Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

What makes you think you have Malware, multiple entries for svchost is not unusual....

 

http://windows.microsoft.com/en-us/windows/what-is-svchost-exe#1TC=windows-7

 

run the following and post its logs....

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

I am new at this so forgive me if I have responded incorrectly.

 

Thank you for your help,

Linda :)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by LindaL (administrator) on LINDA-PC on 28-03-2014 19:13:44

Running from C:\Users\LindaL\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe

(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)

HKLM\...\Run: [(default)] - [X]

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] ()

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: http=127.0.0.1:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

SearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=


SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 

SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = 

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 

SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms}

SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}

SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = 

SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = 

BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)

BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)

BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)

Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)


Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34

 

FireFox:

========

FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default

FF Homepage: google.com

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi

FF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29]

FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\

FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ []

 

Chrome: 

=======



CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File

CHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File

CHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22]

CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22]

CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25]

 

========================== Services (Whitelisted) =================

 

S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.)

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)

S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-28 19:13 - 2014-03-28 19:14 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt

2014-03-28 19:12 - 2014-03-28 19:13 - 00000000 ____D () C:\FRST

2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe

2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt

2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt

2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine

2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe

2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod

2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes

2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime

 

==================== One Month Modified Files and Folders =======

 

2014-03-28 19:14 - 2014-03-28 19:13 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt

2014-03-28 19:13 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST

2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe

2014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-28 18:27 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes

2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine

2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt

2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt

2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe

2014-03-28 14:05 - 2006-11-02 07:52 - 01777578 _____ () C:\Windows\WindowsUpdate.log

2014-03-28 13:09 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows

2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works

2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared

2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log

2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA

2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager

2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache

2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes

2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod

2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime

2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications

 

Files to move or delete:

====================

C:\Users\LindaL.Linda-PC\couponprinter.exe

C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exe

C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe

 

 

Some content of TEMP:

====================

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exe

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-28 13:53

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by LindaL at 2014-03-28 19:15:04

Running from C:\Users\LindaL\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

Avery Toolbar (HKLM\...\{41565256-3700-A76A-76A7-A758B70C0300}) (Version: 12.3.0.994 - APN, LLC)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J5910DW (HKLM\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.0.0.0 - Brother Industries, Ltd.)

CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION

CouponBar (HKLM\...\CouponBar5.0.0.5) (Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTION

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)

Family Tree Maker Version 16 (HKLM\...\{2B59AB31-EBD0-45E4-A725-7112904DA605}) (Version:  - )

FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)

Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)

Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)

HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)

HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden

HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)

HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)

HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.10712 - HP)

HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden

HP Total Care Advisor (HKLM\...\{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}) (Version: 1.0.95 - Hewlett-Packard)

HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard)

HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden

Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )

Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

muvee autoProducer 5.0 (HKLM\...\{77CA976C-403C-47E2-940B-733ECAB6F62B}) (Version: 5.00.050 - muvee Technologies)

My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)

Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )

PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)

Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)

Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)

Rhapsody (HKLM\...\Rhapsody) (Version:  - )

Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)

Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)

Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)

Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)

Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)

Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)

Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)

Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)

Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)

Scansoft PDF Professional (Version:  - ) Hidden

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

 

==================== Restore Points  =========================

 

07-03-2014 05:02:24 Scheduled Checkpoint

08-03-2014 06:00:15 Scheduled Checkpoint

09-03-2014 04:02:13 Windows Update

10-03-2014 05:00:22 Scheduled Checkpoint

10-03-2014 20:44:12 Scheduled Checkpoint

12-03-2014 05:00:17 Scheduled Checkpoint

12-03-2014 10:19:29 Windows Update

13-03-2014 05:00:17 Scheduled Checkpoint

15-03-2014 04:28:38 Scheduled Checkpoint

15-03-2014 20:58:52 Windows Update

17-03-2014 06:37:55 Scheduled Checkpoint

18-03-2014 05:00:24 Scheduled Checkpoint

19-03-2014 00:34:45 Windows Update

20-03-2014 05:00:20 Scheduled Checkpoint

21-03-2014 05:00:18 Scheduled Checkpoint

22-03-2014 04:06:55 Scheduled Checkpoint

23-03-2014 03:40:25 Windows Update

24-03-2014 05:00:19 Scheduled Checkpoint

25-03-2014 14:31:01 Scheduled Checkpoint

26-03-2014 05:00:12 Scheduled Checkpoint

26-03-2014 10:16:40 Windows Update

27-03-2014 02:29:30 Windows Update

27-03-2014 22:06:14 Scheduled Checkpoint

28-03-2014 20:21:07 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {08AD78F6-4A94-4EF1-8E6E-EA289657B28C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - LindaL => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2AA89941-7D9B-4459-BFB5-BBB4C2A0BCC6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {303A3CD1-5082-4BA8-89F0-A5203F7E88B1} - \AdobeFlashPlayerUpdate No Task File

