Broadcasts playing on computer with no applications open

sbgboc926 · January 15, 2014

I can't seem to get rid of whatever has a hold of my computer. Your base product removed something, but apparently not this. I'll buy Pro this Friday, but in the meantime, any ideas? Here is the DDS, followed by the Attach.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2

Run by Jacobs at 13:29:12 on 2014-01-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.920 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Jacobs\Downloads\RogueKiller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wermgr.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, enhanced for Bing and MSN

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log

uRunOnce: [uninstall c:\users\jacobs\appdata\local\microsoft\skydrive\16.4.6013.0910] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\jacobs\appdata\local\microsoft\skydrive\16.4.6013.0910"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: skillport.com

Trusted Zone: skillswa.com

Trusted Zone: turbotax.com

TCP: NameServer = 192.168.1.1 184.16.33.54

TCP: Interfaces\{3C50B9E1-AD13-48C6-93AA-C3EDCB885613} : DHCPNameServer = 192.168.1.1 184.16.33.54

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jacobs\appdata\roaming\mozilla\firefox\profiles\oz0m7zrw.default\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\jacobs\appdata\roaming\mozilla\plugins\npatgpc.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - ExtSQL: 2014-01-15 12:41; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\jacobs\appdata\roaming\mozilla\firefox\profiles\oz0m7zrw.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.dfltSrch - true

FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial

FF - user.js: extensions.mysearchdial.dnsErr - true

FF - user.js: extensions.mysearchdial_i.newTab - false

FF - user.js: extensions.mysearchdial.id - 00188B6418E055FA

FF - user.js: extensions.mysearchdial.instlDay - 16072

FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0

FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0

FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.012:38:29

FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial

FF - user.js: extensions.mysearchdial.prdct - mysearchdial

FF - user.js: extensions.mysearchdial.aflt - dnldstr0101

FF - user.js: extensions.mysearchdial_i.smplGrp - none

FF - user.js: extensions.mysearchdial.tlbrId - base

FF - user.js: extensions.mysearchdial.instlRef -

FF - user.js: extensions.mysearchdial.dfltLng -

FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

FF - user.js: extensions.mysearchdial.excTlbr - false

FF - user.js: extensions.mysearchdial_i.hmpg - true

FF - user.js: extensions.mysearchdial.cr - 1706458619

FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzzzz0ByCyEtCzz0EtDyDyD0F0AtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

FF - user.js: extensions.irmysearch.aflt - dnldstr0101

FF - user.js: extensions.irmysearch.instlRef -

FF - user.js: extensions.irmysearch.cr - 1706458619

FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzzzz0ByCyEtCzz0EtDyDyD0F0AtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104768]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-24 22856]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-6-16 49664]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

.

=============== Created Last 30 ================

.

2014-01-15 21:15:22 26624 ----a-w- c:\windows\system32\TrueSight.sys

2014-01-15 21:14:38 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{485e1644-817c-48e3-910e-8008fd5949b6}\offreg.dll

2014-01-15 20:44:48 -------- d-----w- c:\users\jacobs\appdata\local\Macromedia

2014-01-15 04:52:15 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{485e1644-817c-48e3-910e-8008fd5949b6}\mpengine.dll

2014-01-15 03:46:42 -------- d-----w- c:\program files\common files\Intuit

2014-01-15 03:45:51 -------- d-----w- c:\program files\TurboTax

2014-01-15 03:45:33 -------- d-----w- c:\programdata\Intuit

2014-01-02 22:04:48 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2014-01-02 20:39:00 -------- d-----w- c:\program files\Mobogenie

2014-01-01 01:12:49 -------- d-----w- c:\users\jacobs\.android

2014-01-01 01:12:45 -------- d-----w- c:\users\jacobs\appdata\local\cache

2014-01-01 01:12:42 -------- d-----w- c:\users\jacobs\appdata\local\Mobogenie

2014-01-01 01:12:42 -------- d-----w- c:\users\jacobs\appdata\local\genienext

2013-12-21 06:04:22 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2014-01-04 02:46:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-04 02:46:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll

2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll

2013-10-30 01:27:28 2349056 ----a-w- c:\windows\system32\win32k.sys

2013-10-19 01:36:59 159232 ----a-w- c:\windows\system32\imagehlp.dll

.

