michellebosco

thank you i will do the required tomorrow and post then regards m

rkill log Rkill 2.6.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/18/2014 12:43:18 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Active Proxy Server Detected * Proxy Disabled. * ProxyOverride value deleted. * ProxyServer value deleted. * AutoConfigURL value deleted. * Proxy settings were backed up to Registry file. Checking Registry for malware related settings: * No issues found in the Registry. Backup Registry file created at: C:\Users\Gillian\Desktop\rkill\rkill-04-18-2014-12-43-22.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/18/2014 12:44:37 PMExecution time: 0 hours(s), 1 minute(s), and 19 seconds(s) RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Gillian [Admin rights]Mode : Scan -- Date : 04/18/2014 12:57:43| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] DesktopWeatherAlertsApp.exe -- C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe [7] -> KILLED [TermProc][sUSP PATH] WeatherAlerts.exe -- C:\Users\Gillian\AppData\Local\WeatherAlerts\WeatherAlerts.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 28 ¤¤¤[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND[iFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND[iFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 2 ¤¤¤[Gillian][sUSP PATH] DesktopWeatherAlerts.lnk : C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk @C:\Users\Gillian\AppData\Local\WEATHE~1\DESKTO~1.EXE [-][7] -> FOUND[Gillian][sUSP PATH] Weather Alerts.lnk : C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk @C:\Users\Gillian\AppData\Local\WEATHE~1\WEATHE~1.EXE /restart [-][7] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤[Address] EAT @explorer.exe (OneXAddEapAttributes) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3827C0)[Address] EAT @explorer.exe (OneXAddTLV) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3825A4)[Address] EAT @explorer.exe (OneXCompareAuthParams) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3835BC)[Address] EAT @explorer.exe (OneXCopyAuthParams) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA383BC8)[Address] EAT @explorer.exe (OneXCreateDefaultProfile) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA380E0C)[Address] EAT @explorer.exe (OneXCreateDiscoveryProfiles) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA384008)[Address] EAT @explorer.exe (OneXCreateSupplicantPort) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381008)[Address] EAT @explorer.exe (OneXDeInitialize) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA380CC4)[Address] EAT @explorer.exe (OneXDestroySupplicantPort) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381308)[Address] EAT @explorer.exe (OneXForceAuthenticatedState) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3833A8)[Address] EAT @explorer.exe (OneXFreeAuthParams) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA383B58)[Address] EAT @explorer.exe (OneXFreeMemory) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3829EC)[Address] EAT @explorer.exe (OneXIndicatePacket) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA382A94)[Address] EAT @explorer.exe (OneXIndicateSessionChange) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA382CF4)[Address] EAT @explorer.exe (OneXInitialize) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA380A4C)[Address] EAT @explorer.exe (OneXQueryAuthParams) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA382EBC)[Address] EAT @explorer.exe (OneXQueryPendingUIRequest) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA382094)[Address] EAT @explorer.exe (OneXQueryState) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381C30)[Address] EAT @explorer.exe (OneXQueryStatistics) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381E3C)[Address] EAT @explorer.exe (OneXReasonCodeToString) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA383DD8)[Address] EAT @explorer.exe (OneXRestartReasonCodeToString) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA383EF0)[Address] EAT @explorer.exe (OneXSetAuthParams) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA383114)[Address] EAT @explorer.exe (OneXSetRuntimeState) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA3844A8)[Address] EAT @explorer.exe (OneXStartAuthentication) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381498)[Address] EAT @explorer.exe (OneXStopAuthentication) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381708)[Address] EAT @explorer.exe (OneXUIResponse) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA382314)[Address] EAT @explorer.exe (OneXUpdatePortProfile) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA381964)[Address] EAT @explorer.exe (OneXUpdateProfilePostDiscovery) : fdproxy.dll -> HOOKED (C:\Windows\system32\OneX.DLL @ 0xFA384264) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST320LT020-9YG142 +++++--- User ---[MBR] 2d7d94ba8776bd501073fc5c5b67dc55[bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_04182014_125743.txt >>

