\Windows\pss 2014-03-22 22:40 - 2014-03-22 22:40 - 00015026 _____ () C:\YVONNE-LAPTOP_2014.03.22-2237.01_86312E92-00B3-005C-00A7-0071045268B4_16388.zip 2014-03-22 22:39 - 2014-03-22 22:39 - 00000036 _____ () C:\Users\yvonne\AppData\Local\housecall.guid.cache 2014-03-22 22:28 - 2014-03-22 22:28 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Malwarebytes 2014-03-22 22:27 - 2014-03-23 23:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-22 22:27 - 2014-03-22 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-22 22:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-22 20:36 - 2014-03-22 20:36 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-22 20:30 - 2014-03-22 23:05 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-22 19:45 - 2014-03-22 19:45 - 00000000 ____D () C:\found.000 2014-03-13 00:25 - 2014-03-13 00:25 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hgblcglc.zvv ==================== One Month Modified Files and Folders ======= 2014-04-07 18:46 - 2014-04-07 18:46 - 00017173 _____ () C:\Users\yvonne\Downloads\FRST.txt 2014-04-07 18:46 - 2014-04-07 18:46 - 00000000 ____D () C:\FRST 2014-04-07 18:45 - 2014-04-07 18:45 - 02157056 _____ (Farbar) C:\Users\yvonne\Downloads\FRST64.exe 2014-04-07 18:45 - 2009-07-14 01:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 18:41 - 2013-12-23 16:49 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-04-07 18:41 - 2012-02-20 16:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 18:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 18:40 - 2009-07-14 00:51 - 00067917 _____ () C:\Windows\setupact.log 2014-04-07 18:15 - 2011-12-30 00:14 - 01940500 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 18:15 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 18:15 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 03:34 - 2012-02-20 16:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 16:30 - 2014-04-06 16:30 - 00688992 _____ (Swearware) C:\Users\yvonne\Downloads\dds.scr 2014-04-06 15:54 - 2014-04-06 15:54 - 00005667 _____ () C:\Users\yvonne\Desktop\dds.zip 2014-04-06 15:54 - 2014-04-06 15:54 - 00002523 _____ () C:\Users\yvonne\Desktop\attach.zip 2014-04-06 15:53 - 2014-04-06 15:53 - 00831384 _____ () C:\Users\yvonne\Downloads\winzip180-lan_en.exe 2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-04-06 15:50 - 2014-04-06 15:50 - 01110476 _____ () C:\Users\yvonne\Downloads\7z920.exe 2014-04-06 15:44 - 2014-04-06 15:44 - 00021384 _____ () C:\Users\yvonne\Desktop\dds.txt 2014-04-06 15:44 - 2014-04-06 15:44 - 00008184 _____ () C:\Users\yvonne\Desktop\attach.txt 2014-04-06 15:39 - 2014-04-06 15:39 - 00688992 ____R (Swearware) C:\Users\yvonne\Downloads\dds.com 2014-04-06 15:36 - 2014-04-06 15:36 - 00000000 ____D () C:\Users\yvonne\AppData\Local\Mozilla 2014-04-06 15:36 - 2012-01-03 20:14 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Mozilla 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\ProgramData\Mozilla 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-06 15:34 - 2014-04-06 15:34 - 00282880 _____ (Mozilla) C:\Users\yvonne\Downloads\Firefox Setup Stub 28.0.exe 2014-03-31 09:35 - 2011-12-30 14:34 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-24 03:28 - 2009-07-14 00:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-24 03:23 - 2014-03-24 03:23 - 00000000 __SHD () C:\found.001 2014-03-23 23:30 - 2014-03-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-23 21:25 - 2014-03-23 21:24 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu (1).exe 2014-03-23 16:40 - 2014-03-23 16:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-23 16:40 - 2014-03-23 16:39 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu.exe 2014-03-23 16:35 - 2014-03-23 16:34 - 01682336 _____ (ESET) C:\Users\yvonne\Downloads\eset_nod32_antivirus_live_installer.exe 2014-03-23 16:27 - 2009-07-14 01:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-23 16:26 - 2014-03-23 16:18 - 00000000 ____D () C:\AdwCleaner 2014-03-23 16:22 - 2011-12-30 14:14 - 00217360 _____ () C:\Windows\PFRO.log 2014-03-23 16:17 - 2014-03-23 16:16 - 01950720 _____ () C:\Users\yvonne\Downloads\AdwCleaner.exe 2014-03-23 16:12 - 2014-03-23 16:12 - 00007466 _____ () C:\Users\yvonne\Desktop\JRT.txt 2014-03-23 16:08 - 2014-01-05 20:11 - 00000000 ____D () C:\Program Files (x86)\BetterBrowse 2014-03-23 