TB Verifier.dll problem

[WhiteriverSpike]

Here's the two logs requested by Borislov.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2013 4:51:00 PM
System Uptime: 1/12/2014 9:01:39 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RY206
Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket AM2  | 2900/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 46.63 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 75 GiB total, 61.543 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Null
Device ID: ROOT\LEGACY_NULL\0000
Manufacturer:
Name: Null
PNP Device ID: ROOT\LEGACY_NULL\0000
Service: Null
.
==== System Restore Points ===================
.
RP124: 1/9/2014 8:58:53 AM - Windows Update
RP125: 1/10/2014 3:37:48 PM - Installed WeatherBug
RP126: 1/10/2014 3:42:59 PM - Removed WeatherBug
RP127: 1/10/2014 4:41:47 PM - Windows Backup
RP129: 1/10/2014 7:14:36 PM - Installed Dreamweaver MX
RP131: 1/10/2014 7:16:17 PM - Installed Extension Manager
RP132: 1/11/2014 10:00:16 AM - Windows Backup
RP133: 1/11/2014 2:53:06 PM - Windows Update
RP135: 1/11/2014 9:51:39 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP137: 1/11/2014 9:58:26 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP138: 1/11/2014 9:58:38 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP140: 1/11/2014 9:59:44 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
RP141: 1/11/2014 9:59:54 PM - Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
RP143: 1/11/2014 10:00:36 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP144: 1/11/2014 10:00:49 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP146: 1/11/2014 10:02:00 PM - Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB954430)
RP148: 1/11/2014 10:03:55 PM - Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB973688)
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 9.0.1
Adobe Reader X (10.1.8)
Adobe SVG Viewer
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
CardRd81
CCleaner
CCScore
CR2
D3DX10
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
FileParade Bundle
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Macromedia Dreamweaver MX
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
netbrdg
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OfotoXMI
Pdf995
PdfEdit995
Photo Common
Photo Gallery
QuickShare
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Secunia PSI (3.0.0.9015)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 6.3
staticcr
VPRINTOL
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 2:43:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
1/7/2014 11:20:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2014 10:02:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/12/2014 9:02:05 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Null
1/11/2014 8:50:57 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
1/11/2014 8:49:05 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/11/2014 8:49:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/11/2014 8:49:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/11/2014 8:49:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2014 8:48:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/11/2014 8:48:48 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter Null spldr Wanarpv6
1/11/2014 8:48:46 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/11/2014 8:29:49 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/11/2014 8:29:49 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
1/11/2014 6:31:33 PM, Error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
1/11/2014 4:24:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000006b (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011114-19266-01.
1/10/2014 12:02:08 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by computer doctor at 9:31:51 on 2014-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3006.1908 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
uProxyOverride = <-loopback>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [uninstall c:\users\computer doctor\appdata\local\microsoft\skydrive\16.4.6013.0910] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\computer doctor\appdata\local\microsoft\skydrive\16.4.6013.0910"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [bdruninstaller] "c:\program files\common files\bitdefender\setupinformation\downloader\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\downloader\setupdownloader.exe" /args:"/after_restart"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 10.0.0.1
TCP: Interfaces\{E11CF67E-48B2-4BA0-B0C9-7C3EDD36CA08} : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer doctor\appdata\roaming\mozilla\firefox\profiles\bt2qm1ut.default-1389492445794\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\computer doctor\appdata\roaming\mozilla\firefox\profiles\bt2qm1ut.default-1389492445794\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 MpKslf1f4a502;MpKslf1f4a502;c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\MpKslf1f4a502.sys [2014-1-12 40392]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-21 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-21 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-11-21 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-10 108032]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-21 1343400]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-12 15:02:10    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\MpKslf1f4a502.sys
2014-01-12 02:30:16    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\mpengine.dll
2014-01-11 21:12:16    --------    d-----w-    c:\users\computer doctor\aldus
2014-01-11 21:04:20    --------    d-----r-    c:\users\computer doctor\Virtual Machines
2014-01-11 17:46:11    --------    d-----w-    c:\users\computer doctor\appdata\local\DOSBox
2014-01-11 17:42:57    --------    d-----w-    c:\program files\DOSBox-0.74
2014-01-11 17:22:18    --------    d-----w-    c:\windows\pss
2014-01-11 01:16:05    --------    d-----w-    c:\program files\common files\Macromedia
2014-01-11 01:14:45    --------    d-----w-    c:\program files\Macromedia
2014-01-10 21:38:54    --------    d-----w-    c:\users\computer doctor\.android
2014-01-10 21:38:53    --------    d-----w-    c:\users\computer doctor\appdata\local\cache
2014-01-10 21:38:51    --------    d-----w-    c:\users\computer doctor\appdata\local\Mobogenie
2014-01-10 21:38:51    --------    d-----w-    c:\users\computer doctor\appdata\local\genienext
2014-01-10 21:37:54    --------    d-----w-    c:\program files\Mobogenie
2014-01-10 15:34:49    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-01 21:18:21    --------    dc----w-    c:\users\computer doctor\appdata\local\MigWiz
2013-12-31 00:35:54    --------    d-----w-    c:\programdata\HitmanPro
2013-12-31 00:34:49    --------    d-----w-    c:\program files\sweetpacks bundle uninstaller
2013-12-30 23:28:08    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-30 23:27:28    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-14 04:11:18    2876528    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2013-12-14 04:10:57    42168    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
.
==================== Find3M  ====================
.
2013-12-29 20:24:24    59    ----a-w-    c:\windows\wpd99.drv
2013-12-12 21:44:51    36864    ----a-w-    c:\windows\system32\pdf995mon.dll
2013-12-12 21:44:51    1672192    ----a-w-    c:\windows\system32\pdfmona.dll
2013-12-11 00:04:21    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 00:04:21    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-07 05:41:45    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 16:31:13    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-11-22 16:31:13    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-11-22 16:31:13    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-11-22 16:31:13    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-11-22 16:31:13    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-11-22 16:30:44    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-11-22 16:30:44    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-11-22 16:30:44    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-11-22 16:23:11    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-11-21 21:45:24    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-21 21:16:33    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:07:29    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-04 12:42:02    16024    ----a-w-    c:\windows\system32\drivers\psi_mf_x86.sys
2013-10-30 02:19:52    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 01:27:28    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-10-19 01:36:59    159232    ----a-w-    c:\windows\system32\imagehlp.dll
.
============= FINISH:  9:32:29.45 ===============
 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[WhiteriverSpike]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014
Ran by computer doctor (administrator) on COMPUTERDOCTOR on 12-01-2014 10:02:42
Running from C:\Users\computer doctor\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [bdruninstaller] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-19] (Google Inc.)
HKCU\...\Runonce: [uninstall C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV=
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-01-11]
FF HKLM\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] - C:\Program Files\Soda PDF 5\FFSoda5Ext
FF Extension: No Name - C:\Program Files\Soda PDF 5\FFSoda5Ext [2013-12-06]