============= FINISH: 13:35:35.72 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 6/2/2013 8:43:02 PM

System Uptime: 1/15/2014 12:57:17 PM (1 hours ago)

.

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | Socket M2 | 2300/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 52.89 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.733 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.06)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

D3DX10

Google Chrome

Google Update Helper

iCloud

iTunes

Java 7 Update 45

Java Auto Updater

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Movie Maker

Mozilla Firefox 25.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

Nike+ Connect

Photo Common

Photo Gallery

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WD SmartWare

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

kevinf80 · January 15, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin.....

AdvancedSetup · January 21, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

AdvancedSetup · February 9, 2014

Topic reopened per user request.

sbgboc926 · February 9, 2014

I ran the Farbar tool and pasted in the first.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014

Ran by Jacobs (administrator) on JACOBS-PC on 08-02-2014 15:29:02

Running from C:\Users\Jacobs\Downloads

Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [Nike+ Connect] - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-10-25] (Nike)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\Run: [LiveSupport] - "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\MountPoints2: {e1868d8a-cbf2-11e2-b9da-806e6f6e6963} - E:\TurboTax_Promotional_CD.exe

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\MountPoints2: {e1868d90-cbf2-11e2-b9da-806e6f6e6963} - "J:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchere.info/?l=1&q={searchTerms}&pid=1182&r=2013/10/10&hid=16820953567208325588&lg=EN&cc=US&unqvl=37

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=hEtgINVj9ngolOVmgwtMyLwvamA?q={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54

FireFox:

========

FF ProfilePath: C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default

FF user.js: detected! => C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\user.js

FF DefaultSearchEngine: Mysearchdial

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\searchplugins\Mysearchdial.xml

FF Extension: MySearchDial NewTab - C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-15]

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-04]

CHR Extension: (Google Drive) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]

CHR Extension: (YouTube) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-04]

CHR Extension: (Google Search) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-04]

CHR Extension: (iCloud Bookmarks) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-21]

CHR Extension: (Pin It Button) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-06-13]

CHR Extension: (DownLoaDD Keeper) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdngfkodclphbedlpkbfofbmhcnjkah [2013-10-09]

CHR Extension: (Playtopus) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncogfefdmipecdllelajldgkjnjcadfi [2013-06-23]

CHR Extension: (Google Wallet) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Jacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-04]

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)

R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

U3 TrueSight; \??\ [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-08 15:34 - 2014-02-08 15:35 - 00065536 ___HT () C:\Users\Jacobs\Downloads\~Kathy Main backup.pst.tmp

2014-02-08 15:29 - 2014-02-08 15:32 - 00011613 _____ () C:\Users\Jacobs\Downloads\FRST.txt

2014-02-08 15:28 - 2014-02-08 15:29 - 00000000 ____D () C:\FRST

2014-02-08 15:26 - 2014-02-08 15:27 - 01136640 _____ (Farbar) C:\Users\Jacobs\Downloads\FRST.exe

2014-02-08 15:15 - 2014-02-08 15:15 - 00000000 ____D () C:\94d0fbc3a33559e45a0718edea

2014-01-22 19:53 - 2014-01-22 19:53 - 00144904 _____ () C:\Windows\Minidump\012214-19297-01.dmp

2014-01-15 13:36 - 2014-01-15 13:36 - 00007085 _____ () C:\Users\Jacobs\Desktop\attach.txt

2014-01-15 13:36 - 2014-01-15 13:35 - 00014155 _____ () C:\Users\Jacobs\Desktop\dds.txt

2014-01-15 13:27 - 2014-01-15 13:28 - 00688992 ____R (Swearware) C:\Users\Jacobs\Downloads\dds.scr

2014-01-15 13:18 - 2014-01-15 13:18 - 00002774 _____ () C:\Users\Jacobs\Desktop\RKreport[0]_S_01152014_131848.txt

2014-01-15 13:14 - 2014-01-15 13:42 - 00000000 ____D () C:\Users\Jacobs\Desktop\RK_Quarantine

2014-01-15 13:14 - 2014-01-15 13:14 - 03809280 _____ () C:\Users\Jacobs\Downloads\RogueKiller.exe

2014-01-15 12:44 - 2014-01-15 12:44 - 00000000 ____D () C:\Users\Jacobs\AppData\Local\Macromedia

