lindal Posted March 28, 2014 ID:809956 Share Posted March 28, 2014 Please help me rescue my computer from this malware invasion. How do I permanently remove these 14 occurrences of svchost.exe? Link to post Share on other sites More sharing options...
kevinf80 Posted March 28, 2014 ID:809968 Share Posted March 28, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. What makes you think you have Malware, multiple entries for svchost is not unusual.... http://windows.microsoft.com/en-us/windows/what-is-svchost-exe#1TC=windows-7 run the following and post its logs.... Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin Link to post Share on other sites More sharing options...
lindal Posted March 29, 2014 Author ID:810007 Share Posted March 29, 2014 I am new at this so forgive me if I have responded incorrectly. Thank you for your help,Linda Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01Ran by LindaL (administrator) on LINDA-PC on 28-03-2014 19:13:44Running from C:\Users\LindaL\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)HKLM\...\Run: [(default)] - [X]HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] ()HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8080HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktopSearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06930^us&si=CLmrktWH7LkCFQFk7AodQh4A4A&ptb=30FA59BF-A543-4ECF-936C-B4E63B46EB37&ind=2013092713&n=77fd5b69&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms}SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No FileToolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34 FireFox:========FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.defaultFF Homepage: google.comFF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpiFF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29]FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [] Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No FileCHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No FileCHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No FileCHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22]CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22]CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25] ========================== Services (Whitelisted) ================= S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.)S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 19:13 - 2014-03-28 19:14 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt2014-03-28 19:12 - 2014-03-28 19:13 - 00000000 ____D () C:\FRST2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime ==================== One Month Modified Files and Folders ======= 2014-03-28 19:14 - 2014-03-28 19:13 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt2014-03-28 19:13 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe2014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-03-28 18:27 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe2014-03-28 14:05 - 2006-11-02 07:52 - 01777578 _____ () C:\Windows\WindowsUpdate.log2014-03-28 13:09 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications Files to move or delete:====================C:\Users\LindaL.Linda-PC\couponprinter.exeC:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exeC:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe Some content of TEMP:====================C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exeC:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 13:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01Ran by LindaL at 2014-03-28 19:15:04Running from C:\Users\LindaL\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) HiddenActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) HiddenAdobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )Avery Toolbar (HKLM\...\{41565256-3700-A76A-76A7-A758B70C0300}) (Version: 12.3.0.994 - APN, LLC)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Brother MFL-Pro Suite MFC-J5910DW (HKLM\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.0.0.0 - Brother Industries, Ltd.)CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTIONCouponBar (HKLM\...\CouponBar5.0.0.5) (Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTIOND3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) HiddenEnhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)Family Tree Maker Version 16 (HKLM\...\{2B59AB31-EBD0-45E4-A725-7112904DA605}) (Version: - )FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) HiddenGoogle Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.5 - Google Inc.) HiddenHardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) HiddenHP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) HiddenHP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.10712 - HP)HP Picasso Media Center Add-In (Version: 1.0.0 - HP) HiddenHP Total Care Advisor (HKLM\...\{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}) (Version: 1.0.95 - Hewlett-Packard)HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard)HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) HiddenInternet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenLightScribe 1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) HiddenMalwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)muvee autoProducer 5.0 (HKLM\...\{77CA976C-403C-47E2-940B-733ECAB6F62B}) (Version: 5.00.050 - muvee Technologies)My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - )Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)Rhapsody (HKLM\...