Chrome:
=======


CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\computer doctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 [2013-11-26]
CHR HKLM\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\computer doctor\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\computer doctor\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2013-11-26]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\computer doctor\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-26]
CHR HKCU\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\computer doctor\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-11-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [x]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [x]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [x]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [x]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [x]
R1 AFD; \SystemRoot\system32\drivers\afd.sys [x]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [x]
S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [x]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [x]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [x]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [x]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [x]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [x]
S3 AppID; \SystemRoot\system32\drivers\appid.sys [x]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [x]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [x]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [x]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [x]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [x]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [x]
R1 cdrom; \SystemRoot\system32\drivers\cdrom.sys [x]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [x]
S3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [x]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [x]
R3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [x]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [x]
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [x]
R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [x]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [x]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [x]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [x]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [x]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [x]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [x]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x]
S3 HdAudAddService; \SystemRoot\system32\drivers\HdAudio.sys [x]
R3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [x]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [x]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [x]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [x]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [x]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [x]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [x]
S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [x]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [x]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [x]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [x]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [x]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [x]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [x]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [x]
R2 luafv; \SystemRoot\system32\drivers\luafv.sys [x]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [x]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [x]
R3 mouclass; \SystemRoot\system32\drivers\mouclass.sys [x]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [x]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [x]
S3 msahci; \SystemRoot\system32\drivers\msahci.sys [x]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [x]
S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [x]
R1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [x]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [x]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [x]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [x]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [x]
S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [x]
S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [x]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [x]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [x]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [x]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [x]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [x]
S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [x]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [x]
S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [x]
S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [x]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [x]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [x]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [x]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [x]
S3 sisagp; \SystemRoot\system32\drivers\sisagp.sys [x]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [x]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [x]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [x]
R3 swenum; \SystemRoot\system32\drivers\swenum.sys [x]
R1 TermDD; \SystemRoot\system32\drivers\termdd.sys [x]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [x]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [x]
R3 umbus; \SystemRoot\system32\drivers\umbus.sys [x]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [x]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [x]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [x]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [x]
S3 viaagp; \SystemRoot\system32\drivers\viaagp.sys [x]
S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [x]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [x]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [x]
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [x]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [x]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [x]
R1 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [x]
U3 mbr; \??\C:\Users\COMPUT~1\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 10:02 - 2014-01-12 10:02 - 00017460 _____ C:\Users\computer doctor\Desktop\FRST.txt
2014-01-12 10:01 - 2014-01-12 10:01 - 00000000 ____D C:\FRST
2014-01-12 10:00 - 2014-01-12 10:00 - 01219584 _____ (Farbar) C:\Users\computer doctor\Desktop\FRST.exe
2014-01-12 09:32 - 2014-01-12 09:32 - 00015001 _____ C:\Users\computer doctor\Desktop\dds.txt
2014-01-12 09:32 - 2014-01-12 09:32 - 00008402 _____ C:\Users\computer doctor\Desktop\attach.txt
2014-01-12 09:30 - 2014-01-12 09:30 - 00688992 ____R (Swearware) C:\Users\computer doctor\Desktop\dds.scr
2014-01-11 20:34 - 2014-01-11 20:35 - 94744344 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\msert.exe
2014-01-11 20:07 - 2014-01-11 20:07 - 00000000 ____D C:\Users\computer doctor\Desktop\Old Firefox Data
2014-01-11 19:55 - 2014-01-11 19:55 - 00987410 _____ C:\Users\computer doctor\Downloads\SecurityCheck(1).exe
2014-01-11 19:46 - 2014-01-11 19:46 - 00602112 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\OTL(1).exe
2014-01-11 19:43 - 2014-01-12 09:02 - 00000336 _____ C:\Windows\setupact.log
2014-01-11 19:43 - 2014-01-11 19:43 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 18:39 - 2014-01-11 18:39 - 11125072 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\mseinstall(1).exe
2014-01-11 18:30 - 2014-01-11 18:30 - 00448512 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\TFC(1).exe
2014-01-11 16:24 - 2014-01-11 18:28 - 00000000 ____D C:\Windows\Minidump
2014-01-11 15:12 - 2014-01-11 15:47 - 00000000 ____D C:\Users\computer doctor\aldus
2014-01-11 15:04 - 2014-01-11 18:22 - 00000000 ___RD C:\Users\computer doctor\Virtual Machines
2014-01-11 14:52 - 2014-01-11 14:52 - 00000000 ___HT C:\Windows\wusa.lock
2014-01-11 14:51 - 2014-01-11 14:51 - 01528184 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\GenuineCheck.exe
2014-01-11 14:48 - 2014-01-11 14:48 - 16070039 _____ C:\Users\computer doctor\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu
2014-01-11 11:46 - 2014-01-11 11:46 - 00000000 ____D C:\Users\computer doctor\AppData\Local\DOSBox
2014-01-11 11:42 - 2014-01-11 12:18 - 00000000 ____D C:\Program Files\DOSBox-0.74
2014-01-11 11:22 - 2014-01-11 11:22 - 00000000 ____D C:\Windows\pss
2014-01-11 10:28 - 2014-01-11 10:28 - 00000000 ____D C:\Users\computer doctor\Downloads\AMD-VwithRVI_Hyper-V_CompatibilityUtility
2014-01-11 09:00 - 2014-01-11 09:02 - 00183624 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\havdetectiontool.exe
2014-01-10 19:16 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Common Files\Macromedia
2014-01-10 19:14 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Macromedia
2014-01-10 17:15 - 2014-01-10 17:15 - 00043955 _____ C:\Users\computer doctor\Downloads\XPe_3mflp132_v10.zip
2014-01-10 15:38 - 2014-01-10 15:42 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Mobogenie
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\Documents\Mobogenie
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\genienext
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\cache
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\.android
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 _____ C:\Users\computer doctor\daemonprocess.txt
2014-01-10 15:37 - 2014-01-10 15:42 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-10 15:37 - 2014-01-10 15:36 - 00026835 _____ C:\Users\computer doctor\Downloads\BT144.zip
2014-01-10 15:35 - 2014-01-10 15:35 - 00632152 _____ C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe
2013-12-30 18:35 - 2013-12-30 18:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-30 17:28 - 2013-12-30 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 17:27 - 2013-12-30 17:28 - 00000000 ____D C:\Users\computer doctor\Desktop\mbar
2013-12-30 17:27 - 2013-12-30 17:27 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-30 17:26 - 2013-12-30 17:27 - 12582688 _____ (Malwarebytes Corp.) C:\Users\computer doctor\Downloads\mbar-1.07.0.1008.exe
2013-12-28 19:43 - 2013-12-28 19:43 - 00000000 ____D C:\Users\computer doctor\Documents\My Weblog Posts
2013-12-27 18:47 - 2013-12-28 19:51 - 01247056 _____ (Microsoft Corporation) C:\Users\computer doctor\Desktop\wlsetup-web.exe
2013-12-24 10:44 - 2013-12-24 10:44 - 00000000 ____D C:\Users\computer doctor\Desktop\orchid
2013-12-21 13:52 - 2013-12-21 13:57 - 00000000 ____D C:\Users\computer doctor\Desktop\Patrick
2013-12-14 13:05 - 2013-12-12 15:47 - 13107859 _____ C:\Users\Public\Documents\pdf995.zip