hi there i have done as requested from the above post and here are the results I hope thanks Rkill 2.6.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/18/2014 12:43:18 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Active Proxy Server Detected * Proxy Disabled. * ProxyOverride value deleted. * ProxyServer value deleted. * AutoConfigURL value deleted. * Proxy settings were backed up to Registry file. Checking Registry for malware related settings: * No issues found in the Registry. Backup Registry file created at: C:\Users\Gillian\Desktop\rkill\rkill-04-18-2014-12-43-22.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/18/2014 12:44:37 PMExecution time: 0 hours(s), 1 minute(s), and 19 seconds(s) Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.04.18.03 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.17041Gillian :: GILLIAN-PC [administrator] 18/04/2014 12:48:43mbam-log-2014-04-18 (12-48-43).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 273482Time elapsed: 5 minute(s), 12 second(s) Memory Processes Detected: 9C:\Program Files (x86)\NetTock\updateNetTock.exe (PUP.Optional.NetTock.A) -> 1100 -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.exe (PUP.Optional.BlockAndSurf.A) -> 116488 -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> 3168 -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> 3240 -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (PUP.Optional.SettingsManager.A) -> 1208 -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (PUP.Optional.SettingsManager.A) -> 1520 -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemku.exe (PUP.Optional.SettingsManager.A) -> 3924 -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf_wd.exe (PUP.Optional.BlockAndSurf.A) -> 2812 -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockNSurf.exe (PUP.Optional.BlockAndSurf.A) -> 2248 -> No action taken. Memory Modules Detected: 4C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemk.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.dll (PUP.Optional.BlockAndSurf.A) -> No action taken. Registry Keys Detected: 32HKCR\Linkey.Linkey (PUP.Optional.Linkey.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> No action taken.HKCR\CLSID\{3cfaf932-a9cb-4e59-99a0-fe04e9df9328} (PUP.Optional.NetTock.A) -> No action taken.HKCR\TypeLib\{bb54c027-0fb6-42da-97f1-52ce16826acb} (PUP.Optional.NetTock.A) -> No action taken.HKCR\Interface\{0909C19E-BD9D-44C1-AAC5-72884EAF0AD3} (PUP.Optional.NetTock.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CFAF932-A9CB-4E59-99A0-FE04E9DF9328} (PUP.Optional.NetTock.A) -> No action taken.HKCR\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921} (PUP.Optional.Linkey.A) -> No action taken.HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts (PUP.Optional.WeatherAlerts.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey (PUP.Optional.Linkey.A) -> No action taken.HKCR\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47} (PUP.Optional.Linkey.A) -> No action taken.HKCR\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3} (PUP.Optional.Linkey.A) -> No action taken.HKCU\SOFTWARE\SmartbarBackup (PUP.Optional.SmartBar) -> No action taken.HKCU\SOFTWARE\SmartbarLog (PUP.Optional.SmartBar) -> No action taken.HKCU\Software\NetTock (PUP.Optional.NetTock.A) -> No action taken.HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> No action taken.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.HKLM\SOFTWARE\LINKEY (PUP.Optional.Linkey.A) -> No action taken.HKLM\SOFTWARE\SystemK\General (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SOFTWARE\SYSTEMK (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\BlockAndSurf (PUP.Optional.BlockAndSurf.A) -> No action taken.HKLM\Software\NetTock (PUP.Optional.NetTock.A) -> No action taken.HKLM\Software\Wow6432Node\NetTock (PUP.Optional.NetTock.A) -> No action taken.HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} (PUP.Optional.SettingsManager.A) -> No action taken.HKCR\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} (PUP.Optional.SettingsManager.A) -> No action taken.HKCR\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SystemkService (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (PUP.Optional.SettingsManager.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f2d51b4c-2921-4a51-a0e0-efc3cbf492b8 (PUP.Optional.BlockAndSurf.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\Update NetTock (PUP.Optional.NetTock.A) -> Quarantined and deleted successfully.HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> Quarantined and deleted successfully. Registry Values Detected: 5HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0E1G1J1H -> No action taken.HKLM\SOFTWARE\Linkey|ie_jsurl (PUP.Optional.Linkey.A) -> Data: http://app.linkeyproject.com/popup/IE/background.js -> No action taken.HKLM\SOFTWARE\SystemK|browser (PUP.Optional.SettingsManager.A) -> Data: ie ff cr -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BlockNSurf (PUP.Optional.BlockAndSurf.A) -> Data: C:\Program Files (x86)\BlockAndSurf Corp\BlockNSurf.exe -> No action taken.