2014-01-14 19:46 - 2014-01-14 19:46 - 00000000 ____D () C:\Program Files\Common Files\Intuit

2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 ____D () C:\ProgramData\Intuit

2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 ____D () C:\Program Files\TurboTax

2014-01-14 19:40 - 2014-01-14 19:41 - 94341104 _____ () C:\Users\Jacobs\Downloads\w_turbotax_1040_dlx_2013.060.0100.exe

2014-01-13 20:09 - 2014-01-13 20:09 - 00000000 ____D () C:\ProgramData\Skype

2014-01-13 20:08 - 2014-01-13 20:08 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Jacobs\Downloads\SkypeSetup (1).exe

2014-01-12 17:19 - 2014-01-12 17:19 - 00000000 _____ () C:\Users\Jacobs\Downloads\3915 (1).pdfpage

2014-01-12 17:17 - 2014-01-12 17:17 - 00000000 _____ () C:\Users\Jacobs\Downloads\3915.pdfpage

==================== One Month Modified Files and Folders =======

2014-02-08 15:35 - 2014-02-08 15:34 - 00065536 ___HT () C:\Users\Jacobs\Downloads\~Kathy Main backup.pst.tmp

2014-02-08 15:33 - 2013-06-08 17:21 - 652928000 _____ () C:\Users\Jacobs\Downloads\Kathy Main backup.pst

2014-02-08 15:32 - 2014-02-08 15:29 - 00011613 _____ () C:\Users\Jacobs\Downloads\FRST.txt

2014-02-08 15:32 - 2013-06-02 18:14 - 01606727 _____ () C:\Windows\WindowsUpdate.log

2014-02-08 15:29 - 2014-02-08 15:28 - 00000000 ____D () C:\FRST

2014-02-08 15:27 - 2014-02-08 15:26 - 01136640 _____ (Farbar) C:\Users\Jacobs\Downloads\FRST.exe

2014-02-08 15:23 - 2009-07-13 20:34 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-08 15:23 - 2009-07-13 20:34 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-08 15:19 - 2013-09-21 08:52 - 00000000 ____D () C:\Users\Jacobs\AppData\Local\729BAEAB-B09F-4932-A8DC-E2C85CA8F0A6.aplzod

2014-02-08 15:16 - 2013-06-04 07:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-08 15:16 - 2010-11-20 13:48 - 00031522 _____ () C:\Windows\PFRO.log

2014-02-08 15:16 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-08 15:16 - 2009-07-13 20:39 - 00036771 _____ () C:\Windows\setupact.log

2014-02-08 15:16 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-02-08 15:15 - 2014-02-08 15:15 - 00000000 ____D () C:\94d0fbc3a33559e45a0718edea

2014-02-08 15:14 - 2013-12-31 17:12 - 00000000 ____D () C:\Users\Jacobs\AppData\Local\genienext

2014-02-08 15:10 - 2013-06-04 07:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-08 14:47 - 2013-06-24 11:54 - 00001065 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-08 14:47 - 2013-06-24 11:54 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-02-08 14:47 - 2010-11-20 13:01 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-08 14:46 - 2013-06-04 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-22 19:53 - 2014-01-22 19:53 - 00144904 _____ () C:\Windows\Minidump\012214-19297-01.dmp

2014-01-22 19:53 - 2013-06-07 02:05 - 248292580 _____ () C:\Windows\MEMORY.DMP

2014-01-22 19:53 - 2013-06-07 02:05 - 00000000 ____D () C:\Windows\Minidump

2014-01-18 23:32 - 2013-06-02 18:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-16 15:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-15 14:04 - 2013-06-04 07:19 - 00000000 ____D () C:\Program Files\Google

2014-01-15 13:42 - 2014-01-15 13:14 - 00000000 ____D () C:\Users\Jacobs\Desktop\RK_Quarantine

2014-01-15 13:36 - 2014-01-15 13:36 - 00007085 _____ () C:\Users\Jacobs\Desktop\attach.txt

2014-01-15 13:35 - 2014-01-15 13:36 - 00014155 _____ () C:\Users\Jacobs\Desktop\dds.txt

2014-01-15 13:28 - 2014-01-15 13:27 - 00688992 ____R (Swearware) C:\Users\Jacobs\Downloads\dds.scr

