runningwithlola

No, I still have the ads, including a 'coupon dropdown' thing in the corner of browser windows. Browsing is definitely a bit faster though.

ESET log C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\bitool.dll.xBAD Win32/Somoto.B potentially unwanted application C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe.xBAD a variant of Win32/InstallCore.BQ potentially unwanted application C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\optprosetup.exe.xBAD a variant of Win32/OptimizerEliteMax.C potentially unwanted application C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application C:\Users\Mommy\Downloads\FreeYouTubeDownload.exe a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Mommy\Downloads\FreeYouTubeToMP3Converter.exe a variant of Win32/OpenCandy.A potentially unsafe application

JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows Vista Home Premium x64 Ran by Mommy on Sat 11/08/2014 at 10:41:27.79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Mommy\AppData\Roaming\mozilla\firefox\profiles\7ly00fpp.default-1414676892928\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 11/08/2014 at 10:53:33.57 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oh, I think I did run JRT but was unable to attach the log file.. I seem to be having problems uploading. I will run it again and follow with the ESET scanner.

ComboFix log ComboFixlog.txt

I'm back. Things got a little crazy around here. My husband did some things on the computer and it seemed fine for a few days but the ads are back with a vengeance today. I ran another scan with Malwarebytes, here is the log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/7/2014 Scan Time: 8:03:20 AM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.07.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x64 File System: NTFS User: Mommy Scan Type: Threat Scan Result: Completed Objects Scanned: 421064 Time Elapsed: 41 min, 46 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.TehSnab, C:\$RECYCLE.BIN\S-1-5-21-2668706330-732816361-1631804343-1002\$RPLIA13.exe, Quarantined, [856afd3b1e5ec472fb91f83a2bda847c], Physical Sectors: 0 (No malicious items detected) (end)

TDSSKiller.3.0.0.41_31.10.2014_13.49.51_log.txt

log 2 FWIW, this popped up in code when I was trying to attach the 2nd log file: script src="//cdncache-a.akamaihd.net/loaders/1741/l.js?pid=1741&ext=Notification&zoneid=5318519" /script I can't seem to attach 2nd log. It says "upload failed". I will try again.

TDSSKiller log 1: 13:45:15.0946 0x0974 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 13:45:22.0265 0x0974 ============================================================ 13:45:22.0266 0x0974 Current date / time: 2014/10/31 13:45:22.0265 13:45:22.0266 0x0974 SystemInfo: 13:45:22.0266 0x0974 13:45:22.0266 0x0974 OS Version: 6.0.6001 ServicePack: 1.0 13:45:22.0266 0x0974 Product type: Workstation 13:45:22.0266 0x0974 ComputerName: OZAIIS-PC 13:45:22.0266 0x0974 UserName: Mommy 13:45:22.0266 0x0974 Windows directory: C:\Windows 13:45:22.0266 0x0974 System windows directory: C:\Windows 13:45:22.0266 0x0974 Running under WOW64 13:45:22.0266 0x0974 Processor architecture: Intel x64 13:45:22.0266 0x0974 Number of processors: 2 13:45:22.0266 0x0974 Page size: 0x1000 13:45:22.0266 0x0974 Boot type: Normal boot 13:45:22.0266 0x0974 ============================================================ 13:45:24.0840 0x0974 KLMD registered as C:\Windows\system32\drivers\65372705.sys 13:45:25.0525 0x0974 System UUID: {199011B3-ED27-BBB5-AC64-12B29D011795} 13:45:26.0616 0x0974 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:45:26.0621 0x0974 ============================================================ 13:45:26.0621 0x0974 \Device\Harddisk0\DR0: 13:45:26.0622 0x0974 MBR partitions: 13:45:26.0622 0x0974 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000 13:45:26.0622 0x0974 ============================================================ 13:45:26.0659 0x0974 C: <-> \Device\Harddisk0\DR0\Partition1 13:45:26.0659 0x0974 ============================================================ 13:45:26.0659 0x0974 Initialize success 13:45:26.0659 0x0974 ============================================================ 13:46:02.0981 0x0664 KLMD registered as C:\Windows\system32\drivers\64137810.sys 13:46:04.0798 0x0664 Deinitialize success

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/31/2014 Scan Time: 12:27:13 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.31.09 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x64 File System: NTFS User: Mommy Scan Type: Threat Scan Result: Completed Objects Scanned: 407176 Time Elapsed: 26 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) I am still seeing the ads and having progressively slower browsing.