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully. Registry Data Items Detected: 10HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Linkey.A) -> Bad: (C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll) Good: () -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (http://www.google.com) -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (http://www.google.com) -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (http://www.google.com) -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (http://www.google.com) -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl|Default (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (www.google.com) -> No action taken.HKCU\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (www.google.com) -> No action taken.HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (www.google.com) -> No action taken.HKCU\Software\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (www.google.com) -> No action taken.HKCU\Software\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVTCH&co=GB&userid=5856658c-4a67-562a-014a-ab03fa4f972a&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000) Good: (www.google.com) -> No action taken. Folders Detected: 13C:\ProgramData\systemk (PUP.Optional.SystemK.A) -> No action taken.C:\Program Files (x86)\Linkey (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\ChromeExtension (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\IEExtension (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\NetTock (PUP.Optional.NetTock.A) -> No action taken.C:\Users\Gillian\AppData\Local\Temp\smartbar (PUP.Optional.SmartBar.A) -> No action taken.C:\Users\Gillian\AppData\Local\Local_Weather_LLC (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_eryredpbayfa2olwhindhjbns4zpco0w (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_eryredpbayfa2olwhindhjbns4zpco0w\1.4.0.0 (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64 (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp (PUP.Optional.BlockAndSurf.A) -> No action taken. Files Detected: 87C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\NetTock\NetTockBHO.dll (PUP.Optional.NetTock.A) -> No action taken.C:\Users\Gillian\AppData\Roaming\VOPackage\Setup.exe (PUP.Optional.InstallCore.A) -> No action taken.C:\$RECYCLE.BIN\S-1-5-21-605980436-3675755864-2338212161-1000\$R8R1OQH.exe (PUP.Optional.OptimizerPro) -> No action taken.C:\$RECYCLE.BIN\S-1-5-21-605980436-3675755864-2338212161-1000\$RATQ1HD.exe (PUP.Optional.OptimizerPro) -> No action taken.C:\$RECYCLE.BIN\S-1-5-21-605980436-3675755864-2338212161-1000\$RPSKLCG.exe (PUP.Optional.OptimizerPro) -> No action taken.C:\Users\Gillian\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> No action taken.C:\Users\Gillian\Downloads\Java (1).exe (PUP.Optional.BundleInstaller.A) -> No action taken.C:\Users\Gillian\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> No action taken.C:\Users\Gillian\Downloads\setup (1).exe (PUP.Optional.OutBrowse) -> No action taken.C:\Users\Gillian\Downloads\Setup (2).exe (PUP.Optional.AirAdInstaller) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe (PUP.Optional.WeatherAlerts.A) -> No action taken.C:\Users\Gillian\Local Settings\Temporary Internet Files\Content.IE5\6976B3RX\Setup[1].exe (PUP.Optional.InstallCore.A) -> No action taken.C:\Users\Gillian\Local Settings\Temporary Internet Files\Content.IE5\EXIOP3JB\DesktopWeatherAlertsSetup[1].exe (PUP.Optional.WeatherAlerts.A) -> No action taken.C:\Users\Gillian\Local Settings\Temporary Internet Files\Content.IE5\ZISMB94K\Setup[1].exe (PUP.Optional.NetTock.A) -> No action taken.C:\ProgramData\systemk\general.cfg (PUP.Optional.SystemK.A) -> No action taken.C:\ProgramData\systemk\coordinator.cfg (PUP.Optional.SystemK.A) -> No action taken.C:\ProgramData\systemk\S-1-5-21-605980436-3675755864-2338212161-1000.cfg (PUP.Optional.SystemK.A) -> No action taken.C:\Windows\Tasks\BlockAndSurf Update.job (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Windows\Tasks\BlockAndSurf_wd.job (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\Linkey\log.log (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\Helper.dll (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\Uninstall.exe (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\ChromeExtension\ChromeExtension.crx (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (PUP.Optional.Linkey.A) -> No action taken.C:\Program Files (x86)\NetTock\NetTock.ico (PUP.Optional.NetTock.A) -> No action taken.C:\Program Files (x86)\NetTock\7za.exe (PUP.Optional.NetTock.A) -> No action taken.C:\Program Files (x86)\NetTock\NetTockUninstall.exe (PUP.Optional.NetTock.A) -> No action taken.C:\Program Files (x86)\NetTock\updateNetTock.InstallState (PUP.Optional.NetTock.A) -> No action taken.C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage (PUP.Optional.BuenoSearch.A) -> No action taken.C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal (PUP.Optional.BuenoSearch.A) -> No action taken.C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\Temp\smartbar\GuidCreator.dll (PUP.Optional.SmartBar.A) -> No action taken.C:\Users\Gillian\AppData\Local\Temp\smartbar\Installer.exe.config (PUP.Optional.SmartBar.A) -> No action taken.C:\Users\Gillian\AppData\Local\Temp\smartbar\sqlite3.dll (PUP.Optional.SmartBar.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.exe (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Users\Gillian\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_eryredpbayfa2olwhindhjbns4zpco0w\1.4.0.0\user.config (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\uninstall.exe (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\WAUpdater.exe (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\WAUpdater.