2014-01-15 13:18 - 2014-01-15 13:18 - 00002774 _____ () C:\Users\Jacobs\Desktop\RKreport[0]_S_01152014_131848.txt

2014-01-15 13:14 - 2014-01-15 13:14 - 03809280 _____ () C:\Users\Jacobs\Downloads\RogueKiller.exe

2014-01-15 13:09 - 2014-01-02 11:38 - 00000090 _____ () C:\Windows\system32\ldywz.gvh

2014-01-15 13:01 - 2013-06-04 07:19 - 00000000 ____D () C:\Users\Jacobs\AppData\Local\Google

2014-01-15 12:44 - 2014-01-15 12:44 - 00000000 ____D () C:\Users\Jacobs\AppData\Local\Macromedia

2014-01-14 20:26 - 2009-07-13 20:33 - 00409752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-14 20:11 - 2013-06-02 19:53 - 00109280 _____ () C:\Users\Jacobs\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-14 19:46 - 2014-01-14 19:46 - 00000000 ____D () C:\Program Files\Common Files\Intuit

2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 ____D () C:\ProgramData\Intuit

2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 ____D () C:\Program Files\TurboTax

2014-01-14 19:41 - 2014-01-14 19:40 - 94341104 _____ () C:\Users\Jacobs\Downloads\w_turbotax_1040_dlx_2013.060.0100.exe

2014-01-14 19:31 - 2008-07-21 12:50 - 00019968 _____ () C:\Users\Jacobs\Documents\AKA Weight Chart.xlsx

2014-01-13 20:09 - 2014-01-13 20:09 - 00000000 ____D () C:\ProgramData\Skype

2014-01-13 20:08 - 2014-01-13 20:08 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Jacobs\Downloads\SkypeSetup (1).exe

2014-01-12 17:19 - 2014-01-12 17:19 - 00000000 _____ () C:\Users\Jacobs\Downloads\3915 (1).pdfpage

2014-01-12 17:17 - 2014-01-12 17:17 - 00000000 _____ () C:\Users\Jacobs\Downloads\3915.pdfpage

Some content of TEMP:

====================

C:\Users\Jacobs\AppData\Local\Temp\32433uninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\96204uninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Jacobs\AppData\Local\Temp\jreInstall.exe

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_update.exe

C:\Users\Jacobs\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Jacobs\AppData\Local\Temp\ose00000.exe

C:\Users\Jacobs\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\Sqlite3.dll

C:\Users\Jacobs\AppData\Local\Temp\temp0NikeConnectconnect5pcupdate.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll

[2010-11-20 13:29] - [2010-11-20 13:29] - 0377344 ____A (Microsoft Corporation) 0A9FE7B73BDE3066296B547EF13797AF

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 00:33

==================== End Of Log ============================

sbgboc926 · February 9, 2014

The following is the other log file Farbar creates:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014

Ran by Jacobs at 2014-02-08 15:36:35

Running from C:\Users\Jacobs\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (Version: 2.1.3.127 - Apple Inc.)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Google Chrome (Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

iCloud (Version: 3.0.2.163 - Apple Inc.)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 45 (Version: 7.0.450 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1 - Mozilla)

Mozilla Maintenance Service (Version: 25.0.1 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden

Nike+ Connect (Version: 6.1.6 - Nike)

Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

QuickTime (Version: 7.74.80.86 - Apple Inc.)

Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)

WD SmartWare (Version: 1.2.0.8 - Western Digital)

Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points =========================