==================== One Month Modified Files and Folders =======

2014-01-12 10:02 - 2014-01-12 10:02 - 00017460 _____ C:\Users\computer doctor\Desktop\FRST.txt
2014-01-12 10:01 - 2014-01-12 10:01 - 00000000 ____D C:\FRST
2014-01-12 10:00 - 2014-01-12 10:00 - 01219584 _____ (Farbar) C:\Users\computer doctor\Desktop\FRST.exe
2014-01-12 09:33 - 2013-11-19 16:17 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 09:32 - 2014-01-12 09:32 - 00015001 _____ C:\Users\computer doctor\Desktop\dds.txt
2014-01-12 09:32 - 2014-01-12 09:32 - 00008402 _____ C:\Users\computer doctor\Desktop\attach.txt
2014-01-12 09:30 - 2014-01-12 09:30 - 00688992 ____R (Swearware) C:\Users\computer doctor\Desktop\dds.scr
2014-01-12 09:09 - 2009-07-13 22:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 09:09 - 2009-07-13 22:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 09:05 - 2013-11-19 16:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 09:05 - 2013-11-18 17:27 - 01948061 _____ C:\Windows\WindowsUpdate.log
2014-01-12 09:02 - 2014-01-11 19:43 - 00000336 _____ C:\Windows\setupact.log
2014-01-12 09:02 - 2013-11-19 16:16 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 09:02 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 22:01 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-11 20:35 - 2014-01-11 20:34 - 94744344 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\msert.exe
2014-01-11 20:20 - 2013-12-09 17:55 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\QuickScan
2014-01-11 20:07 - 2014-01-11 20:07 - 00000000 ____D C:\Users\computer doctor\Desktop\Old Firefox Data
2014-01-11 19:55 - 2014-01-11 19:55 - 00987410 _____ C:\Users\computer doctor\Downloads\SecurityCheck(1).exe
2014-01-11 19:52 - 2013-12-07 12:44 - 00049426 _____ C:\Users\computer doctor\Downloads\OTL.Txt
2014-01-11 19:46 - 2014-01-11 19:46 - 00602112 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\OTL(1).exe
2014-01-11 19:43 - 2014-01-11 19:43 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 18:40 - 2013-11-19 10:33 - 00002198 _____ C:\Windows\epplauncher.mif
2014-01-11 18:39 - 2014-01-11 18:39 - 11125072 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\mseinstall(1).exe
2014-01-11 18:30 - 2014-01-11 18:30 - 00448512 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\TFC(1).exe
2014-01-11 18:28 - 2014-01-11 16:24 - 00000000 ____D C:\Windows\Minidump
2014-01-11 18:28 - 2013-11-21 13:03 - 00000000 ____D C:\Users\computer doctor\Tracing
2014-01-11 18:22 - 2014-01-11 15:04 - 00000000 ___RD C:\Users\computer doctor\Virtual Machines
2014-01-11 18:22 - 2013-12-12 16:39 - 00000000 ____D C:\ProgramData\ArcSoft
2014-01-11 18:22 - 2013-12-12 15:17 - 00000000 ____D C:\ProgramData\pdf995
2014-01-11 18:22 - 2013-12-10 21:27 - 00000000 ____D C:\Users\spike.computerdoctor
2014-01-11 18:22 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\wfp
2014-01-11 18:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2014-01-11 16:24 - 2013-11-18 16:51 - 00000000 ____D C:\Users\computer doctor
2014-01-11 15:47 - 2014-01-11 15:12 - 00000000 ____D C:\Users\computer doctor\aldus
2014-01-11 14:52 - 2014-01-11 14:52 - 00000000 ___HT C:\Windows\wusa.lock
2014-01-11 14:51 - 2014-01-11 14:51 - 01528184 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\GenuineCheck.exe
2014-01-11 14:48 - 2014-01-11 14:48 - 16070039 _____ C:\Users\computer doctor\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu
2014-01-11 12:18 - 2014-01-11 11:42 - 00000000 ____D C:\Program Files\DOSBox-0.74
2014-01-11 11:54 - 2013-11-18 16:57 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 11:46 - 2014-01-11 11:46 - 00000000 ____D C:\Users\computer doctor\AppData\Local\DOSBox
2014-01-11 11:22 - 2014-01-11 11:22 - 00000000 ____D C:\Windows\pss
2014-01-11 10:28 - 2014-01-11 10:28 - 00000000 ____D C:\Users\computer doctor\Downloads\AMD-VwithRVI_Hyper-V_CompatibilityUtility
2014-01-11 09:02 - 2014-01-11 09:00 - 00183624 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\havdetectiontool.exe
2014-01-10 19:22 - 2013-11-19 16:20 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\Macromedia
2014-01-10 19:16 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Common Files\Macromedia
2014-01-10 19:16 - 2014-01-10 19:14 - 00000000 ____D C:\Program Files\Macromedia
2014-01-10 19:16 - 2013-12-12 16:38 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-10 17:15 - 2014-01-10 17:15 - 00043955 _____ C:\Users\computer doctor\Downloads\XPe_3mflp132_v10.zip
2014-01-10 17:00 - 2013-11-18 16:51 - 00000000 ____D C:\Users\computer doctor\AppData\Local\VirtualStore
2014-01-10 15:42 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Mobogenie
2014-01-10 15:42 - 2014-01-10 15:37 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\Documents\Mobogenie
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\genienext
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\cache
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\.android
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 _____ C:\Users\computer doctor\daemonprocess.txt
2014-01-10 15:36 - 2014-01-10 15:37 - 00026835 _____ C:\Users\computer doctor\Downloads\BT144.zip
2014-01-10 15:35 - 2014-01-10 15:35 - 00632152 _____ C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe
2014-01-10 13:07 - 2013-11-21 13:17 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\Skype
2014-01-09 16:29 - 2013-11-28 20:56 - 00000420 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2014-01-08 12:32 - 2013-12-08 12:11 - 00000000 ____D C:\Users\computer doctor\Desktop\budget
2014-01-08 12:28 - 2013-12-08 12:12 - 00000000 ____D C:\Users\computer doctor\Desktop\taxes 2013
2014-01-03 13:08 - 2009-07-13 22:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 21:04 - 2013-12-12 17:15 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-12-30 20:59 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-30 18:51 - 2013-12-12 12:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-12-30 18:43 - 2013-12-30 18:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-30 17:52 - 2013-11-27 15:08 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-30 17:28 - 2013-12-30 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 17:28 - 2013-12-30 17:27 - 00000000 ____D C:\Users\computer doctor\Desktop\mbar
2013-12-30 17:27 - 2013-12-30 17:27 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-30 17:27 - 2013-12-30 17:26 - 12582688 _____ (Malwarebytes Corp.) C:\Users\computer doctor\Downloads\mbar-1.07.0.1008.exe
2013-12-30 11:01 - 2013-12-02 08:16 - 00000000 ____D C:\Users\computer doctor\Desktop\corps
2013-12-29 14:24 - 2013-11-24 10:13 - 00000059 _____ C:\Windows\wpd99.drv
2013-12-28 20:09 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-28 19:55 - 2013-11-21 13:16 - 00000000 ____D C:\ProgramData\Skype
2013-12-28 19:55 - 2013-11-21 11:45 - 00000000 ____D C:\Program Files\Windows Live
2013-12-28 19:51 - 2013-12-27 18:47 - 01247056 _____ (Microsoft Corporation) C:\Users\computer doctor\Desktop\wlsetup-web.exe
2013-12-28 19:43 - 2013-12-28 19:43 - 00000000 ____D C:\Users\computer doctor\Documents\My Weblog Posts
2013-12-28 19:43 - 2013-11-21 13:42 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Windows Live Writer
2013-12-27 20:52 - 2013-12-09 20:36 - 00000000 ____D C:\Users\computer doctor\Desktop\plans
2013-12-27 20:25 - 2013-11-21 11:37 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Windows Live
2013-12-24 10:44 - 2013-12-24 10:44 - 00000000 ____D C:\Users\computer doctor\Desktop\orchid
2013-12-21 13:57 - 2013-12-21 13:52 - 00000000 ____D C:\Users\computer doctor\Desktop\Patrick
2013-12-21 11:18 - 2013-11-27 18:20 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 13:36 - 2013-11-28 12:47 - 11796480 ____R C:\Users\Public\Documents\ESBK.mbb
2013-12-20 13:36 - 2013-11-28 12:47 - 06324224 ____R C:\Users\Public\Documents\ESBK.mb
2013-12-14 10:52 - 2013-11-29 23:59 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-13 18:07 - 2013-12-12 16:39 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\ArcSoft

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4092.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 14:08

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2014
Ran by computer doctor at 2014-01-12 10:03:24
Running from C:\Users\computer doctor\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Illustrator 9.0.1 (Version: 9.0.1 - Adobe Systems, Inc.)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe SVG Viewer (Version: 1.0 - Adobe Systems, Inc.)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (Version:  - ArcSoft)
ArcSoft Print Creations (Version: 2.8.255.384 - ArcSoft)
Ask Toolbar (Version: 12.7.0.15 - APN, LLC) <==== ATTENTION
CardRd81 (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (Version: 4.09 - Piriform)
CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
CR2 (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FileParade Bundle (Version: 1.0.0.0 - FileParade Bundle)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4601.54 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (Version:  - Eastman Kodak Company)
Macromedia Dreamweaver MX (Version: 6.0 - Macromedia)
Macromedia Extension Manager (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Pdf995 (Version:  - )
PdfEdit995 (Version:  - )
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
QuickShare (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version:  - )
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9015) (Version: 3.0.0.9015 - Secunia)
SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Restore Points  =========================

09-01-2014 14:58:53 Windows Update
10-01-2014 21:37:48 Installed WeatherBug
10-01-2014 21:42:59 Removed WeatherBug
10-01-2014 22:41:47 Windows Backup
11-01-2014 01:14:36 Installed Dreamweaver MX
11-01-2014 01:16:17 Installed Extension Manager
11-01-2014 16:00:16 Windows Backup
11-01-2014 20:53:06 Windows Update
12-01-2014 03:51:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
12-01-2014 03:58:26 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
12-01-2014 03:58:38 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
12-01-2014 03:59:44 Revo Uninstaller's restore point - Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
12-01-2014 03:59:54 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
12-01-2014 04:00:36 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
12-01-2014 04:00:49 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
12-01-2014 04:02:00 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB954430)
12-01-2014 04:03:55 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB973688)

==================== Hosts content: ==========================

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {125499AD-F98B-4459-8F3A-092E58CE614A} - System32\Tasks\TidyNetwork Update => C:\Users\computer doctor\AppData\Local\TidyNetwork\petnupdate.exe
Task: {2B997118-5CE7-463D-A6E3-F1A3F1C545C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {5D58D39C-255F-49CA-ADC0-39EF64403F65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {5E05F2CB-6643-469A-BAC8-C182980C102E} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16
Task: {86D437D4-F864-4E76-B539-2299C29D1848} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {8CE08E69-86CD-46A5-BAFB-C893563CBBF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D60883AC-82BA-41F6-BBCB-803787606401} - System32\Tasks\{3C27B136-F8B4-4864-8102-FFE0AD4D7708} => C:\pdf995\res\utilities\signature995\signature995.exe
Task: {DD1B01FA-C3CF-47AE-8B90-2A295EFA65C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {EA2A931A-9CB4-4A48-9D57-98D652E2C0F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EFCFA8DF-A22E-4F63-97DF-3D5ACCE7B7D4} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {F147D325-9A25-4FBA-BA75-F6E185C90A11} - System32\Tasks\{0E91789F-9BA1-4099-A940-ACFB3399C43B} => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => rž$ªÕ D‚XE#WŽ¨Fr<
 s$€À €!Þ    'ƒ!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16computer doctor0Ý
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-23 17:24 - 2013-12-12 16:39 - 00406016 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 17:23 - 2013-12-12 16:39 - 00264192 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 17:21 - 2013-12-12 16:39 - 00356352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 17:19 - 2013-12-12 16:39 - 00237568 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 17:38 - 2013-12-12 16:39 - 00234496 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 17:15 - 2013-12-12 16:39 - 00090112 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 17:39 - 2013-12-12 16:39 - 00078848 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 17:11 - 2013-12-12 16:39 - 00062464 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2013-12-12 16:39 - 01564672 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 17:37 - 2013-12-12 16:39 - 00761856 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 17:17 - 2013-12-12 16:39 - 00152576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 18:00 - 2013-12-12 16:39 - 00684032 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:24 - 2013-12-12 16:39 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 17:15 - 2013-12-12 16:39 - 00129536 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 18:55 - 2013-12-12 16:39 - 11503616 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2013-12-12 16:39 - 00782336 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:19 - 2013-12-12 16:39 - 00868352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2013-12-12 16:39 - 00462848 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:19 - 2013-12-12 16:39 - 00155648 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 21:21 - 2013-12-12 16:39 - 00528384 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:20 - 2013-12-12 16:39 - 02236416 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2013-12-12 16:39 - 00847872 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2013-12-12 16:39 - 01396736 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2011-02-23 18:04 - 2013-12-12 16:39 - 00171520 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 17:38 - 2013-12-12 16:39 - 00052224 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 17:36 - 2013-12-12 16:40 - 00143360 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 17:15 - 2013-12-12 16:39 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 15:25 - 2013-12-12 16:39 - 00010240 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 19:02 - 2013-12-12 16:39 - 00339968 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 18:01 - 2013-12-12 16:39 - 00098304 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 18:05 - 2013-12-12 16:39 - 00315392 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 17:55 - 2013-12-12 16:40 - 00688128 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 19:00 - 2013-12-12 16:39 - 00471040 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
2011-02-23 17:16 - 2013-12-12 16:39 - 00044544 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2013-11-21 18:01 - 2013-12-05 13:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:346465CA
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2014 09:19:14 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/11/2014 09:51:35 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1dc041a7-b3b4-4efd-aa31-a5328d874249}

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/12/2014 09:02:05 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (01/11/2014 10:15:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (01/11/2014 10:06:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (01/11/2014 08:56:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/12/2014 09:19:14 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (01/11/2014 09:51:35 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1dc041a7-b3b4-4efd-aa31-a5328d874249}

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3006.49 MB
Available physical RAM: 1808.59 MB
Total Pagefile: 6011.27 MB
Available Pagefile: 4772.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:46.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: (MY BOOK) (Fixed) (Total:74.51 GB) (Free:61.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: A65BA183)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 75 GB) (Disk ID: 8F9C798A)
Partition 1: (Not Active) - (Size=75 GB) - (Type=0C)

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, also give an update on any remaining issues or concerns..

 

Kevin...

 

Fixlist.txt

[WhiteriverSpike]

# AdwCleaner v3.017 - Report created 12/01/2014 at 11:35:16
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : computer doctor - COMPUTERDOCTOR
# Running from : C:\Users\computer doctor\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\computer doctor\AppData\Local\emaze
Folder Deleted : C:\Users\computer doctor\AppData\Local\genienext
Folder Deleted : C:\Users\computer doctor\AppData\Local\Mobogenie
Folder Deleted : C:\Users\computer doctor\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software\Video-Saver-1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794\prefs.js ]


[ File : C:\Users\spike.computerdoctor\AppData\Roaming\Mozilla\Firefox\Profiles\qiuyq0os.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\computer doctor\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

[ File : C:\Users\spike.computerdoctor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2340 octets] - [12/01/2014 11:27:23]
AdwCleaner[s0].txt - [2142 octets] - [12/01/2014 11:35:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2202 octets] ##########

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.12.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
computer doctor :: COMPUTERDOCTOR [administrator]

Protection: Enabled

1/12/2014 11:47:47 AM
mbam-log-2014-01-12 (11-47-47).txt

Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 378024
Time elapsed: 1 hour(s), 16 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Looks like everything is good! Only remaining question: in system configuration under the start up tab are four entries,

ConduitFloati...  Unknown     C:\Windows\s...   HKCU\SOFTWARE\M

 

I unchecked the boxes on all four. Since then the four dialog boxes indicating TBVerifier.dll no longer show up when starting up.
 

[kevinf80]

Download and install CCleaner from here: http://www.piriform.com/ccleaner/builds Make sure to opt for the "Slim version" that will have no toolbar additions.

 

When CCLeaner is installed run that program, Select > Tools > Start up > Windows tab. That will show the startup entries for Windows. If you look to the bottom righthand corner click on "Save to text file" select and save that file, post in next log.

[WhiteriverSpike]

No    HKCU:Run    ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3311875\plugins\TBVerifier.dll",RunConduitFloatingPlugin blklojfklgnogjaijkibhfjepakiocng
No    HKCU:Run    ConduitFloatingPlugin_jonjajmpblmjkhjemkalbddhodlehkfg    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3153924\plugins\TBVerifier.dll",RunConduitFloatingPlugin jonjajmpblmjkhjemkalbddhodlehkfg
No    HKCU:Run    ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3287811\plugins\TBVerifier.dll",RunConduitFloatingPlugin jpkgnchjblgnciiopegmabnakdoapgkj
No    HKCU:Run    ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil
Yes    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Yes    HKCU:Run    swg    Google Inc.    "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes    HKCU:RunOnce    Uninstall C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    ArcSoft Connection Service    ArcSoft Inc.    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes    HKLM:Run    bdruninstaller        "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
Yes    HKLM:Run    MSC    Microsoft Corporation    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    RtHDVCpl.exe
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes    Startup Common    Adobe Gamma Loader.lnk    Adobe Systems, Inc.    C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes    Startup Common    Kodak EasyShare software.lnk    Eastman Kodak Company    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Yes    Startup Common    Secunia PSI Tray.lnk    Secunia    C:\Program Files\Secunia\PSI\psi_tray.exe
 

[kevinf80]

Run CCleaner again, select tools > start up > windows tab. Select and highlight each of the following in turn, then from the righthand pane selet Delete

No    HKCU:Run    ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3311875\plugins\TBVerifier.dll",RunConduitFloatingPlugin blklojfklgnogjaijkibhfjepakiocng
No    HKCU:Run    ConduitFloatingPlugin_jonjajmpblmjkhjemkalbddhodlehkfg    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3153924\plugins\TBVerifier.dll",RunConduitFloatingPlugin jonjajmpblmjkhjemkalbddhodlehkfg
No    HKCU:Run    ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3287811\plugins\TBVerifier.dll",RunConduitFloatingPlugin jpkgnchjblgnciiopegmabnakdoapgkj
No    HKCU:Run    ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil    Microsoft Corporation    "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3306061\plugins

Next,
 
Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied

Reboot your PC let me know how it responds, if any issues remain....
 

[WhiteriverSpike]

Don't see conduit anywhere! Startup is a little slower that prior to the .dll problems but, maybe I can do some housekeeping and speed things up unless you have something specific I can try.

[kevinf80]

Run CCleaner again select > tools > start up > windows tab. The following entries can be highlighted then select Disable from righthand pane. They can easily be manually started any time you need to use them, stopping a boot start might help with start up speed...

 

Yes    HKCU:Run    swg    Google Inc.    "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes    HKCU:RunOnce    Uninstall C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    bdruninstaller        "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes    Startup Common    Adobe Gamma Loader.lnk    Adobe Systems, Inc.    C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes    Startup Common    Kodak EasyShare software.lnk    Eastman Kodak Company    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Yes    Startup Common    Secunia PSI Tray.lnk    Secunia    C:\Program Files\Secunia\PSI\psi_tray.exe
 

If you want to put them back is easy to open like above and this time select Enable

 

Let me know if that helps, also if any remaining issues?

[WhiteriverSpike]

Helped some, think I'll disable Skype to, never use it so why not?  I think we're good Kevin, appreciate your time and all your expert advise. I'll save all your replys, never know when I might need them again.

Thank You

JP

[kevinf80]

You`re very welcome,

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin....

[WhiteriverSpike]

C:\Program Files\Uninstaller\Uninstall.exe    a variant of MSIL/DomaIQ.A application
C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe    a variant of Win32/CNETInstaller.B application
C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe    a variant of Win32/InstallCore.DN application
C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy application
C:\Users\computer doctor\Downloads\pdfconverter-setup.exe    Win32/DownloadAdmin.G application
C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe    Win32/Systweak.B application
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe    Win32/Systweak.B application
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe    Win32/Systweak.B application
 

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9015)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[WhiteriverSpike]

C:\Program Files\Uninstaller\Uninstall.exe    a variant of MSIL/DomaIQ.A application
C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe    a variant of Win32/CNETInstaller.B application
C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe    a variant of Win32/InstallCore.DN application
C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy application
C:\Users\computer doctor\Downloads\pdfconverter-setup.exe    Win32/DownloadAdmin.G application
C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe    Win32/Systweak.B application
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe    Win32/Systweak.B application
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe    Win32/Systweak.B application
 

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
  
  

  :FilesC:\Program Files\UninstallerC:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exeC:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exeC:\Users\computer doctor\Downloads\KeyFinderInstaller.exeC:\Users\computer doctor\Downloads\pdfconverter-setup.exe    C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exeC:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exeC:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Post otm log, also let me know if there any remaining issues or concerns...

 

Kevin

[WhiteriverSpike]

All processes killed
========== FILES ==========
C:\Program Files\Uninstaller folder moved successfully.
C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe moved successfully.
C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe moved successfully.
C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe moved successfully.
C:\Users\computer doctor\Downloads\pdfconverter-setup.exe moved successfully.
C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe moved successfully.
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe moved successfully.
C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: computer doctor
->Temp folder emptied: 2156774 bytes
->Temporary Internet Files folder emptied: 17767942 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62895670 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 990 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: spike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: spike.computerdoctor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31594 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 30208 bytes
 
Total Files Cleaned = 79.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01132014_143205

Files moved on Reboot...
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

No more issues that I'm aware of!

[kevinf80]

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

•   Please close all open programs and internet browsers.
  
•   Double click on adwcleaner.exe to run the tool.
  
•   Click on Uninstall
  
• Click Yes at Would you like to Uninstall Adwcleaner
  

 

Next,

 

• 
  

Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
     
• Activate UAC
     
• Remove disinfection tools
     
• Purge System Restore
     
• Reset system settings
  

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know if those steps complete OK, if no remaining issues are we ok to close out..

 

Kevin

 

Fixlist.txt

[WhiteriverSpike]

I believe everything is clean. I'll save everything we did in a file somewhere just in case this comes up again.

Sincerely appreciate your time and expertise.

JP

[kevinf80]

You`re very welcome, read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!