\Rhapsody) (Version: - )Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)Scansoft PDF Professional (Version: - ) HiddenSegoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Restore Points ========================= 07-03-2014 05:02:24 Scheduled Checkpoint08-03-2014 06:00:15 Scheduled Checkpoint09-03-2014 04:02:13 Windows Update10-03-2014 05:00:22 Scheduled Checkpoint10-03-2014 20:44:12 Scheduled Checkpoint12-03-2014 05:00:17 Scheduled Checkpoint12-03-2014 10:19:29 Windows Update13-03-2014 05:00:17 Scheduled Checkpoint15-03-2014 04:28:38 Scheduled Checkpoint15-03-2014 20:58:52 Windows Update17-03-2014 06:37:55 Scheduled Checkpoint18-03-2014 05:00:24 Scheduled Checkpoint19-03-2014 00:34:45 Windows Update20-03-2014 05:00:20 Scheduled Checkpoint21-03-2014 05:00:18 Scheduled Checkpoint22-03-2014 04:06:55 Scheduled Checkpoint23-03-2014 03:40:25 Windows Update24-03-2014 05:00:19 Scheduled Checkpoint25-03-2014 14:31:01 Scheduled Checkpoint26-03-2014 05:00:12 Scheduled Checkpoint26-03-2014 10:16:40 Windows Update27-03-2014 02:29:30 Windows Update27-03-2014 22:06:14 Scheduled Checkpoint28-03-2014 20:21:07 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {08AD78F6-4A94-4EF1-8E6E-EA289657B28C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - LindaL => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {2AA89941-7D9B-4459-BFB5-BBB4C2A0BCC6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {303A3CD1-5082-4BA8-89F0-A5203F7E88B1} - \AdobeFlashPlayerUpdate No Task FileTask: {32C9FA04-B080-447B-8AF5-BB0A63A99C46} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfoTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)Task: {4D902D79-4E67-4F1E-A3C9-93A54A74A262} - System32\Tasks\Browser ManagerTask: {57638869-A2BD-4DD9-AC70-6D153152F3B1} - \AdobeFlashPlayerUpdate 2 No Task FileTask: {6CD12707-4555-4174-A94B-16B34A760286} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {7530CC19-FFCB-4914-A2AC-C1493B1597B4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-27] ()Task: {8EBD4F13-CE58-42BA-8A20-3AC1CA746D61} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)Task: {985E22F3-A7AB-4BE4-8D8C-B592B9652515} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgradeTask: {9EB30B29-377B-4E2C-ABED-1F51272A4EA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)Task: {A01FD0D4-5922-4043-82E3-798151753923} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {A1F9FEBB-CFC6-4D07-AD04-7DBB0A4888FE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUploadTask: {B2FDC4D3-0768-4BD0-9014-94EF13D84288} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTIONTask: {B7C7EF2F-64F0-43BF-B3D8-E3E4DA62DC1B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {BEF9E918-CA0A-4891-90A4-1E0BB11A351B} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)Task: {D212A3D5-7C21-4A8D-8D9B-B8E252D8C6BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {D9AC7EBA-9D02-4D70-8964-B58489BDD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-09-08] ()Task: {E7B7F630-F4DE-4C51-842B-FCD8449364EF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Linda => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-12-27 13:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll2014-03-15 13:35 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 13:35 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 13:35 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 13:35 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\LindaL\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeARMservice => 3MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2MSCONFIG\Services: APNMCP => 2MSCONFIG\Services: BBSvc => 3MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: Garmin Core Update Service => 3MSCONFIG\Services: GorillaPrice => 2MSCONFIG\Services: GoToAssist => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: LightScribeService => 2MSCONFIG\Services: McComponentHostService => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: PDFProFiltSrvPP => 2MSCONFIG\Services: RoxMediaDB9 => 3MSCONFIG\Services: SCardSvr => 3MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: WatGorp => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk => C:\Windows\pss\HP Connections.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^LindaL.Linda-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupMSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeMSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUNMSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorunMSCONFIG\startupreg: FromDocToPDF Search Scope Monitor => "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /hMSCONFIG\startupreg: FromDocToPDF_65 Browser Plugin Loader => C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exeMSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeMSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXEMSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupMSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitMSCONFIG\startupreg: OsdMaestro => "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exeMSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exeMSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"MSCONFIG\startupreg: PPort12reminder => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exeMSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: F:\Description: MFC-J5910DW Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: Brother Service: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Compact Flash Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: Generic-Service: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: MS/MS-Pro Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: Generic-Service: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SD/MMC Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: Generic-Service: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SM/xD-Picture Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: Generic-Service: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors:==================Error: (03/28/2014 07:12:28 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 07:12:21 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 05:39:31 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EFE Error: (03/28/2014 05:34:37 PM) (Source: MatSvc) (User: )Description: The MATS service encountered a web service failure. hr=0x80072EFE Error: (03/28/2014 03:45:25 PM) (Source: Application Error) (User: )Description: Faulting application mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, faulting module mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, exception code 0x40000015, fault offset 0x0007d28a,process id 0x1f4, application start time 0xmbamservice.exe0. Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:12:03 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:12:01 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:08:27 PM) (Source: profsvc) (User: NT AUTHORITY)Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. System errors:=============Error: (03/28/2014 03:46:02 PM) (Source: Service Control Manager) (User: )Description: MBAMService1 Error: (03/28/2014 02:14:43 PM) (Source: volsnap) (User: )Description: The shadow copies of volume D: were aborted because volume D:, which contains shadow copy storage for this shadow copy, was force dismounted. Error: (03/28/2014 02:05:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1103.0){EB062BB7-6D0A-45A4-9257-DFB6158E65E3}201 Error: (03/28/2014 02:03:00 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 02:01:30 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Error Code: %NT AUTHORITY601 Error description: %NT AUTHORITY602 Error: (03/28/2014 02:01:29 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:57:39 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.1103.