19-11-2013 11:00:20 Windows Update

23-11-2013 07:45:29 Windows Update

27-11-2013 03:09:50 Windows Update

30-11-2013 19:07:05 Windows Update

04-12-2013 02:49:58 Windows Update

07-12-2013 21:43:58 Windows Update

11-12-2013 11:00:25 Windows Update

13-12-2013 11:00:31 Windows Update

17-12-2013 02:32:35 Windows Update

20-12-2013 21:14:49 Windows Update

24-12-2013 00:17:08 Windows Update

27-12-2013 23:24:17 Windows Update

31-12-2013 19:37:37 Windows Update

02-01-2014 18:59:21 Windows Modules Installer

02-01-2014 19:08:08 Windows Modules Installer

03-01-2014 11:01:03 Windows Update

04-01-2014 11:01:01 Windows Update

05-01-2014 11:00:59 Windows Update

06-01-2014 11:00:58 Windows Update

07-01-2014 11:00:57 Windows Update

08-01-2014 11:00:58 Windows Update

09-01-2014 11:00:59 Windows Update

10-01-2014 11:00:58 Windows Update

11-01-2014 11:00:59 Windows Update

12-01-2014 11:00:59 Windows Update

13-01-2014 11:00:58 Windows Update

14-01-2014 11:00:58 Windows Update

15-01-2014 04:41:04 Windows Update

16-01-2014 11:01:14 Windows Update

23-01-2014 11:01:17 Windows Update

26-01-2014 11:01:07 Windows Update

01-02-2014 11:01:02 Windows Update

03-02-2014 11:01:06 Windows Update

07-02-2014 11:01:06 Windows Update

08-02-2014 11:00:57 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17ABE79C-7892-42C2-B349-29F138B8EF91} - System32\Tasks\{D6C82264-6900-4417-AA1E-9A820354BB09} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603

Task: {281C1559-C42A-4862-A1CC-BE4B49267AD1} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)

Task: {52FFB077-E534-4E20-8519-FE3E262AD3BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)

Task: {71683C3A-77E6-450D-B979-6EF6CB956FC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {82794A2A-D7B5-43B8-B9A9-1988886F7C00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)

Task: {E6AE5996-2781-4F4C-8B3B-771D835F9DBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

2009-07-29 15:24 - 2009-07-29 15:24 - 00504293 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL

2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2013-12-05 07:21 - 2013-12-03 18:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 07:21 - 2013-12-03 18:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 07:21 - 2013-12-03 18:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 07:21 - 2013-12-03 18:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 07:21 - 2013-12-03 18:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/08/2014 03:18:09 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:27:48 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3672076

Error: (02/07/2014 09:27:48 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3672076

Error: (02/07/2014 09:27:48 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/07/2014 03:03:14 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 30158020

Error: (02/07/2014 03:03:14 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 30158020

Error: (02/07/2014 03:03:14 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/07/2014 03:02:58 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 30142123

Error: (02/07/2014 03:02:58 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 30142123

Error: (02/07/2014 03:02:58 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (02/08/2014 03:16:50 PM) (Source: Service Control Manager) (User: )

Description: The Power service terminated with the following error:

%%4203

Error: (02/08/2014 03:15:28 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 03:15:28 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:36:45 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 109.61.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:36:45 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:36:45 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:36:45 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:26:46 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 109.61.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:26:46 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/08/2014 02:26:46 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.1926.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 52%

Total physical RAM: 3326.49 MB

Available physical RAM: 1596.14 MB

Total Pagefile: 6651.27 MB

Available Pagefile: 4628.71 MB

Total Virtual: 2047.88 MB

Available Virtual: 1903.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:51.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.73 GB) NTFS

Drive e: (TurboTax Promo) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Drive j: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF

Drive k: () (Removable) (Total:1.91 GB) (Free:1.89 GB) FAT

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 28000000)

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 5.

========================================================

Disk: 6 (Size: 2 GB) (Disk ID: 91F72D24)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

kevinf80 · February 9, 2014

Run FRST one more time:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

sbgboc926 · February 9, 2014

A couple of notes before I paste in the log. I ran anti-rootkit and it found trojan.zekos.patchedw71. Prior to removing that, svchost.exe was trying to run on different outbound ports on my computer, and now that seems to have stopped, but I would like to make sure it's all clean now. See below and thanks!

Farbar Recovery Scan Tool (x86) Version: 07-02-2014

Ran by Jacobs at 2014-02-08 20:38:21

Running from C:\Users\Jacobs\Downloads

Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll

[2009-09-12 06:45] - [2009-04-10 22:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll

[2009-04-17 16:15] - [2009-03-02 20:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll

[2009-04-17 16:15] - [2009-03-02 20:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll

[2008-09-21 10:39] - [2008-01-18 23:36] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

[2009-04-17 16:15] - [2009-03-02 20:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll

[2009-04-17 16:15] - [2009-03-02 20:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll

[2006-11-02 00:50] - [2006-11-02 01:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

C:\Windows.old\Windows\System32\rpcss.dll

[2009-09-12 06:45] - [2009-04-10 22:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll

[2010-11-20 13:29] - [2010-11-20 13:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

C:\Windows\System32\rpcss.dll

[2010-11-20 13:29] - [2010-11-20 13:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

=== End Of Search ===

kevinf80 · February 9, 2014

Whatever security program you ran has replaced the patched file rpcss.dll as below....