# AdwCleaner v3.311 - Report created 31/10/2014 at 11:54:27 # Updated 30/09/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 1 (64 bits) # Username : Mommy - OZAIIS-PC # Running from : C:\Users\Mommy\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\Users\Mommy\AppData\Roaming\dvdvideosoftiehelpers [!] Folder Deleted : C:\Users\Mommy\Documents\Optimizer Pro ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\AdvertisingSupport Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6001.18639 -\\ Mozilla Firefox v32.0.3 (x86 en-US) [ File : C:\Users\Mommy\AppData\Roaming\Mozilla\Firefox\Profiles\7ly00fpp.default-1414676892928\prefs.js ] [ File : C:\Users\Ozaiis\AppData\Roaming\Mozilla\Firefox\Profiles\3rnnikgc.default\prefs.js ] -\\ Google Chrome v38.0.2125.111 [ File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3055 octets] - [31/10/2014 11:37:16] AdwCleaner[s0].txt - [2842 octets] - [31/10/2014 11:54:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2902 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 Ran by Mommy at 2014-10-31 11:20:56 Run:1 Running from C:\Users\Mommy\Downloads Loaded Profiles: Ozaiis & Mommy (Available profiles: Ozaiis & Mommy & Christian) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...age={startPage} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...1I7TSHB_enUS536 Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff C:\Users\Mommy\AppData\Local\Temp\bitool.dll C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe Task: {4502B967-E2C4-4B7C-B39F-6A1795AC74DC} - \GPUP No Task File <==== ATTENTION ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully. "HKCR\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. HKCU\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully. C:\Users\Mommy\AppData\Local\Temp\bitool.dll => Moved successfully. C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe => Moved successfully. C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully. C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe => Moved successfully. C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe => Moved successfully. C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4502B967-E2C4-4B7C-B39F-6A1795AC74DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4502B967-E2C4-4B7C-B39F-6A1795AC74DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully. The system needed a reboot. ==== End of Fixlog ====

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version Started in : Normal mode User : Mommy [Administrator] Mode : Scan -- Date : 10/31/2014 09:11:40 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 31 ¤¤¤ [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++ --- User --- [MBR] 9c99d8f1a4317f558e37fc2f636b7225 [bSP] 26c558306341bd593ee8eea47af089f4 : HP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 MB User = LL1 ... OK User = LL2 ... OK

Thank you!! I am downloading RougeKiller now. Here is my Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/31/2014 Scan Time: 8:06:20 AM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.31.05 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x64 File System: NTFS User: Mommy Scan Type: Threat Scan Result: Completed Objects Scanned: 407155 Time Elapsed: 44 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I'm seeing ads in places there shouldn't be ads, and brower tab hijacking. I ran Mbam a few times and it found and removed some things, but I am still seeing ads and web browsing is infuriatingly slow. My husband's in IT but he's not home long enough to help me out with this until the weekend. I downloaded Farbar and here are my results: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 Ran by Mommy (administrator) on OZAIIS-PC on 30-10-2014 10:33:37 Running from C:\Users\Mommy\Downloads Loaded Profile: Mommy (Available profiles: Ozaiis & Mommy & Christian) Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-01-29] (TOSHIBA) HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\MountPoints2: {1f7c9f2a-bea2-11e2-8ecc-001e336904fe} - F:\Start.exe HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\MountPoints2: {1f7c9fab-bea2-11e2-8ecc-001e336904fe} - G:\Start.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {B92C7376-9705-464E-AD3D-B47B14D8A3B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKLM - {B92C7376-9705-464E-AD3D-B47B14D8A3B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKLM-x32 - DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSHB_enUS536 BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 19 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.1.254 FireFox: ======== FF ProfilePath: C:\Users\Mommy\AppData\Roaming\Mozilla\Firefox\Profiles\7ly00fpp.default-1414676892928 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll () FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\4ef09132d37415b6491b13b8e7ae562b [2014-10-28] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-17] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-25] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25] CHR Extension: (Google Docs) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25] CHR Extension: (Google Drive) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25] CHR Extension: (YouTube) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25] CHR Extension: (Google Search) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25] CHR Extension: (Google Sheets) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25] CHR Extension: (Google Wallet) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25] CHR Extension: (Gmail) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed] S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [376200 2014-10-09] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 osubsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed] S4 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-01-21] (TOSHIBA Corporation) S4 