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> No action taken.C:\Users\Gillian\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\favicon.ico (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\Helper.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemk.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemkChrome.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemkmgrc1.cfg (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\systemku.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg (PUP.Optional.SettingsManager.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\158.crx (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\158.dat (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\158.xpi (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\a.db (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\b.db (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.bin (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.dll (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf158.ini (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockAndSurf_wd.exe (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BlockNSurf.exe (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\BnSup.exe (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\Sqlite3.dll (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\BlockAndSurf Corp\Uninstall.exe (PUP.Optional.BlockAndSurf.A) -> No action taken.C:\Program Files (x86)\NetTock\updateNetTock.exe (PUP.Optional.NetTock.A) -> Delete on reboot. (end)

Hi There I have been away for a few days I will do the above tomorrow morning and report back thank you Michelle

hi i have a problem with beunosearch i just cant remove it have tried malwarebytes but no joy Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014Ran by Gillian (administrator) on GILLIAN-PC on 12-04-2014 13:14:33Running from C:\Users\Gillian\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\WLANExt.exe(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-11-01] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-605980436-3675755864-2338212161-1000\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)HKU\S-1-5-21-605980436-3675755864-2338212161-1000\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-605980436-3675755864-2338212161-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-605980436-3675755864-2338212161-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1GroupPolicyUsers\S-1-5-21-605980436-3675755864-2338212161-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No FileCHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Extension: (Google Drive) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]CHR Extension: (YouTube) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]CHR Extension: (Google Search) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]CHR Extension: (Skype Click to Call) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-21]CHR Extension: (Google Wallet) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]CHR Extension: (Gmail) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Gillian\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-12-21]CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Gillian\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-12-21]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ================= R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-12 13:14 - 2014-04-12 13:15 - 00009871 _____ () C:\Users\Gillian\Desktop\FRST.txt2014-04-12 13:14 - 2014-04-12 13:14 - 02157056 _____ (Farbar) C:\Users\Gillian\Desktop\FRST64.exe2014-04-12 13:14 - 2014-04-12 13:14 - 00000000 ____D () C:\FRST2014-04-12 13:13 - 2014-04-12 13:13 - 01145856 _____ (Farbar) C:\Users\Gillian\Downloads\FRST.exe2014-04-12 13:05 - 2014-04-12 13:05 - 00015024 _____ () C:\ComboFix.txt2014-04-12 12:49 - 2014-04-12 13:05 - 00000000 ____D () C:\Qoobox2014-04-12 12:49 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe2014-04-12 12:49 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe2014-04-12 12:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-04-12 12:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-04-12 12:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-04-12 12:49 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe2014-04-12 12:49 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe2014-04-12 12:49 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe2014-04-12 12:48 - 2014-04-12 13:03 - 00000000 ____D () C:\Windows\erdnt2014-04-12 12:47 - 2014-04-12 12:54 - 00000000 ____D () C:\Users\Gillian\Desktop\pics for sale2014-04-12 12:47 - 2014-04-12 12:47 - 05194807 ____R (Swearware) C:\Users\Gillian\Desktop\ComboFix.exe2014-04-12 12:43 - 2014-04-12 12:43 - 04118280 _____ () C:\Users\Gillian\Desktop\tdsskiller.zip2014-04-12 12:05 - 2014-04-12 12:05 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieUserList2014-04-12 12:05 - 2014-04-12 12:05 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieSiteList2014-04-12 01:43 - 2014-04-12 01:43 - 05353472 _____ () C:\Users\Gillian\Downloads\SkypeWebPlugin-2.9.13008.18866.msi2014-04-12 01:43 - 2014-04-12 01:43 - 00000000 ____D () C:\Program