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Error Code: %NT AUTHORITY601 Error description: %NT AUTHORITY602 Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:10:54 PM) (Source: Service Control Manager) (User: )Description: i8042prtSABKUTIL Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-03-28 19:14:55.071 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.091 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.748 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:52.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:52.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:51.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 87%Total physical RAM: 893.76 MBAvailable physical RAM: 109.32 MBTotal Pagefile: 2054.1 MBAvailable Pagefile: 709.72 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1872.73 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:290.41 GB) (Free:160.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Recovery) (Fixed) (Total:7.68 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 298 GB) (Disk ID: 2E444B01)Partition 1: (Active) - (Size=290 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted March 29, 2014 ID:810015 Share Posted March 29, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next,Open MalwarebytesOn the Dashboard, click the 'Update Now >>' link After the update completes, click the 'Scan Now >>' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click 'Export'. Click 'Text file (*.txt)' In the Save File dialog box which appears, click on Desktop. In the File name: box type a name for your scan log. A message box named 'File Saved' should appear stating "Your file has been successfully exported". Click Ok Attach that saved log to your next reply. Let me see those logs, let me know if there are any remaining issues or concerns... Kevinfixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 3, 2014 Root Admin ID:812695 Share Posted April 3, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 10, 2014 Root Admin ID:816578 Share Posted April 10, 2014 Topic reopened per user request Link to post Share on other sites More sharing options...
lindal Posted April 11, 2014 Author ID:816637 Share Posted April 11, 2014 # AdwCleaner v3.023 - Report created 10/04/2014 at 19:02:11# Updated 01/04/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)# Username : LindaL - LINDA-PC# Running from : C:\Users\LindaL\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Program Files\Mozilla Firefox\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Mozilla Firefox v28.0 (en-US) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01Ran by LindaL (administrator) on LINDA-PC on 29-03-2014 09:16:49Running from C:\Users\LindaL\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe(Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)HKLM\...\Run: [(default)] - [X]HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] ()HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8080HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktopSearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06930^us&si=CLmrktWH7LkCFQFk7AodQh4A4A&ptb=30FA59BF-A543-4ECF-936C-B4E63B46EB37&ind=2013092713&n=77fd5b69&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV=SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms}SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No FileToolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34 FireFox:========FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.defaultFF Homepage: google.comFF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpiFF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29]FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [] Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No FileCHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No FileCHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No FileCHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22]CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22]CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25] ========================== Services (Whitelisted) ================= S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.)S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 19:15 - 2014-03-28 19:16 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt2014-03-28 19:13 - 2014-03-29 09:16 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt2014-03-28 19:12 - 2014-03-29 09:16 - 00000000 ____D () C:\FRST2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime ==================== One Month Modified Files and Folders ======= 2014-03-29 09:17 - 2014-03-28 19:13 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt2014-03-29 09:16 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST2014-03-29 09:10 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-29 09:10 - 2006-11-02 07:52 - 01779765 _____ () C:\Windows\WindowsUpdate.log2014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-03-28 22:27 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-28 19:16 - 2014-03-28 19:15 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications Files to move or delete:====================C:\Users\LindaL.Linda-PC\couponprinter.exeC:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exeC:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe Some content of TEMP:====================C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exeC:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-29 01:56 ==================== End Of Log ============================ -\\ Google Chrome v33.0.1750.154 ************************* AdwCleaner[R0].txt - [10646 octets] - [29/03/2014 09:24:44]AdwCleaner[R1].txt - [898 octets] - [10/04/2014 18:56:21]AdwCleaner[s0].txt - [10917 octets] - [29/03/2014 09:29:13]AdwCleaner[s1].txt - [822 octets] - [10/04/2014 19:02:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [881 octets] ########## Link to post Share on other sites More sharing options...