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed] S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed] S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 10:33 - 2014-10-30 10:34 - 00017247 _____ () C:\Users\Mommy\Downloads\FRST.txt 2014-10-30 10:33 - 2014-10-30 10:33 - 00000000 ____D () C:\FRST 2014-10-30 10:31 - 2014-10-30 10:31 - 02113536 _____ (Farbar) C:\Users\Mommy\Downloads\FRST64.exe 2014-10-30 10:19 - 2014-10-30 10:20 - 00007720 _____ () C:\Users\Mommy\Downloads\hijackthis.log 2014-10-30 09:49 - 2014-10-30 09:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mommy\Downloads\HijackThis.exe 2014-10-29 17:28 - 2014-10-29 17:28 - 00000000 ____D () C:\Windows\ERUNT 2014-10-29 17:27 - 2014-10-29 17:28 - 01706144 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe 2014-10-29 17:09 - 2014-10-30 09:42 - 00002024 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-29 17:09 - 2014-10-29 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-29 17:05 - 2014-10-30 10:10 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-29 17:05 - 2014-10-29 19:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-29 17:05 - 2014-10-29 17:05 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-29 17:05 - 2014-10-29 17:05 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-29 17:04 - 2014-10-29 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Local\Google 2014-10-29 17:03 - 2014-10-29 17:04 - 00000000 ____D () C:\Users\Christian\AppData\Local\Deployment 2014-10-29 17:03 - 2014-10-29 17:03 - 00000000 ____D () C:\Users\Christian\AppData\Local\Apps\2.0 2014-10-29 16:44 - 2014-10-29 16:44 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Macromedia 2014-10-29 16:44 - 2014-10-29 16:44 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Adobe 2014-10-29 16:40 - 2014-10-29 16:40 - 00000000 ____D () C:\Users\Christian\AppData\Local\LogMeIn Rescue 2014-10-29 16:39 - 2014-10-29 16:39 - 00000000 ____D () C:\Users\Christian\AppData\Local\LogMeIn 2014-10-29 14:21 - 2014-10-29 14:25 - 00000000 ____D () C:\Users\Mommy\Barbie's Dream House 2014-10-29 09:34 - 2014-10-29 09:34 - 00001067 _____ () C:\oct292014.txt 2014-10-28 09:42 - 2014-10-30 09:42 - 00003280 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-10-28 09:42 - 2014-10-28 09:42 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-10-28 09:40 - 2014-10-28 09:40 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-10-27 10:47 - 2014-10-27 10:47 - 00005724 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-27 10:32 - 2014-10-27 10:33 - 00035824 _____ (Curio Laboratories) C:\Users\Mommy\Downloads\RemoveOnRebootSetup.exe 2014-10-27 10:28 - 2014-10-27 10:28 - 00002531 _____ () C:\Users\Mommy\Desktop\Microsoft Lync 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002058 _____ () C:\Users\Mommy\Desktop\Microsoft SharePoint Workspace 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002056 _____ () C:\Users\Mommy\Desktop\Microsoft Publisher 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002040 _____ () C:\Users\Mommy\Desktop\Microsoft Word 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002034 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Designer 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002034 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Designer 2010 (2).lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002018 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Filler 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00002002 _____ () C:\Users\Mommy\Desktop\Microsoft PowerPoint 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00001972 _____ () C:\Users\Mommy\Desktop\Microsoft OneNote 2010.lnk 2014-10-27 10:27 - 2014-10-27 10:27 - 00001966 _____ () C:\Users\Mommy\Desktop\Microsoft Office Picture Manager.lnk 2014-10-27 10:26 - 2014-10-27 10:26 - 00001990 _____ () C:\Users\Mommy\Desktop\Microsoft Access 2010.lnk 2014-10-27 10:23 - 2014-10-27 10:23 - 00000990 _____ () C:\Users\Christian\Desktop\Internet Explorer.lnk 2014-10-27 10:22 - 2014-10-29 17:56 - 00002643 _____ () C:\Users\Christian\Desktop\Microsoft Outlook 2010.lnk 2014-10-27 10:22 - 2014-10-27 10:22 - 00002531 _____ () C:\Users\Christian\Desktop\Microsoft Lync 2010.lnk 2014-10-27 10:22 - 2014-10-27 10:22 - 00002058 _____ () C:\Users\Christian\Desktop\Microsoft SharePoint Workspace 2010.lnk 2014-10-27 10:22 - 2014-10-27 10:22 - 00002002 _____ () C:\Users\Christian\Desktop\Microsoft PowerPoint 2010.lnk 2014-10-27 10:22 - 2014-10-27 10:22 - 00001966 _____ () C:\Users\Christian\Desktop\Microsoft Office Picture Manager.lnk 2014-10-27 10:21 - 2014-10-27 10:21 - 00002008 _____ () C:\Users\Christian\Desktop\Microsoft Excel 2010.lnk 2014-10-27 09:54 - 2014-10-27 09:57 - 00446244 _____ () C:\Windows\dd_vcredistMSI699B.txt 2014-10-27 09:54 - 2014-10-27 09:57 - 00012358 _____ () C:\Windows\dd_vcredistUI699B.txt 2014-10-27 09:09 - 2014-10-30 09:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-27 08:49 - 2014-10-27 08:49 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-27 08:49 - 2014-10-27 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-27 08:48 - 2014-10-27 08:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-27 08:48 - 2014-10-27 08:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-27 08:48 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-27 08:48 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-27 08:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-27 08:41 - 2014-10-29 18:23 - 00000000 ____D () C:\Users\Christian\Tracing 2014-10-27 08:41 - 2014-10-29 16:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Apple Computer 2014-10-27 08:41 - 2014-10-27 08:41 - 00115376 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-27 08:41 - 2014-10-27 08:41 - 00000990 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-27 08:41 - 2014-10-27 08:41 - 00000985 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-27 08:41 - 2014-10-27 08:41 - 00000960 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-27 08:39 - 2014-10-27 08:41 - 00000926 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-10-27 08:39 - 2014-10-27 08:39 - 00000632 __RSH () C:\Users\Christian\ntuser.pol 2014-10-26 20:19 - 2014-10-27 08:41 - 00000000 ____D () C:\Users\Christian 2014-10-26 20:19 - 2014-10-26 20:19 - 00000020 ___SH () C:\Users\Christian\ntuser.ini 2014-10-26 20:19 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Microsoft Help 2014-10-26 20:19 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-26 20:19 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ____D () C:\Windows\system32\EventProviders 2014-10-26 19:36 - 2014-10-26 20:11 - 605410472 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\Windows6.0-KB948465-X64.exe 2014-10-26 19:11 - 2014-10-26 19:13 - 36138288 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\IE9-WindowsVista-x64-enu (1).exe 2014-10-26 19:08 - 2014-10-26 19:08 - 00514864 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\IE9-WindowsVista-x64-enu.exe 2014-10-26 18:55 - 2014-10-26 18:56 - 04336310 _____ () C:\Users\Mommy\Downloads\Windows6.0-KB957388-x64.msu 2014-10-26 18:44 - 2014-10-26 18:46 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mommy\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-26 15:47 - 2014-10-26 15:47 - 00000000 ____D () C:\Users\Mommy\Documents\Optimizer Pro 2014-10-26 15:45 - 2014-10-29 17:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-26 15:38 - 2014-10-29 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2014-10-26 15:37 - 2014-10-29 17:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync 2014-10-26 15:37 - 2014-10-27 09:53 - 00000000 ____D () C:\Program Files\Microsoft Lync 2014-10-26 15:37 - 2014-10-26 15:37 - 00352688 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistMSI2223.txt 2014-10-26 15:37 - 2014-10-26 15:37 - 00344368 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistMSI2257.txt 2014-10-26 15:37 - 2014-10-26 15:37 - 00013846 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistUI2257.txt 2014-10-26 15:37 - 2014-10-26 15:37 - 00013846 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistUI2223.txt 2014-10-26 09:37 - 2014-10-26 18:40 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\uTorrent 2014-10-26 09:36 - 2014-10-23 13:27 - 01689680 _____ (BitTorrent Inc.) C:\uTorrent.exe 2014-10-25 19:16 - 2014-10-26 15:37 - 00000000 ____D () C:\Program Files (x86)\OCSetup 2014-10-25 17:24 - 2014-10-26 19:14 - 00005850 _____ () C:\Windows\IE9_main.log 2014-10-25 17:15 - 2014-10-25 17:16 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Deployment 2014-10-25 17:15 - 2014-10-25 17:15 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apps\2.0 2014-10-25 16:34 - 2014-10-29 19:01 - 00000000 ____D () C:\Users\Mommy\Tracing 2014-10-25 16:31 - 2014-10-25 16:31 - 00000000 ____D () C:\Users\Mommy\AppData\Local\AOCSetup 2014-10-25 15:42 - 2014-10-25 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-10-25 15:39 - 2014-10-25 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2014-10-25 15:38 - 2014-10-25 15:38 - 00000000 ____D () C:\Windows\PCHEALTH 2014-10-25 15:38 - 2014-10-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework 2014-10-25 15:32 - 2014-10-25 15:32 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-10-25 15:29 - 2014-10-25 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8 2014-10-25 15:28 - 2014-10-25 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-10-21 19:22 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn Client 2014-10-20 13:33 - 2014-10-20 13:34 - 00000000 ____D () C:\Users\Mommy\misc saved art 2014-10-20 09:22 - 2014-10-22 12:39 - 00000000 ____D () C:\Users\Mommy\Hair 2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn 2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-10-15 18:38 - 2014-10-15 18:38 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn Rescue 2014-10-15 18:36 - 2014-10-15 18:36 - 00002140 _____ () C:\Users\Public\Desktop\LogMeIn Rescue Technician Console.lnk 2014-10-15 18:36 - 2014-10-15 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue 2014-10-15 18:36 - 2014-10-15 18:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue Technician Console 2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-10-13 09:45 - 2014-10-13 09:45 - 00000000 ____D () C:\Users\Mommy\Funny 2014-10-12 09:50 - 2014-10-29 09:57 - 00000000 ____D () C:\Users\Mommy\Fashion 2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\Program Files\iTunes 2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-11 10:09 - 2014-10-11 10:10 - 00000000 ____D () C:\Program Files\iPod 2014-10-08 03:15 - 2010-09-20 07:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll 2014-10-08 03:15 - 2010-09-20 04:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll 2014-10-07 14:59 - 2014-10-07 14:59 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell 2014-10-07 14:58 - 2014-10-07 14:58 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-10-07 09:58 - 2014-10-07 09:58 - 00000000 ____D () C:\Program Files\Windows Live 2014-10-07 09:58 - 2010-04-28 08:57 - 00061288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys 2014-10-07 09:57 - 2014-10-07 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-10-07 09:56 - 2014-10-07 09:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive 2014-10-07 09:54 - 2014-10-07 09:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-10-07 09:53 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-10-07 09:52 - 2014-10-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-10-06 16:14 - 2008-05-27 00:23 - 02209792 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2014-10-06 16:14 - 2008-05-27 00:22 - 02176512 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2014-10-06 16:14 - 2008-05-27 00:21 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2014-10-06 16:14 - 2008-05-27 00:21 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll 2014-10-06 16:14 - 2008-05-27 00:20 - 00498176 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2014-10-06 16:14 - 2008-05-27 00:20 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll 2014-10-06 16:14 - 2008-05-27 00:20 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2014-10-06 16:14 - 2008-05-27 00:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2014-10-06 16:14 - 2008-05-27 00:20 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll 2014-10-06 16:14 - 2008-05-27 00:20 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll 2014-10-06 16:14 - 2008-05-27 00:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 06100480 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 01676800 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2014-10-06 16:14 - 2008-05-27 00:19 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2014-10-06 16:14 - 2008-05-27 00:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2014-10-06 16:14 - 2008-05-27 00:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlhtml.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propdefs.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmlfilter.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstrc.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll 2014-10-06 16:14 - 2008-05-27 00:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtffilt.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chtbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chsbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thawbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offfilt.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2014-10-06 16:14 - 2008-05-27 00:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscb.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2014-10-06 16:14 - 2008-05-27 00:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2014-10-06 16:14 - 2008-05-26 23:59 - 00106605 _____ () C:\Windows\SysWOW64\StructuredQuerySchema.bin 2014-10-06 16:14 - 2008-05-26 23:59 - 00106605 _____ () C:\Windows\system32\StructuredQuerySchema.bin 2014-10-06 16:14 - 2008-05-26 23:59 - 00018904 _____ () C:\Windows\SysWOW64\StructuredQuerySchemaTrivial.bin 2014-10-06 16:14 - 2008-05-26 23:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin 2014-10-06 16:14 - 2007-11-08 04:04 - 11967524 _____ () C:\Windows\SysWOW64\korwbrkr.lex 2014-10-06 16:14 - 2007-11-08 04:04 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex 2014-10-06 16:13 - 2014-10-06 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-06 16:12 - 2014-10-06 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf 2014-10-06 16:12 - 2014-10-06 16:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-06 16:10 - 2014-10-26 18:34 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Microsoft Help 2014-10-06 16:09 - 2010-04-14 13:35 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-10-06 16:09 - 2010-04-14 13:35 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-10-06 16:09 - 2010-04-14 13:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2014-10-06 16:09 - 2010-04-14 12:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2014-10-06 16:09 - 2010-04-14 12:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2014-10-06 16:09 - 2010-04-14 12:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax 2014-10-06 14:56 - 2009-10-09 16:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2014-10-06 14:56 - 2009-10-09 16:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2014-10-06 14:56 - 2009-10-09 16:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2014-10-06 14:56 - 2009-10-09 16:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2014-10-06 14:56 - 2009-10-09 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2014-10-06 14:56 - 2009-10-09 16:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-10-06 14:55 - 2009-10-09 16:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2014-10-06 14:55 - 2009-10-09 16:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2014-10-06 14:55 - 2009-10-09 16:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2014-10-06 14:55 - 2009-10-09 16:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2014-10-06 14:55 - 2009-10-09 16:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-10-06 14:55 - 2009-10-09 16:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2014-10-06 14:55 - 2009-10-09 16:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2014-10-06 14:55 - 2009-10-09 16:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2014-10-06 14:55 - 2009-10-09 16:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2014-10-06 14:55 - 2009-10-09 16:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-10-06 14:55 - 2009-10-09 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2014-10-06 14:55 - 2009-10-09 16:35 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-10-06 14:55 - 2009-10-09 16:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2014-10-06 14:55 - 2009-10-09 16:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2014-10-06 14:55 - 2009-10-09 16:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2014-10-06 14:55 - 2009-10-09 16:34 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-10-06 14:55 - 2009-10-09 16:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2014-10-06 14:55 - 2009-10-09 16:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2014-10-06 14:55 - 2009-10-09 16:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2014-10-06 14:55 - 2009-08-01 01:27 - 00201184 _____ () C:\Windows\SysWOW64\winrm.vbs 2014-10-06 14:55 - 2009-08-01 01:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs 2014-10-06 14:55 - 2009-07-16 12:30 - 00004675 _____ () C:\Windows\SysWOW64\wsmanconfig_schema.xml 2014-10-06 14:55 - 2009-07-16 12:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml 2014-10-06 14:55 - 2009-07-16 12:30 - 00002426 _____ () C:\Windows\SysWOW64\WsmTxt.xsl 2014-10-06 14:55 - 2009-07-16 12:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl 2014-10-06 14:54 - 2014-10-08 03:14 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-10-06 14:23 - 2014-10-08 03:14 - 00001837 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-10-06 14:23 - 2014-10-08 03:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-10-06 14:23 - 2014-10-08 03:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-10-06 12:46 - 2009-09-10 10:48 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe 2014-10-06 12:46 - 2009-09-10 10:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe 2014-10-06 12:45 - 2011-04-12 10:14 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-10-06 12:45 - 2011-04-12 09:56 - 00857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-10-06 12:45 - 2011-03-03 10:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll 2014-10-06 12:45 - 2011-03-03 09:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll 2014-10-06 12:45 - 2011-03-03 08:25 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll 2014-10-06 12:45 - 2011-03-03 08:01 - 04240384 _____ (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll 2014-10-06 12:45 - 2010-01-25 08:03 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-10-06 12:45 - 2010-01-25 08:03 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-10-06 12:45 - 2010-01-25 08:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-10-06 12:45 - 2010-01-25 08:02 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-10-06 12:45 - 2010-01-25 08:00 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-10-06 12:45 - 2010-01-25 07:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-10-06 12:45 - 2010-01-25 07:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-10-06 12:45 - 2010-01-25 07:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-10-06 12:45 - 2010-01-25 07:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-10-06 12:45 - 2010-01-25 07:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-10-06 12:45 - 2010-01-25 03:37 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-10-06 12:45 - 2010-01-25 03:37 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-10-06 12:45 - 2010-01-25 03:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-10-06 12:45 - 2010-01-25 03:37 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-10-06 12:45 - 2010-01-25 03:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-10-06 12:45 - 2010-01-25 03:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-10-06 12:45 - 2010-01-25 03:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-10-06 12:45 - 2010-01-25 03:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-10-06 12:45 - 2009-10-23 13:10 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-10-06 12:45 - 2009-10-23 12:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-10-06 12:44 - 2008-10-21 23:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2014-10-06 12:44 - 2008-10-21 22:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2014-10-06 12:44 - 2008-10-21 00:49 - 01691648 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll 2014-10-06 12:44 - 2008-10-21 00:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\connect.dll 2014-10-06 12:40 - 2008-09-17 23:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-10-06 12:40 - 2008-09-17 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-10-06 12:40 - 2008-09-17 23:47 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll 2014-10-06 12:40 - 2008-08-27 23:02 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-10-06 12:40 - 2008-08-27 23:02 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-10-06 12:40 - 2008-08-27 23:02 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-10-06 12:40 - 2008-08-27 22:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-10-06 12:40 - 2008-08-27 22:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-10-06 12:40 - 2008-08-27 22:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-10-05 16:04 - 2014-10-05 16:04 - 00000000 ____D () C:\Windows\pss 2014-10-03 17:14 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-10-03 17:14 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-10-02 14:18 - 2014-10-28 10:22 - 00000000 ____D () C:\Users\Mommy\Cosmetology Info and Howtos 2014-10-02 03:08 - 2014-10-02 03:09 - 00448672 _____ () C:\Windows\dd_vcredistMSI118B.txt 2014-10-02 03:08 - 2014-10-02 03:09 - 00011590 _____ () C:\Windows\dd_vcredistUI118B.txt 2014-10-01 12:48 - 2014-10-01 12:48 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Template 2014-10-01 12:48 - 2014-10-01 12:48 - 00000000 _____ () C:\Users\Mommy\AppData\Roaming\wklnhst.dat 2014-10-01 09:28 - 2014-10-01 09:28 - 00000000 __SHD () C:\found.003 2014-09-30 11:12 - 2014-09-30 11:13 - 00000000 ____D () C:\Users\Mommy\Cosmetology Licensing 2014-09-30 11:12 - 2014-09-30 11:12 - 00000000 ____D () C:\Users\Mommy\Grand Am 2014-09-30 11:11 - 2014-10-02 14:31 - 00000000 ____D () C:\Users\Mommy\Kids - School ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 09:53 - 2013-07-14 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-10-30 09:41 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-30 09:41 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-30 09:06 - 2013-05-14 19:20 - 00000000 ____D () C:\Users\Mommy 2014-10-30 08:30 - 2006-11-02 07:46 - 00005722 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-30 07:06 - 2013-05-12 15:43 - 01289093 _____ () C:\Windows\WindowsUpdate.log 2014-10-29 19:00 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-29 18:54 - 2008-01-20 22:26 - 00163866 _____ () C:\Windows\PFRO.log 2014-10-29 18:53 - 2006-11-02 10:42 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-29 17:08 - 2008-08-20 14:39 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-29 13:06 - 2013-07-14 20:17 - 00000000 ____D () C:\Program Files (x86)\Yahoo! 2014-10-29 11:15 - 2006-11-02 10:22 - 00000000 ____D () C:\Windows\Setup 2014-10-29 11:14 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\MSAgent 2014-10-27 10:26 - 2013-05-14 19:46 - 00000985 _____ () C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-27 09:55 - 2006-11-02 08:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-10-27 09:53 - 2014-09-25 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-26 19:05 - 2013-05-17 09:26 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\BitTorrent 2014-10-26 15:52 - 2008-08-20 14:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-26 15:50 - 2006-11-02 10:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-26 15:45 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-26 15:42 - 2013-05-17 09:46 - 00000000 ____D () C:\Users\Mommy\Downloads\The Sims - Makin Magic + Serial & No CD Fix 2014-10-26 15:37 - 2013-05-14 20:00 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Mozilla 2014-10-25 19:52 - 2013-05-12 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-25 19:49 - 2006-11-02 07:34 - 00000219 _____ () C:\Windows\win.ini 2014-10-25 19:27 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache 2014-10-25 17:29 - 2014-09-25 15:53 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-10-25 17:20 - 2013-05-16 22:53 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Google 2014-10-25 16:09 - 2013-05-14 19:46 - 00115376 _____ () C:\Users\Mommy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-25 16:07 - 2006-11-02 10:21 - 00405232 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-25 15:58 - 2006-11-02 10:07 - 00000000 ____D () C:\Windows\ShellNew 2014-10-25 15:42 - 2013-05-12 15:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-10-25 15:41 - 2006-11-02 10:07 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-10-25 15:38 - 2013-05-12 15:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-10-25 15:28 - 2013-05-12 15:53 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-10-16 11:36 - 2013-11-15 17:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 11:30 - 2006-11-02 07:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-10-07 14:59 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-07 14:58 - 2006-11-02 08:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-07 09:53 - 2013-05-12 16:34 - 00062296 _____ () C:\Windows\DirectX.log 2014-10-06 16:12 - 2006-11-02 10:27 - 00031248 _____ () C:\Windows\setupact.log 2014-10-02 03:07 - 2013-05-12 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk 2014-10-02 03:07 - 2013-05-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works 2014-10-02 03:07 - 2013-05-12 15:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2014-09-30 12:14 - 2013-11-28 17:30 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate 2014-09-30 11:06 - 2013-05-12 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Mommy\AppData\Local\Temp\bitool.dll C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-30 07:11 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 Ran by Mommy at 2014-10-30 10:35:01 Running from C:\Users\Mommy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.) Adobe Reader 8.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated) Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros) Atheros Wi-Fi Protected Setup Library (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{3C2673D2-8248-EDDC-B759-1D1D53C6709A}) (Version: 3.0.634.0 - ATI Technologies, Inc.) BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.) Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (HKLM-x32\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI) ccc-core-static (x32 Version: 2007.0815.2326.40058 - ATI) Hidden CD/DVD Drive Acoustic Silencer (HKLM-x32\...\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}) (Version: 3.01.01 - TOSHIBA) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D7400 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden D7400_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.) eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden HP Photosmart Printer Driver Software 10.0.02 (HKLM\...\{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}) (Version: 10.0 - HP) HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden iBackupBot 5.2.2 (HKLM-x32\...\iBackupBot) (Version: 5.2.2 - VOWSoft, Ltd.) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle) Java 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) LogMeIn Rescue Technician Console (HKLM-x32\...\{7BE9A43E-A5E7-42F7-BFCE-D6F51B1D192C}) (Version: 7.5.2353 - LogMeIn, Inc.) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{B31017AA-FBF8-4003-8785-EC789C2AE0C2}) (Version: 4.0.7577.4446 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSSUB) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PS_SF_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden PS_SF_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden PS_SF_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skins (x32 Version: 2007.0815.2326.40058 - ATI) Hidden SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics) Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden TOSHIBA Application Disc Creator (HKLM\...\{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation) Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.03 - TOSHIBA) TOSHIBA ConfigFree (HKLM-x32\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation) TOSHIBA Desktop Links (HKLM-x32\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.2.64 - TOSHIBA) TOSHIBA Hardware Setup (HKLM-x32\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - ) Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.87 (SM2187ALS04) - Agere Systems) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - ) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.24.64 - TOSHIBA Corporation) TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.17 - WildTangent) Hidden Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 26-10-2014 14:06:28 Scheduled Checkpoint 26-10-2014 14:06:48 Windows Update 26-10-2014 15:38:05 Windows Update 26-10-2014 18:14:59 Windows Update 26-10-2014 20:50:18 Removed The Sims Makin' Magic 26-10-2014 23:56:59 Windows Update 27-10-2014 00:05:13 Removed Bonjour 27-10-2014 14:51:47 Windows Update 27-10-2014 15:55:36 Windows Update 28-10-2014 23:37:40 Scheduled Checkpoint 29-10-2014 01:59:42 Windows Update 29-10-2014 17:45:48 Scheduled Checkpoint 30-10-2014 12:31:17 