Files (x86)\SkypeWebPlugin2014-04-12 00:38 - 2014-04-12 00:38 - 11570816 _____ (Microsoft Corporation) C:\Users\Gillian\Downloads\SkypeClicktoCall.exe2014-04-12 00:09 - 2014-04-12 00:49 - 00000000 ____D () C:\Users\Gillian\Downloads\Skype_TSA31P8Q12014-04-12 00:09 - 2014-04-12 00:09 - 00001064 _____ () C:\Users\Gillian\Desktop\Optimizer Pro.lnk2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\Documents\Optimizer Pro2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Optimizer Pro2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\AppData\Local\SearchProtect2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro2014-04-12 00:03 - 2014-04-12 00:03 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (4).exe2014-04-11 23:59 - 2014-04-11 23:59 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-04-11 23:59 - 2014-04-11 23:59 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-11 23:58 - 2014-04-11 23:58 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (3).exe2014-04-11 23:47 - 2014-04-11 23:47 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (2).exe2014-04-11 23:38 - 2014-04-11 23:38 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (1).exe2014-04-11 23:22 - 2014-04-11 23:22 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Skype2014-04-11 23:21 - 2014-04-12 00:03 - 00362029 _____ () C:\Users\Gillian\Downloads\sqlite3.dll2014-04-11 23:21 - 2014-04-11 23:21 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup.exe2014-04-11 22:52 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-11 22:52 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-11 22:52 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-04-11 22:52 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-11 22:52 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-11 22:52 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-04-11 22:52 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-04-11 22:52 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-11 22:52 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-11 22:52 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-11 22:52 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-11 22:52 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-11 22:52 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-04-11 22:52 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-04-11 22:52 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-04-11 22:52 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-04-11 22:52 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-11 22:52 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-04-11 22:52 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-11 22:52 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-04-11 22:52 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-11 22:52 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-04-11 22:52 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-04-11 22:52 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-11 22:52 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-11 22:52 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-11 22:52 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-11 22:52 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-11 22:52 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-04-11 22:52 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-11 22:52 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-04-11 22:52 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-04-11 22:52 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-04-11 22:52 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-11 22:52 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-04-11 22:52 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-04-11 22:52 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-11 22:52 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-04-11 22:52 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-11 22:52 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-11 22:52 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-04-11 22:52 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-11 22:52 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-11 22:52 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-11 22:52 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-04-11 22:52 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-04-11 22:52 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-11 22:52 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-11 08:56 - 2014-04-12 12:43 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Gillian\Desktop\TDSSKiller.exe2014-04-10 10:33 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-10 10:33 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-10 10:33 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-10 10:33 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-10 10:33 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-10 10:33 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-10 10:33 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-10 10:33 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-10 10:33 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-10 10:33 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-10 10:33 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-10 10:33 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-10 10:33 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-10 10:33 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-10 10:33 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-10 10:33 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-10 10:33 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-07 20:20 - 2014-04-07 20:20 - 00000000 ____D () C:\Users\Gillian\Desktop\New folder2014-04-06 13:17 - 2014-04-06 13:17 - 03249480 _____ (Unity Technologies ApS) C:\Users\Gillian\Downloads\UnityWebPlayer (5).exe2014-03-30 00:41 - 2014-03-30 00:41 - 00017918 _____ () C:\Users\Gillian\Downloads\lodger agreement.zip2014-03-26 21:26 - 2014-03-26 21:26 - 40581755 _____ () C:\Users\Gillian\Downloads\an-atlas-of-interpretative-radiographic-anatomy-_dog-cat.zip2014-03-25 01:14 - 2014-03-25 01:14 - 00743125 _____ () C:\Users\Gillian\Downloads\ellie.htm2014-03-25 01:14 - 2014-03-25 01:14 - 00000000 ____D () C:\Users\Gillian\Downloads\ellie_files2014-03-24 22:13 - 2014-03-24 22:13 - 01106896 _____ () C:\Users\Gillian\Downloads\R.I.P Tupac Amaru Shakur (1971-1996).htm2014-03-24 22:13 - 2014-03-24 22:13 - 00000000 ____D () C:\Users\Gillian\Downloads\R.I.P Tupac Amaru Shakur (1971-1996)_files2014-03-22 12:14 - 2014-03-22 12:14 - 01072256 _____ () C:\Users\Gillian\Downloads\references (1).htm2014-03-22 12:13 - 2014-03-22 12:13 - 01072256 _____ () C:\Users\Gillian\Downloads\references.htm2014-03-14 02:17 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-14 02:17 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-14 02:17 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-14 02:17 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-14 02:16 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-14 02:16 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-14 02:16 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-14 02:16 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-12 13:15 - 2014-04-12 13:14 - 00009871 _____ () C:\Users\Gillian\Desktop\FRST.txt2014-04-12 13:15 - 2013-09-07 21:33 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Skype2014-04-12 13:14 - 2014-04-12 13:14 - 02157056 _____ (Farbar) C:\Users\Gillian\Desktop\FRST64.exe2014-04-12 13:14 - 2014-04-12 13:14 - 00000000 ____D () C:\FRST2014-04-12 13:14 - 2012-04-26 07:38 - 01216120 _____ () C:\Windows\WindowsUpdate.log2014-04-12 13:13 - 2014-04-12 13:13 - 01145856 _____ (Farbar) C:\Users\Gillian\Downloads\FRST.exe2014-04-12 13:11 - 2014-02-26 21:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-12 13:10 - 2014-02-26 21:10 - 00079350 _____ () C:\Windows\PFRO.log2014-04-12 13:10 - 2014-02-26 21:10 - 00005108 _____ () C:\Windows\setupact.log2014-04-12 13:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-12 13:06 - 2014-02-03 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-12 13:05 - 2014-04-12 13:05 - 00015024 _____ () C:\ComboFix.txt2014-04-12 13:05 - 2014-04-12 12:49 - 00000000 ____D () C:\Qoobox2014-04-12 13:03 - 2014-04-12 12:48 - 00000000 ____D () C:\Windows\erdnt2014-04-12 12:57 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini2014-04-12 12:54 - 2014-04-12 12:47 - 00000000 ____D () C:\Users\Gillian\Desktop\pics for sale2014-04-12 12:49 - 2012-02-12 11:47 - 00000000 ____D () C:\Users\Gillian\AppData\Local\CrashDumps2014-04-12 12:47 - 2014-04-12 12:47 - 05194807 ____R (Swearware) C:\Users\Gillian\Desktop\ComboFix.exe2014-04-12 12:43 - 2014-04-12 12:43 - 04118280 _____ () C:\Users\Gillian\Desktop\tdsskiller.zip2014-04-12 12:43 - 2014-04-11 08:56 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Gillian\Desktop\TDSSKiller.exe2014-04-12 12:39 - 2012-02-09 01:49 - 00000000 ____D () C:\ProgramData\Norton2014-04-12 12:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-12 12:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-12 12:37 - 2013-12-03 00:51 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger2014-04-12 12:37 - 2012-02-08 23:44 - 00000000 ___RD () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-12 12:36 - 2009-07-14 06:13 - 00797850 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-12 12:34 - 2012-02-08 23:45 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Google2014-04-12 12:34 - 2011-11-01 16:27 - 00000000 ____D () C:\Program Files (x86)\Google2014-04-12 12:24 - 2014-02-26 21:13 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-12 12:16 - 2013-08-07 15:23 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\uTorrent2014-04-12 12:05 - 2014-04-12 12:05 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieUserList2014-04-12 12:05 - 2014-04-12 12:05 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieSiteList2014-04-12 04:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache2014-04-12 01:43 - 2014-04-12 01:43 - 05353472 _____ () C:\Users\Gillian\Downloads\SkypeWebPlugin-2.9.13008.18866.msi2014-04-12 01:43 - 2014-04-12 01:43 - 00000000 ____D () C:\Program Files (x86)\SkypeWebPlugin2014-04-12 00:50 - 2013-09-07 21:32 - 00000000 ____D () C:\ProgramData\Skype2014-04-12 00:49 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\Downloads\Skype_TSA31P8Q12014-04-12 00:38 - 2014-04-12 00:38 - 11570816 _____ (Microsoft Corporation) C:\Users\Gillian\Downloads\SkypeClicktoCall.exe2014-04-12 00:09 - 2014-04-12 00:09 - 00001064 _____ () C:\Users\Gillian\Desktop\Optimizer Pro.lnk2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\Documents\Optimizer Pro2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Optimizer Pro2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Gillian\AppData\Local\SearchProtect2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro2014-04-12 00:03 - 2014-04-12 00:03 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (4).exe2014-04-12 00:03 - 2014-04-11 23:21 - 00362029 _____ () C:\Users\Gillian\Downloads\sqlite3.dll2014-04-11 23:59 - 2014-04-11 23:59 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-04-11 23:59 - 2014-04-11 23:59 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-11 23:58 - 2014-04-11 23:58 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (3).exe2014-04-11 23:47 - 2014-04-11 23:47 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (2).exe2014-04-11 23:38 - 2014-04-11 23:38 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup (1).exe2014-04-11 23:22 - 2014-04-11 23:22 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Skype2014-04-11 23:21 - 2014-04-11 23:21 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Gillian\Downloads\SkypeSetup.exe2014-04-11 22:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-04-11 16:26 - 2014-02-26 21:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-10 11:05 - 2012-02-08 23:19 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-10 11:04 - 2013-08-07 15:59 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 11:02 - 2012-02-11 00:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-07 20:20 - 2014-04-07 20:20 - 00000000 ____D () C:\Users\Gillian\Desktop\New folder2014-04-06 13:17 - 2014-04-06 13:17 - 03249480 _____ (Unity Technologies ApS) C:\Users\Gillian\Downloads\UnityWebPlayer (5).exe2014-03-30 00:41 - 2014-03-30 00:41 - 00017918 _____ () C:\Users\Gillian\Downloads\lodger agreement.zip2014-03-29 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF2014-03-29 07:19 - 2014-02-26 21:13 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-29 07:19 - 2014-02-26 21:13 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-26 21:26 - 2014-03-26 21:26 - 40581755 _____ () C:\Users\Gillian\Downloads\an-atlas-of-interpretative-radiographic-anatomy-_dog-cat.zip2014-03-25 01:14 - 2014-03-25 01:14 - 00743125 _____ () C:\Users\Gillian\Downloads\ellie.htm2014-03-25 01:14 - 2014-03-25 01:14 - 00000000 ____D () C:\Users\Gillian\Downloads\ellie_files2014-03-24 22:13 - 2014-03-24 22:13 - 01106896 _____ () C:\Users\Gillian\Downloads\R.I.P Tupac Amaru Shakur (1971-1996).htm2014-03-24 22:13 - 2014-03-24 22:13 - 00000000 ____D () C:\Users\Gillian\Downloads\R.I.P Tupac Amaru Shakur (1971-1996)_files2014-03-22 12:14 - 2014-03-22 12:14 - 01072256 _____ () C:\Users\Gillian\Downloads\references (1).htm2014-03-22 12:13 - 2014-03-22 12:13 - 01072256 _____ () C:\Users\Gillian\Downloads\references.htm2014-03-14 04:21 - 2009-07-14 05:45 - 00342664 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-14 04:20 - 2012-05-15 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-14 04:20 - 2012-05-15 16:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 01:54 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014Ran by Gillian at 2014-04-12 13:15:55Running from C:\Users\Gillian\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )Battlefield Vietnam (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version: - )Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version: - Oberon Media)CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) HiddenCyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) HiddenCyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) HiddenDeadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media)Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)Optimizer Pro v3.2 (x32 Version: - ) Hidden <==== ATTENTIONQualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)QuickShare (HKLM-x32\...\{B630320B-4B6A-4623-A05D-80DAA4C73CE9}) (Version: 1.38.61.10911 - Linkury Inc.) <==== ATTENTIONRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSkype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version: - Oberon Media)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN) ==================== Restore Points ========================= 05-04-2014 13:30:43 Scheduled Checkpoint06-04-2014 18:04:31 Windows Backup10-04-2014 10:01:09 Windows Update11-04-2014 21:52:01 Windows Update11-04-2014 22:41:51 Removed Skype™ 6.1411-04-2014 22:56:45 Removed Skype™ 6.1411-04-2014 22:57:46 Removed Skype Click to Call11-04-2014 23:47:44 Installed Skype Click to Call12-04-2014 11:39:33 Configured Battlefield Vietnam ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {41601BE0-276F-40F9-BAE5-3399A4C557E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)Task: {471F2798-116D-41AB-8537-B5DA5ABB1FF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)Task: {5871F47F-DEB9-46B4-85D9-E9ACBE24315F} - \LaunchApp No Task FileTask: {61CEE913-03E9-4C4F-9612-2AE4E16F563C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)Task: {786C9F2B-46D1-4A31-A4C0-677F65442922} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {E2D530C1-6427-40AA-901B-CD1390E47D3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-28] (Piriform Ltd)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-18 04:49 - 2011-09-16 04:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-04-12 00:09 - 2014-04-12 00:09 - 00220800 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll2014-04-12 00:09 - 2014-04-12 00:09 - 04110808 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll2014-04-11 16:26 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-11 16:26 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll2014-04-11 16:26 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll2014-04-11 16:26 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-11 16:26 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-11 16:26 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:D346F792AlternateDataStreams: C:\Users\Gillian\Downloads\Appointment.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exeMSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"MSCONFIG\startupreg: EPSON Stylus Photo R220 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIE.EXE /FU "C:\Windows\TEMP\E_S99B3.tmp" /EF "HKCU"MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x1298Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x1308Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x12e0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x10d0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x1524Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 00:49:01 PM) (Source: Application Error) (User: )Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00030fdfFaulting process id: 0x1518Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (04/12/2014 10:18:15 AM) (Source: Customer Experience Improvement Program) (User: )Description: 80004005 Error: (04/12/2014 03:59:59 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/11/2014 11:53:09 PM) (Source: MsiInstaller) (User: Gillian-PC)Description: Product: Skype Click to Call -- A later version of Skype Click to Call is already installed. Error: (04/11/2014 11:41:25 PM) (Source: MsiInstaller) (User: Gillian-PC)Description: Product: Skype Click to Call -- A later version of Skype Click to Call is already installed. System errors:=============Error: (04/12/2014 00:57:37 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/12/2014 00:53:41 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/10/2014 11:52:47 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: CBS Client initialization failed. Last error: 0x8007045b Error: (03/30/2014 08:40:24 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 8:36:15 PM on ‎3/‎30/‎2014 was unexpected. Error: (03/28/2014 10:22:17 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (03/28/2014 10:22:16 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (03/28/2014 10:22:16 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (03/27/2014 09:46:58 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (03/27/2014 09:46:58 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (03/27/2014 09:46:58 PM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Microsoft Office Sessions:=========================Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf129801cf5645316a8b61C:\32788R22FWJFW\License\iexplore.exeunknown700273ba-c238-11e3-8972-5404a645c18d Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf130801cf5645316cfc6aC:\32788R22FWJFW\License\iexplore.exeunknown70024caa-c238-11e3-8972-5404a645c18d Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf12e001cf5645316cd559C:\32788R22FWJFW\License\iexplore.exeunknown7001fe8a-c238-11e3-8972-5404a645c18d Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf10d001cf5645316b9cd5C:\32788R22FWJFW\License\iexplore.exeunknown7001d77a-c238-11e3-8972-5404a645c18d Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf152401cf5645316cfc6aC:\32788R22FWJFW\License\iexplore.exeunknown7002259a-c238-11e3-8972-5404a645c18d Error: (04/12/2014 00:49:01 PM) (Source: Application Error)(User: )Description: iexplore.exe0.0.0.04e06cfe8unknown0.0.0.000000000c000000500030fdf151801cf564531692bccC:\32788R22FWJFW\License\iexplore.exeunknown70029aca-c238-11e3-8972-5404a645c18d Error: (04/12/2014 10:18:15 AM) (Source: Customer Experience Improvement Program)(User: )Description: 80004005 Error: (04/12/2014 03:59:59 AM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (04/11/2014 11:53:09 PM) (Source: MsiInstaller)(User: Gillian-PC)Description: Product: Skype Click to Call -- A later version of Skype Click to Call is already installed.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/11/2014 11:41:25 PM) (Source: MsiInstaller)(User: Gillian-PC)Description: Product: Skype Click to Call -- A later version of Skype Click to Call is already installed.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 35%Total physical RAM: 6048.13 MBAvailable physical RAM: 3894.13 MBTotal Pagefile: 12094.43 MBAvailable Pagefile: 9908.52 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:47 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:130.8 GB) NTFSDrive e: (BFV_1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B) Partition: GPT Partition Type. ==================== End Of Log ============================