Task: {32C9FA04-B080-447B-8AF5-BB0A63A99C46} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)

Task: {4D902D79-4E67-4F1E-A3C9-93A54A74A262} - System32\Tasks\Browser Manager

Task: {57638869-A2BD-4DD9-AC70-6D153152F3B1} - \AdobeFlashPlayerUpdate 2 No Task File

Task: {6CD12707-4555-4174-A94B-16B34A760286} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7530CC19-FFCB-4914-A2AC-C1493B1597B4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-27] ()

Task: {8EBD4F13-CE58-42BA-8A20-3AC1CA746D61} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)

Task: {985E22F3-A7AB-4BE4-8D8C-B592B9652515} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade

Task: {9EB30B29-377B-4E2C-ABED-1F51272A4EA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)

Task: {A01FD0D4-5922-4043-82E3-798151753923} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {A1F9FEBB-CFC6-4D07-AD04-7DBB0A4888FE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload

Task: {B2FDC4D3-0768-4BD0-9014-94EF13D84288} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION

Task: {B7C7EF2F-64F0-43BF-B3D8-E3E4DA62DC1B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {BEF9E918-CA0A-4891-90A4-1E0BB11A351B} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)

Task: {D212A3D5-7C21-4A8D-8D9B-B8E252D8C6BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D9AC7EBA-9D02-4D70-8964-B58489BDD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-09-08] ()

Task: {E7B7F630-F4DE-4C51-842B-FCD8449364EF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Linda => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-12-27 13:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2014-03-15 13:35 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-15 13:35 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 13:35 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 13:35 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Users\LindaL\Downloads\noname.eml:OECustomProperty

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: AdobeARMservice => 3

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2

MSCONFIG\Services: APNMCP => 2

MSCONFIG\Services: BBSvc => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: Garmin Core Update Service => 3

MSCONFIG\Services: GorillaPrice => 2

MSCONFIG\Services: GoToAssist => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: PDFProFiltSrvPP => 2

MSCONFIG\Services: RoxMediaDB9 => 3

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: WatGorp => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk => C:\Windows\pss\HP Connections.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^LindaL.Linda-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: (default) => 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN

MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun

MSCONFIG\startupreg: FromDocToPDF Search Scope Monitor => "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h

MSCONFIG\startupreg: FromDocToPDF_65 Browser Plugin Loader => C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"

MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE

MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

MSCONFIG\startupreg: OsdMaestro => "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe

MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

MSCONFIG\startupreg: PPort12reminder => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe

MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

 

==================== Faulty Device Manager Devices =============

 

Name: F:\

Description: MFC-J5910DW     

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Brother 

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: Compact Flash   

Description: Compact Flash   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: MS/MS-Pro       

Description: MS/MS-Pro       

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: SD/MMC          

Description: SD/MMC          

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

Name: SM/xD-Picture   

Description: SM/xD-Picture   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/28/2014 07:12:28 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 07:12:21 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 05:39:31 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFE

 

Error: (03/28/2014 05:34:37 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFE

 

Error: (03/28/2014 03:45:25 PM) (Source: Application Error) (User: )

Description: Faulting application mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, faulting module mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, exception code 0x40000015, fault offset 0x0007d28a,

process id 0x1f4, application start time 0xmbamservice.exe0.

 

Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 02:12:03 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 02:12:01 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

Error: (03/28/2014 02:08:27 PM) (Source: profsvc) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The specified path is invalid.

 

 

System errors:

=============

Error: (03/28/2014 03:46:02 PM) (Source: Service Control Manager) (User: )

Description: MBAMService1

 

Error: (03/28/2014 02:14:43 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume D: were aborted because volume D:, which contains shadow copy storage for this shadow copy, was force dismounted.

 

Error: (03/28/2014 02:05:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1103.0){EB062BB7-6D0A-45A4-9257-DFB6158E65E3}201

 

Error: (03/28/2014 02:03:00 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (03/28/2014 02:01:30 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

 

New Engine Version: 

 

Previous Engine Version: 

 

Engine Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Error Code: %NT AUTHORITY601

 

Error description: %NT AUTHORITY602

 

Error: (03/28/2014 02:01:29 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (03/28/2014 01:57:39 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.169.1103.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

 

New Engine Version: 

 

Previous Engine Version: 

 

Engine Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Error Code: %NT AUTHORITY601

 

Error description: %NT AUTHORITY602

 

Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (03/28/2014 01:10:54 PM) (Source: Service Control Manager) (User: )

Description: i8042prt

SABKUTIL

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-03-28 19:14:55.071

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:54.728

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:54.419

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:54.091

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:53.748

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:53.420

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:53.093

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:52.765

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:52.250

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-28 19:14:51.893

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 87%

Total physical RAM: 893.76 MB

Available physical RAM: 109.32 MB

Total Pagefile: 2054.1 MB

Available Pagefile: 709.72 MB

Total Virtual: 2047.88 MB

Available Virtual: 1872.73 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:290.41 GB) (Free:160.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Recovery) (Fixed) (Total:7.68 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 2E444B01)

Partition 1: (Active) - (Size=290 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

Open Malwarebytes

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

 

 

 

Let me see those logs, let me know if there are any remaining issues or concerns...