C:\Windows\system32\rpcss.dll

[2010-11-20 13:29] - [2010-11-20 13:29] - 0377344 ____A (Microsoft Corporation) 0A9FE7B73BDE3066296B547EF13797AF <--- old version with

C:\Windows\System32\rpcss.dll

[2010-11-20 13:29] - [2010-11-20 13:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF <--- new version

Obviously whatever requested logs you previously posted are also no good due to current system changes. If you wish to continue FRST will have to be re-run and fresh logs posted....

When FRST is run a second time Addition.txt will not be produced, to do that make sure "Addition.txt" is checked under Optional scan...

Kevin

sbgboc926 · February 9, 2014

Hi and thanks for the reply. I reran these and the new logs are attached.

Addition.txt

FRST.txt

kevinf80 · February 9, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log.

Let me see those logs in next reply, also give an update on any remaining issues or concerns...

Kevin

fixlist.txt

sbgboc926 · February 9, 2014

Ran First fix and the following is the log filg. Going to the next step now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-02-2014 02

Ran by Jacobs at 2014-02-09 13:20:25 Run:1

Running from C:\Users\Jacobs\Downloads

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

C:\Program Files\Mobogenie

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\MountPoints2: {e1868d8a-cbf2-11e2-b9da-806e6f6e6963} - E:\TurboTax_Promotional_CD.exe

HKU\S-1-5-21-597872920-48966220-2225335674-1000\...\MountPoints2: {e1868d90-cbf2-11e2-b9da-806e6f6e6963} - "J:\WD SmartWare.exe" autoplay=true

SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchere.info/?l=1&q={searchTerms}&pid=1182&r=2013/10/10&hid=16820953567208325588&lg=EN&cc=US&unqvl=37

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=hEtgINVj9ngolOVmgwtMyLwvamA?q={searchTerms}

FF DefaultSearchEngine: Mysearchdial

FF Extension: MySearchDial NewTab - C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-15]

U3 TrueSight; \??\ [X]

C:\Windows\system32\ldywz.gvh

C:\Users\Jacobs\AppData\Local\Temp\32433uninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\96204uninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Jacobs\AppData\Local\Temp\jreInstall.exe

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_update.exe

C:\Users\Jacobs\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Jacobs\AppData\Local\Temp\ose00000.exe

C:\Users\Jacobs\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Jacobs\AppData\Local\Temp\Sqlite3.dll

C:\Users\Jacobs\AppData\Local\Temp\temp0NikeConnectconnect5pcupdate.exe

End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.

C:\Program Files\Mobogenie => Moved successfully.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1868d8a-cbf2-11e2-b9da-806e6f6e6963} => Key not found.

HKCR\CLSID\{e1868d8a-cbf2-11e2-b9da-806e6f6e6963} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1868d90-cbf2-11e2-b9da-806e6f6e6963} => Key not found.

HKCR\CLSID\{e1868d90-cbf2-11e2-b9da-806e6f6e6963} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.

Firefox DefaultSearchEngine deleted successfully.

C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} => Moved successfully.

TrueSight => Service deleted successfully.

C:\Windows\system32\ldywz.gvh => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\32433uninstall.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\96204uninstall.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\jreInstall.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\LiveSupport_update.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\Sqlite3.dll => Moved successfully.

C:\Users\Jacobs\AppData\Local\Temp\temp0NikeConnectconnect5pcupdate.exe => Moved successfully.

==== End of Fixlog ====

sbgboc926 · February 9, 2014

Hi there and thanks again for the assistance! I ran the Adwcleaner and the following is the log file. Most all of this looks like garbage - do you agree?

# AdwCleaner v3.018 - Report created 09/02/2014 at 13:23:39

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Jacobs - JACOBS-PC

# Running from : C:\Users\Jacobs\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END

File Found : C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\searchplugins\Mysearchdial.xml

File Found : C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\user.js

Folder Found C:\Program Files\WebSearch

Folder Found C:\ProgramData\apn

Folder Found C:\ProgramData\DownLoaDD Keeper

Folder Found C:\Users\Jacobs\AppData\Local\Wajam

Folder Found C:\Users\Jacobs\AppData\LocalLow\Mysearchdial

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Jacobs\AppData\Roaming\Mozilla\Firefox\Profiles\oz0m7zrw.default\prefs.js ]

Line Found : user_pref("extensions.mysearchdial.aflt", "dnldstr0101");

Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzzzz0ByCyEtCzz0EtDyDyD0F0AtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

Line Found : user_pref("extensions.mysearchdial.cr", "1706458619");

Line Found : user_pref("extensions.mysearchdial.dfltLng", "");

Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Found : user_pref("extensions.mysearchdial.dnsErr", true);

Line Found : user_pref("extensions.mysearchdial.excTlbr", false);

Line Found : user_pref("extensions.mysearchdial.hmpg", true);

Line Found : user_pref("extensions.mysearchdial.id", "00188B6418E055FA");

Line Found : user_pref("extensions.mysearchdial.instlDay", "16072");

Line Found : user_pref("extensions.mysearchdial.instlRef", "");

Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Found : user_pref("extensions.mysearchdial_i.newTab", false);

Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.012:38:29");

kevinf80 · February 9, 2014

Yep remove all of those AdwCleaner "found" entries then continue with other steps...

sbgboc926 · February 9, 2014

Junkware Removal Tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Professional x86

Ran by Jacobs on Sun 02/09/2014 at 13:33:06.18

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\livesupport

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1A2AEAE1-DE30-4782-BAB0-6487A42FE393}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\w3i"

Successfully deleted: [Folder] "C:\Users\Jacobs\appdata\local\filetypeassistant"

Successfully deleted: [Folder] "C:\Users\Jacobs\appdata\local\wajam"

Successfully deleted: [Folder] "C:\Users\Jacobs\appdata\locallow\mysearchdial"

Successfully deleted: [Folder] "C:\Program Files\searchdonkey"

Successfully deleted: [Folder] "C:\Program Files\w3i"

Successfully deleted: [Folder] "C:\Program Files\websearch"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Jacobs\AppData\Roaming\mozilla\firefox\profiles\oz0m7zrw.default\user.js

Successfully deleted: [File] C:\Users\Jacobs\AppData\Roaming\mozilla\firefox\profiles\oz0m7zrw.default\searchplugins\mysearchdial.xml

Successfully deleted the following from C:\Users\Jacobs\AppData\Roaming\mozilla\firefox\profiles\oz0m7zrw.default\prefs.js

user_pref("extensions.mysearchdial.aflt", "dnldstr0101");

user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzzzz0ByCyEtCzz0EtDyDyD0F0AtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

user_pref("extensions.mysearchdial.cr", "1706458619");

user_pref("extensions.mysearchdial.dfltLng", "");

user_pref("extensions.mysearchdial.dfltSrch", true);

user_pref("extensions.mysearchdial.dnsErr", true);

user_pref("extensions.mysearchdial.excTlbr", false);

user_pref("extensions.mysearchdial.hmpg", true);

user_pref("extensions.mysearchdial.id", "00188B6418E055FA");

user_pref("extensions.mysearchdial.instlDay", "16072");

user_pref("extensions.mysearchdial.instlRef", "");

user_pref("extensions.mysearchdial.prdct", "mysearchdial");

user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

user_pref("extensions.mysearchdial.tlbrId", "base");

user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

user_pref("extensions.mysearchdial_i.hmpg", true);

user_pref("extensions.mysearchdial_i.newTab", false);

user_pref("extensions.mysearchdial_i.smplGrp", "none");

user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.012:38:29");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 02/09/2014 at 13:39:47.27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kevinf80 · February 9, 2014

It would seem you did not run the clean option with AdwCleaner?

sbgboc926 · February 10, 2014

Hi there, and yes, I did run Adware Cleaner, but forgot to pull the log afterwards for you. I did as you suggested and ran the full Malwarebytes scan and found 6 objects, all of which I removed. See log below the Adware log. Thank you, Kevin, so much for helping me with all of this. I definitely wouldn't have come to all of this myself, which is why I bought Malwarebytes! Cheers! Kathy.