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 07:34 - 2014-10-26 17:01 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {4502B967-E2C4-4B7C-B39F-6A1795AC74DC} - \GPUP No Task File <==== ATTENTION Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {7B780ADF-1701-4186-890E-363E718A36E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8690B0BB-FB9D-42B1-A455-585A42D7726A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.) Task: {A3D304E1-D6E9-4069-8AF2-37EECBEC6BA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D86F9475-BFA0-4146-9544-ECBB256FD362} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-28] (Jelbrus) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-12 16:02 - 2007-07-28 00:26 - 00116736 _____ () C:\Windows\system32\atitmm64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2008-08-20 14:07 - 2007-12-07 18:48 - 00071168 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\cmdpst.dll 2014-09-25 15:08 - 2014-09-25 15:08 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-07-02 17:20 - 2013-07-02 17:20 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Ati External Event Utility => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CltMngSvc => 2 MSCONFIG\Services: ConfigFree Service => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: jswpsapi => 3 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SmartFaceVWatchSrv => 3 MSCONFIG\Services: TMachInfo => 2 MSCONFIG\Services: TNaviSrv => 2 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA SMART Log Service => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: OfficeSubscriptionAgent => "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => RAVCpl64.exe MSCONFIG\startupreg: Skytel => Skytel.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: StartCCC => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WPCUMI => C:\Windows\system32\WpcUmi.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2668706330-732816361-1631804343-500 - Administrator - Disabled) Christian (S-1-5-21-2668706330-732816361-1631804343-1003 - Administrator - Enabled) => C:\Users\Christian Guest (S-1-5-21-2668706330-732816361-1631804343-501 - Limited - Disabled) Mommy (S-1-5-21-2668706330-732816361-1631804343-1002 - Administrator - Enabled) => C:\Users\Mommy Ozaiis (S-1-5-21-2668706330-732816361-1631804343-1000 - Limited - Enabled) => C:\Users\Ozaiis ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (10/29/2014 07:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 06:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 06:51:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b, process id 0x10b4, application start time 0xplugin-container.exe0. Error: (10/29/2014 06:45:13 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (10/29/2014 06:01:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/29/2014 04:54:03 PM) (Source: Windows Search Service) (EventID: 3024) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog System errors: ============= Error: (10/30/2014 10:02:06 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom3, is not ready for access yet. Error: (10/30/2014 10:02:05 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom3, is not ready for access yet. Error: (10/30/2014 09:47:32 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom3, is not ready for access yet. Error: (10/30/2014 09:32:34 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom3, is not ready for access yet. Error: (10/30/2014 08:49:05 AM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (10/30/2014 08:49:01 AM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (10/30/2014 08:29:32 AM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'TSSTcrp CTDVDW TS=L632H0 ATA Device' (IDE\CdRomTSSTcrp_CTDVDW_TS=L632H0_______________T_01____\5&2758e738&0&0.0.0) disappeared from the system without first being prepared for removal. Error: (10/30/2014 08:29:18 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom2, is not ready for access yet. Error: (10/30/2014 08:27:14 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom2, is not ready for access yet. Error: (10/30/2014 08:27:12 AM) (Source: cdrom) (EventID: 15) (User: ) Description: The device, \Device\CdRom2, is not ready for access yet. Microsoft Office Sessions: ========================= Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (10/29/2014 07:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 06:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 06:51:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b10b401cff3d27589c2b0 Error: (10/29/2014 06:45:13 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (10/29/2014 06:01:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/29/2014 04:54:03 PM) (Source: Windows Search Service) (EventID: 3024) (User: ) Description: Context: Application, SystemIndex Catalog CodeIntegrity Errors: =================================== Date: 2014-10-30 10:34:50.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:49.962 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:49.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:49.619 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:49.170 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:48.991 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:48.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:48.603 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:10.073 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-30 10:34:09.918 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Turion 64 X2 Mobile Technology TL-60 Percentage of memory in use: 56% Total physical RAM: 3964.7 MB Available physical RAM: 1740.34 MB Total Pagefile: 8151.93 MB Available Pagefile: 6127.35 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (SQ004823V02) (Fixed) (Total:231.42 GB) (Free:112.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: (THESIMSEP7) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: CA519DD9) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================