 

Kevin

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

# AdwCleaner v3.023 - Report created 10/04/2014 at 19:02:11

# Updated 01/04/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : LindaL - LINDA-PC

# Running from : C:\Users\LindaL\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Program Files\Mozilla Firefox\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Mozilla Firefox v28.0 (en-US)

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by LindaL (administrator) on LINDA-PC on 29-03-2014 09:16:49

Running from C:\Users\LindaL\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe

(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)

HKLM\...\Run: [(default)] - [X]

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] ()

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: http=127.0.0.1:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

SearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=


SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 

SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = 

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 

SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms}

SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}

SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = 

SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = 

BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)

BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)

BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)

Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)


Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34

 

FireFox:

========

FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default

FF Homepage: google.com

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi

FF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29]

FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\

FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ []

 

Chrome: 

=======



CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File

CHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File

CHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22]

CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22]

CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25]

 

========================== Services (Whitelisted) =================

 

S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.)

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)

S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-28 19:15 - 2014-03-28 19:16 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt

2014-03-28 19:13 - 2014-03-29 09:16 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt

2014-03-28 19:12 - 2014-03-29 09:16 - 00000000 ____D () C:\FRST

2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe

2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt

2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt

2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine

2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe

2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod

2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes

2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime

 

==================== One Month Modified Files and Folders =======

 

2014-03-29 09:17 - 2014-03-28 19:13 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt

2014-03-29 09:16 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST

2014-03-29 09:10 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-29 09:10 - 2006-11-02 07:52 - 01779765 _____ () C:\Windows\WindowsUpdate.log

2014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-28 22:27 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-28 19:16 - 2014-03-28 19:15 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt

2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe

2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes

2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine

2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt

2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt

2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe

2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows

2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works

2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared

2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log

2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA

2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager

2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache

2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes

2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod

2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime

2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications

 

Files to move or delete:

====================

C:\Users\LindaL.Linda-PC\couponprinter.exe

C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exe

C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe

 

 

Some content of TEMP:

====================

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exe

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-29 01:56

 

==================== End Of Log ============================


 

 

 

 

-\\ Google Chrome v33.0.1750.154

 

*************************

 

AdwCleaner[R0].txt - [10646 octets] - [29/03/2014 09:24:44]

AdwCleaner[R1].txt - [898 octets] - [10/04/2014 18:56:21]

AdwCleaner[s0].txt - [10917 octets] - [29/03/2014 09:29:13]

AdwCleaner[s1].txt - [822 octets] - [10/04/2014 19:02:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [881 octets] ##########
Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 29/03/2014 at 09:24:44

# Updated 13/03/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : LindaL - LINDA-PC

# Running from : C:\Users\LindaL\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

Service Found : FromDocToPDF_65Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\user.js

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\Public\Desktop\eBay.lnk

File Found : C:\Windows\System32\Tasks\BitGuard

File Found : C:\Windows\System32\Tasks\Browser Manager

Folder Found C:\Program Files\AskPartnerNetwork

Folder Found C:\ProgramData\apn

Folder Found C:\ProgramData\AskPartnerNetwork

Folder Found C:\ProgramData\Babylon

Folder Found C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\d57ded8b168ea17

Key Found : HKCU\Software\filescout

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\AskPartnerNetwork

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BrowserMngr

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar

Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1

Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898

Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Found : HKLM\SOFTWARE\d57ded8b168ea17

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D902D79-4E67-4F1E-A3C9-93A54A74A262}

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FDC4D3-0768-4BD0-9014-94EF13D84288}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Found : HKLM\Software\Playbryte

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540

-\\ Mozilla Firefox v26.0 (en-US)

-\\ Google Chrome v33.0.1750.154

*************************

AdwCleaner[R0].txt - [10504 octets] - [29/03/2014 09:24:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10565 octets] ##########

Link to post
Share on other sites

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt.

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Run Malwarebytes,


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those logs....

Link to post
Share on other sites

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.210000 GHz

Memory total: 937177088, free: 167895040

Downloaded database version: v2014.04.15.06

Downloaded database version: v2014.03.27.01

=======================================

There is no mbar log. Should I run mbar.exe again?

Link to post
Share on other sites

What happened when you ran it the first time? If there are no logs in the MBAR folder it would seem the scan was not successful and did not complete...

 

Leave MBAR and run the following:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.