16:07 - 2014-03-23 16:07 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 16:06 - 2014-03-23 16:05 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT (1).exe 2014-03-23 16:05 - 2014-03-23 16:04 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT.exe 2014-03-23 15:55 - 2014-03-23 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-23 15:55 - 2014-03-23 14:44 - 00000000 ____D () C:\Users\yvonne\Desktop\mbar 2014-03-23 15:33 - 2014-03-23 14:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-23 14:44 - 2014-03-23 14:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-23 14:41 - 2014-03-23 14:37 - 12589848 _____ (Malwarebytes Corp.) C:\Users\yvonne\Downloads\mbar-1.07.0.1009.exe 2014-03-23 14:36 - 2014-03-22 23:17 - 00000000 ____D () C:\Windows\erdnt 2014-03-23 14:35 - 2014-03-23 14:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-23 14:33 - 2014-03-23 14:33 - 00791393 _____ (Lars Hederer ) C:\Users\yvonne\Downloads\erunt-setup.exe 2014-03-23 14:32 - 2013-08-20 11:42 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-23 14:29 - 2011-12-30 16:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-23 01:20 - 2012-06-04 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-23 01:20 - 2011-12-30 00:28 - 00000000 ____D () C:\Users\yvonne 2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media 2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2014-03-23 01:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-03-23 01:18 - 2012-06-04 21:48 - 00000000 ____D () C:\ProgramData\Skype 2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Dropbox 2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\AVAST Software 2014-03-22 23:49 - 2014-03-22 23:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-22 23:49 - 2014-03-22 23:49 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-22 23:49 - 2014-03-22 23:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-22 23:48 - 2014-03-22 23:48 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-22 23:47 - 2014-03-22 23:47 - 00055011 _____ () C:\ComboFix.txt 2014-03-22 23:47 - 2014-03-22 23:47 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-22 23:47 - 2014-03-22 23:17 - 00000000 ____D () C:\Qoobox 2014-03-22 23:47 - 2014-03-22 23:17 - 00000000 ____D () C:\ComboFix 2014-03-22 23:47 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-03-22 23:36 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-22 23:15 - 2014-03-22 23:14 - 05190773 ____R (Swearware) C:\Users\yvonne\Downloads\ComboFix.exe 2014-03-22 23:06 - 2014-03-22 23:06 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-03-22 23:05 - 2014-03-22 20:30 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-22 23:04 - 2014-03-22 23:04 - 00001318 _____ () C:\Windows\system32\.crusader 2014-03-22 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-22 22:47 - 2014-03-22 22:47 - 00000000 ____D () C:\Windows\pss 2014-03-22 22:45 - 2013-10-19 21:39 - 00000000 ____D () C:\Users\yvonne\AppData\Local\gladinet 2014-03-22 22:45 - 2011-12-30 20:32 - 00103822 _____ () C:\ProgramData\dleascan.log 2014-03-22 22:40 - 2014-03-22 22:40 - 00015026 _____ () C:\YVONNE-LAPTOP_2014.03.22-2237.01_86312E92-00B3-005C-00A7-0071045268B4_16388.zip 2014-03-22 22:39 - 2014-03-22 22:39 - 00000036 _____ () C:\Users\yvonne\AppData\Local\housecall.guid.cache 2014-03-22 22:28 - 2014-03-22 22:28 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Malwarebytes 2014-03-22 22:27 - 2014-03-22 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-22 22:27 - 2012-06-04 21:48 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Skype 2014-03-22 21:52 - 2014-03-22 22:58 - 88551496 _____ (AVAST Software) C:\Users\yvonne\Desktop\avast_free_antivirus_setup.exe 2014-03-22 21:20 - 2014-03-22 22:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\yvonne\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-22 20:36 - 2014-03-22 20:36 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-22 19:45 - 2014-03-22 19:45 - 00000000 ____D () C:\found.000 2014-03-13 00:25 - 2014-03-13 00:25 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hgblcglc.zvv Files to move or delete: ==================== C:\ProgramData\hgblcglc.zvv Some content of TEMP: ==================== C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-06 16:49 ==================== End Of Log ============================