lindal Posted April 11, 2014 Author ID:816643 Share Posted April 11, 2014 # AdwCleaner v3.022 - Report created 29/03/2014 at 09:24:44 # Updated 13/03/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : LindaL - LINDA-PC # Running from : C:\Users\LindaL\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : APNMCP Service Found : FromDocToPDF_65Service ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\user.js File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Windows\System32\Tasks\BitGuard File Found : C:\Windows\System32\Tasks\Browser Manager Folder Found C:\Program Files\AskPartnerNetwork Folder Found C:\ProgramData\apn Folder Found C:\ProgramData\AskPartnerNetwork Folder Found C:\ProgramData\Babylon Folder Found C:\ProgramData\boost_interprocess ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AskPartnerNetwork Key Found : HKCU\Software\d57ded8b168ea17 Key Found : HKCU\Software\filescout Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\AskPartnerNetwork Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\d57ded8b168ea17 Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D902D79-4E67-4F1E-A3C9-93A54A74A262} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FDC4D3-0768-4BD0-9014-94EF13D84288} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Key Found : HKLM\Software\Playbryte Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}] ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Mozilla Firefox v26.0 (en-US) -\\ Google Chrome v33.0.1750.154 ************************* AdwCleaner[R0].txt - [10504 octets] - [29/03/2014 09:24:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10565 octets] ########## Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2014 ID:816648 Share Posted April 11, 2014 Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Run Malwarebytes, On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes. How to get logs:(Export log to save as txt) After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply. Let me see those logs.... Link to post Share on other sites More sharing options...
lindal Posted April 12, 2014 Author ID:817254 Share Posted April 12, 2014 Malwarebytes will no longer open and the icon has disappeared from the start up bar. I have tried to run as an administrator and opening from the start Menu. Nothing will open it. Link to post Share on other sites More sharing options...
kevinf80 Posted April 12, 2014 ID:817372 Share Posted April 12, 2014 1.Download Malwarebytes Anti-Rootkit from this link: http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop)3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - logMbar - log Date and time of scan will also be shown Thanks, Kevin... Link to post Share on other sites More sharing options...
lindal Posted April 15, 2014 Author ID:818578 Share Posted April 15, 2014 Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.210000 GHz Memory total: 937177088, free: 167895040 Downloaded database version: v2014.04.15.06 Downloaded database version: v2014.03.27.01 ======================================= There is no mbar log. Should I run mbar.exe again? Link to post Share on other sites More sharing options...
kevinf80 Posted April 15, 2014 ID:818783 Share Posted April 15, 2014 What happened when you ran it the first time? If there are no logs in the MBAR folder it would seem the scan was not successful and did not complete... Leave MBAR and run the following: Read the following link before we continue and run Combofix: ComboFix usage, Questions, Help? - Look here Next, Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.infospyware.net/antimalware/combofix/ Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply please... Kevin Link to post Share on other sites More sharing options...
lindal Posted April 17, 2014 Author ID:820011 Share Posted April 17, 2014 Do I need to disable Malwarebytes Antimalware? Link to post Share on other sites More sharing options...
kevinf80 Posted April 17, 2014 ID:820019 Share Posted April 17, 2014 Yes please, disable all security.. Link to post Share on other sites More sharing options...
lindal Posted April 21, 2014 Author ID:821355 Share Posted April 21, 2014 Please dont close this topic. Just been too busy to sit at my computer. Link to post Share on other sites More sharing options...
kevinf80 Posted April 21, 2014 ID:821458 Share Posted April 21, 2014 Ok, post back when you`re ready. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 23, 2014 Root Admin ID:822310 Share Posted April 23, 2014 Are you still with us? This topic will be closed soon if we do not hear back from you. Link to post Share on other sites More sharing options...
lindal Posted April 23, 2014 Author ID:822376 Share Posted April 23, 2014 Yes, I am. I have some days off starting tomorrow and can get back to you then. Thanks for leaving me on here. Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2014 ID:822425 Share Posted April 23, 2014 Thank you for the update.... Link to post Share on other sites More sharing options...
kevinf80 Posted April 28, 2014 ID:824331 Share Posted April 28, 2014 Are you still with us? Link to post Share on other sites More sharing options...
lindal Posted April 28, 2014 Author ID:824354 Share Posted April 28, 2014 Yes, thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted April 28, 2014 ID:824557 Share Posted April 28, 2014 Good to hear.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 5, 2014 Root Admin ID:827101 Share Posted May 5, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts