Jump to content

Help removing "Ads by Notification"


Recommended Posts

I'm seeing ads in places there shouldn't be ads, and brower tab hijacking.  I ran Mbam a few times and it found and removed some things, but I am still seeing ads and web browsing is infuriatingly slow.  My husband's in IT but he's not home long enough to help me out with this until the weekend.

I downloaded Farbar and here are my results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Mommy (administrator) on OZAIIS-PC on 30-10-2014 10:33:37
Running from C:\Users\Mommy\Downloads
Loaded Profile: Mommy (Available profiles: Ozaiis & Mommy & Christian)
Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-01-29] (TOSHIBA)
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\MountPoints2: {1f7c9f2a-bea2-11e2-8ecc-001e336904fe} - F:\Start.exe
HKU\S-1-5-21-2668706330-732816361-1631804343-1002\...\MountPoints2: {1f7c9fab-bea2-11e2-8ecc-001e336904fe} - G:\Start.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {B92C7376-9705-464E-AD3D-B47B14D8A3B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM - {B92C7376-9705-464E-AD3D-B47B14D8A3B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 - DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSHB_enUS536
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 19 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.254

FireFox:
========
FF ProfilePath: C:\Users\Mommy\AppData\Roaming\Mozilla\Firefox\Profiles\7ly00fpp.default-1414676892928
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\4ef09132d37415b6491b13b8e7ae562b [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-17]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-25]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [376200 2014-10-09] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 osubsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
S4 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-01-21] (TOSHIBA Corporation)
S4 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 10:33 - 2014-10-30 10:34 - 00017247 _____ () C:\Users\Mommy\Downloads\FRST.txt
2014-10-30 10:33 - 2014-10-30 10:33 - 00000000 ____D () C:\FRST
2014-10-30 10:31 - 2014-10-30 10:31 - 02113536 _____ (Farbar) C:\Users\Mommy\Downloads\FRST64.exe
2014-10-30 10:19 - 2014-10-30 10:20 - 00007720 _____ () C:\Users\Mommy\Downloads\hijackthis.log
2014-10-30 09:49 - 2014-10-30 09:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mommy\Downloads\HijackThis.exe
2014-10-29 17:28 - 2014-10-29 17:28 - 00000000 ____D () C:\Windows\ERUNT
2014-10-29 17:27 - 2014-10-29 17:28 - 01706144 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe
2014-10-29 17:09 - 2014-10-30 09:42 - 00002024 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 17:09 - 2014-10-29 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-29 17:05 - 2014-10-30 10:10 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 17:05 - 2014-10-29 19:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 17:05 - 2014-10-29 17:05 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-29 17:05 - 2014-10-29 17:05 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-29 17:04 - 2014-10-29 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Local\Google
2014-10-29 17:03 - 2014-10-29 17:04 - 00000000 ____D () C:\Users\Christian\AppData\Local\Deployment
2014-10-29 17:03 - 2014-10-29 17:03 - 00000000 ____D () C:\Users\Christian\AppData\Local\Apps\2.0
2014-10-29 16:44 - 2014-10-29 16:44 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Macromedia
2014-10-29 16:44 - 2014-10-29 16:44 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Adobe
2014-10-29 16:40 - 2014-10-29 16:40 - 00000000 ____D () C:\Users\Christian\AppData\Local\LogMeIn Rescue
2014-10-29 16:39 - 2014-10-29 16:39 - 00000000 ____D () C:\Users\Christian\AppData\Local\LogMeIn
2014-10-29 14:21 - 2014-10-29 14:25 - 00000000 ____D () C:\Users\Mommy\Barbie's Dream House
2014-10-29 09:34 - 2014-10-29 09:34 - 00001067 _____ () C:\oct292014.txt
2014-10-28 09:42 - 2014-10-30 09:42 - 00003280 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-10-28 09:42 - 2014-10-28 09:42 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-10-28 09:40 - 2014-10-28 09:40 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-27 10:47 - 2014-10-27 10:47 - 00005724 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-27 10:32 - 2014-10-27 10:33 - 00035824 _____ (Curio Laboratories) C:\Users\Mommy\Downloads\RemoveOnRebootSetup.exe
2014-10-27 10:28 - 2014-10-27 10:28 - 00002531 _____ () C:\Users\Mommy\Desktop\Microsoft Lync 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002058 _____ () C:\Users\Mommy\Desktop\Microsoft SharePoint Workspace 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002056 _____ () C:\Users\Mommy\Desktop\Microsoft Publisher 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002040 _____ () C:\Users\Mommy\Desktop\Microsoft Word 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002034 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Designer 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002034 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Designer 2010 (2).lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002018 _____ () C:\Users\Mommy\Desktop\Microsoft InfoPath Filler 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00002002 _____ () C:\Users\Mommy\Desktop\Microsoft PowerPoint 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00001972 _____ () C:\Users\Mommy\Desktop\Microsoft OneNote 2010.lnk
2014-10-27 10:27 - 2014-10-27 10:27 - 00001966 _____ () C:\Users\Mommy\Desktop\Microsoft Office Picture Manager.lnk
2014-10-27 10:26 - 2014-10-27 10:26 - 00001990 _____ () C:\Users\Mommy\Desktop\Microsoft Access 2010.lnk
2014-10-27 10:23 - 2014-10-27 10:23 - 00000990 _____ () C:\Users\Christian\Desktop\Internet Explorer.lnk
2014-10-27 10:22 - 2014-10-29 17:56 - 00002643 _____ () C:\Users\Christian\Desktop\Microsoft Outlook 2010.lnk
2014-10-27 10:22 - 2014-10-27 10:22 - 00002531 _____ () C:\Users\Christian\Desktop\Microsoft Lync 2010.lnk
2014-10-27 10:22 - 2014-10-27 10:22 - 00002058 _____ () C:\Users\Christian\Desktop\Microsoft SharePoint Workspace 2010.lnk
2014-10-27 10:22 - 2014-10-27 10:22 - 00002002 _____ () C:\Users\Christian\Desktop\Microsoft PowerPoint 2010.lnk
2014-10-27 10:22 - 2014-10-27 10:22 - 00001966 _____ () C:\Users\Christian\Desktop\Microsoft Office Picture Manager.lnk
2014-10-27 10:21 - 2014-10-27 10:21 - 00002008 _____ () C:\Users\Christian\Desktop\Microsoft Excel 2010.lnk
2014-10-27 09:54 - 2014-10-27 09:57 - 00446244 _____ () C:\Windows\dd_vcredistMSI699B.txt
2014-10-27 09:54 - 2014-10-27 09:57 - 00012358 _____ () C:\Windows\dd_vcredistUI699B.txt
2014-10-27 09:09 - 2014-10-30 09:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 08:49 - 2014-10-27 08:49 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 08:49 - 2014-10-27 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 08:48 - 2014-10-27 08:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 08:48 - 2014-10-27 08:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 08:48 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 08:48 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 08:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-27 08:41 - 2014-10-29 18:23 - 00000000 ____D () C:\Users\Christian\Tracing
2014-10-27 08:41 - 2014-10-29 16:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Apple Computer
2014-10-27 08:41 - 2014-10-27 08:41 - 00115376 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-27 08:41 - 2014-10-27 08:41 - 00000990 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-27 08:41 - 2014-10-27 08:41 - 00000985 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-27 08:41 - 2014-10-27 08:41 - 00000960 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-27 08:39 - 2014-10-27 08:41 - 00000926 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-27 08:39 - 2014-10-27 08:39 - 00000632 __RSH () C:\Users\Christian\ntuser.pol
2014-10-26 20:19 - 2014-10-27 08:41 - 00000000 ____D () C:\Users\Christian
2014-10-26 20:19 - 2014-10-26 20:19 - 00000020 ___SH () C:\Users\Christian\ntuser.ini
2014-10-26 20:19 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Microsoft Help
2014-10-26 20:19 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-26 20:19 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-10-26 19:36 - 2014-10-26 20:11 - 605410472 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\Windows6.0-KB948465-X64.exe
2014-10-26 19:11 - 2014-10-26 19:13 - 36138288 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\IE9-WindowsVista-x64-enu (1).exe
2014-10-26 19:08 - 2014-10-26 19:08 - 00514864 _____ (Microsoft Corporation) C:\Users\Mommy\Downloads\IE9-WindowsVista-x64-enu.exe
2014-10-26 18:55 - 2014-10-26 18:56 - 04336310 _____ () C:\Users\Mommy\Downloads\Windows6.0-KB957388-x64.msu
2014-10-26 18:44 - 2014-10-26 18:46 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mommy\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-26 15:47 - 2014-10-26 15:47 - 00000000 ____D () C:\Users\Mommy\Documents\Optimizer Pro
2014-10-26 15:45 - 2014-10-29 17:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-26 15:38 - 2014-10-29 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-10-26 15:37 - 2014-10-29 17:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-10-26 15:37 - 2014-10-27 09:53 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-10-26 15:37 - 2014-10-26 15:37 - 00352688 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistMSI2223.txt
2014-10-26 15:37 - 2014-10-26 15:37 - 00344368 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistMSI2257.txt
2014-10-26 15:37 - 2014-10-26 15:37 - 00013846 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistUI2257.txt
2014-10-26 15:37 - 2014-10-26 15:37 - 00013846 _____ () C:\Users\Mommy\AppData\Local\dd_vcredistUI2223.txt
2014-10-26 09:37 - 2014-10-26 18:40 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\uTorrent
2014-10-26 09:36 - 2014-10-23 13:27 - 01689680 _____ (BitTorrent Inc.) C:\uTorrent.exe
2014-10-25 19:16 - 2014-10-26 15:37 - 00000000 ____D () C:\Program Files (x86)\OCSetup
2014-10-25 17:24 - 2014-10-26 19:14 - 00005850 _____ () C:\Windows\IE9_main.log
2014-10-25 17:15 - 2014-10-25 17:16 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Deployment
2014-10-25 17:15 - 2014-10-25 17:15 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apps\2.0
2014-10-25 16:34 - 2014-10-29 19:01 - 00000000 ____D () C:\Users\Mommy\Tracing
2014-10-25 16:31 - 2014-10-25 16:31 - 00000000 ____D () C:\Users\Mommy\AppData\Local\AOCSetup
2014-10-25 15:42 - 2014-10-25 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-10-25 15:39 - 2014-10-25 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-10-25 15:38 - 2014-10-25 15:38 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-25 15:38 - 2014-10-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-10-25 15:32 - 2014-10-25 15:32 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-10-25 15:29 - 2014-10-25 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-25 15:28 - 2014-10-25 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-10-21 19:22 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn Client
2014-10-20 13:33 - 2014-10-20 13:34 - 00000000 ____D () C:\Users\Mommy\misc saved art
2014-10-20 09:22 - 2014-10-22 12:39 - 00000000 ____D () C:\Users\Mommy\Hair
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-15 18:38 - 2014-10-15 18:38 - 00000000 ____D () C:\Users\Mommy\AppData\Local\LogMeIn Rescue
2014-10-15 18:36 - 2014-10-15 18:36 - 00002140 _____ () C:\Users\Public\Desktop\LogMeIn Rescue Technician Console.lnk
2014-10-15 18:36 - 2014-10-15 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue
2014-10-15 18:36 - 2014-10-15 18:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue Technician Console
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-10-13 09:45 - 2014-10-13 09:45 - 00000000 ____D () C:\Users\Mommy\Funny
2014-10-12 09:50 - 2014-10-29 09:57 - 00000000 ____D () C:\Users\Mommy\Fashion
2014-10-11 10:15 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\Program Files\iTunes
2014-10-11 10:09 - 2014-10-11 10:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-11 10:09 - 2014-10-11 10:10 - 00000000 ____D () C:\Program Files\iPod
2014-10-08 03:15 - 2010-09-20 07:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-10-08 03:15 - 2010-09-20 04:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll
2014-10-07 14:59 - 2014-10-07 14:59 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-10-07 14:58 - 2014-10-07 14:58 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-10-07 09:58 - 2014-10-07 09:58 - 00000000 ____D () C:\Program Files\Windows Live
2014-10-07 09:58 - 2010-04-28 08:57 - 00061288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-10-07 09:57 - 2014-10-07 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-10-07 09:56 - 2014-10-07 09:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive
2014-10-07 09:54 - 2014-10-07 09:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-10-07 09:53 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-10-07 09:52 - 2014-10-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-06 16:14 - 2008-05-27 00:23 - 02209792 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-10-06 16:14 - 2008-05-27 00:22 - 02176512 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-10-06 16:14 - 2008-05-27 00:21 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2014-10-06 16:14 - 2008-05-27 00:21 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2014-10-06 16:14 - 2008-05-27 00:20 - 00498176 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-10-06 16:14 - 2008-05-27 00:20 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2014-10-06 16:14 - 2008-05-27 00:20 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-10-06 16:14 - 2008-05-27 00:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-10-06 16:14 - 2008-05-27 00:20 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2014-10-06 16:14 - 2008-05-27 00:20 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2014-10-06 16:14 - 2008-05-27 00:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 06100480 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 01676800 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-10-06 16:14 - 2008-05-27 00:19 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-10-06 16:14 - 2008-05-27 00:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-10-06 16:14 - 2008-05-27 00:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlhtml.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propdefs.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmlfilter.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstrc.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2014-10-06 16:14 - 2008-05-27 00:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtffilt.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chtbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chsbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thawbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offfilt.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-10-06 16:14 - 2008-05-27 00:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscb.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2014-10-06 16:14 - 2008-05-27 00:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2014-10-06 16:14 - 2008-05-26 23:59 - 00106605 _____ () C:\Windows\SysWOW64\StructuredQuerySchema.bin
2014-10-06 16:14 - 2008-05-26 23:59 - 00106605 _____ () C:\Windows\system32\StructuredQuerySchema.bin
2014-10-06 16:14 - 2008-05-26 23:59 - 00018904 _____ () C:\Windows\SysWOW64\StructuredQuerySchemaTrivial.bin
2014-10-06 16:14 - 2008-05-26 23:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2014-10-06 16:14 - 2007-11-08 04:04 - 11967524 _____ () C:\Windows\SysWOW64\korwbrkr.lex
2014-10-06 16:14 - 2007-11-08 04:04 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex
2014-10-06 16:13 - 2014-10-06 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-06 16:12 - 2014-10-06 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2014-10-06 16:12 - 2014-10-06 16:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-06 16:10 - 2014-10-26 18:34 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Microsoft Help
2014-10-06 16:09 - 2010-04-14 13:35 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-10-06 16:09 - 2010-04-14 13:35 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-10-06 16:09 - 2010-04-14 13:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-10-06 16:09 - 2010-04-14 12:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-10-06 16:09 - 2010-04-14 12:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-10-06 16:09 - 2010-04-14 12:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-10-06 14:56 - 2009-10-09 16:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2014-10-06 14:56 - 2009-10-09 16:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2014-10-06 14:56 - 2009-10-09 16:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2014-10-06 14:56 - 2009-10-09 16:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-10-06 14:56 - 2009-10-09 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-10-06 14:56 - 2009-10-09 16:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-10-06 14:55 - 2009-10-09 16:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2014-10-06 14:55 - 2009-10-09 16:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2014-10-06 14:55 - 2009-10-09 16:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2014-10-06 14:55 - 2009-10-09 16:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2014-10-06 14:55 - 2009-10-09 16:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-10-06 14:55 - 2009-10-09 16:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2014-10-06 14:55 - 2009-10-09 16:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2014-10-06 14:55 - 2009-10-09 16:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2014-10-06 14:55 - 2009-10-09 16:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2014-10-06 14:55 - 2009-10-09 16:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-06 14:55 - 2009-10-09 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-10-06 14:55 - 2009-10-09 16:35 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-10-06 14:55 - 2009-10-09 16:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-10-06 14:55 - 2009-10-09 16:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-10-06 14:55 - 2009-10-09 16:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-10-06 14:55 - 2009-10-09 16:34 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-10-06 14:55 - 2009-10-09 16:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-10-06 14:55 - 2009-10-09 16:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-10-06 14:55 - 2009-10-09 16:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-10-06 14:55 - 2009-08-01 01:27 - 00201184 _____ () C:\Windows\SysWOW64\winrm.vbs
2014-10-06 14:55 - 2009-08-01 01:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-10-06 14:55 - 2009-07-16 12:30 - 00004675 _____ () C:\Windows\SysWOW64\wsmanconfig_schema.xml
2014-10-06 14:55 - 2009-07-16 12:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-10-06 14:55 - 2009-07-16 12:30 - 00002426 _____ () C:\Windows\SysWOW64\WsmTxt.xsl
2014-10-06 14:55 - 2009-07-16 12:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-10-06 14:54 - 2014-10-08 03:14 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-06 14:23 - 2014-10-08 03:14 - 00001837 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-06 14:23 - 2014-10-08 03:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-06 14:23 - 2014-10-08 03:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-06 12:46 - 2009-09-10 10:48 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-10-06 12:46 - 2009-09-10 10:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe
2014-10-06 12:45 - 2011-04-12 10:14 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-06 12:45 - 2011-04-12 09:56 - 00857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-06 12:45 - 2011-03-03 10:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-10-06 12:45 - 2011-03-03 09:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll
2014-10-06 12:45 - 2011-03-03 08:25 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-10-06 12:45 - 2011-03-03 08:01 - 04240384 _____ (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2014-10-06 12:45 - 2010-01-25 08:03 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-06 12:45 - 2010-01-25 08:03 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-06 12:45 - 2010-01-25 08:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-06 12:45 - 2010-01-25 08:02 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-06 12:45 - 2010-01-25 08:00 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-06 12:45 - 2010-01-25 07:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-10-06 12:45 - 2010-01-25 07:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-10-06 12:45 - 2010-01-25 07:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-10-06 12:45 - 2010-01-25 07:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-10-06 12:45 - 2010-01-25 07:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-10-06 12:45 - 2010-01-25 03:37 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-06 12:45 - 2010-01-25 03:37 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-06 12:45 - 2010-01-25 03:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-06 12:45 - 2010-01-25 03:37 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-06 12:45 - 2010-01-25 03:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-10-06 12:45 - 2010-01-25 03:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-10-06 12:45 - 2010-01-25 03:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-10-06 12:45 - 2010-01-25 03:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-10-06 12:45 - 2009-10-23 13:10 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-06 12:45 - 2009-10-23 12:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-10-06 12:44 - 2008-10-21 23:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-10-06 12:44 - 2008-10-21 22:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-10-06 12:44 - 2008-10-21 00:49 - 01691648 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-10-06 12:44 - 2008-10-21 00:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\connect.dll
2014-10-06 12:40 - 2008-09-17 23:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-10-06 12:40 - 2008-09-17 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-10-06 12:40 - 2008-09-17 23:47 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-10-06 12:40 - 2008-08-27 23:02 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-06 12:40 - 2008-08-27 23:02 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-10-06 12:40 - 2008-08-27 23:02 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-06 12:40 - 2008-08-27 22:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-06 12:40 - 2008-08-27 22:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-10-06 12:40 - 2008-08-27 22:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-10-05 16:04 - 2014-10-05 16:04 - 00000000 ____D () C:\Windows\pss
2014-10-03 17:14 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-03 17:14 - 2014-10-03 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-02 14:18 - 2014-10-28 10:22 - 00000000 ____D () C:\Users\Mommy\Cosmetology Info and Howtos
2014-10-02 03:08 - 2014-10-02 03:09 - 00448672 _____ () C:\Windows\dd_vcredistMSI118B.txt
2014-10-02 03:08 - 2014-10-02 03:09 - 00011590 _____ () C:\Windows\dd_vcredistUI118B.txt
2014-10-01 12:48 - 2014-10-01 12:48 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Template
2014-10-01 12:48 - 2014-10-01 12:48 - 00000000 _____ () C:\Users\Mommy\AppData\Roaming\wklnhst.dat
2014-10-01 09:28 - 2014-10-01 09:28 - 00000000 __SHD () C:\found.003
2014-09-30 11:12 - 2014-09-30 11:13 - 00000000 ____D () C:\Users\Mommy\Cosmetology Licensing
2014-09-30 11:12 - 2014-09-30 11:12 - 00000000 ____D () C:\Users\Mommy\Grand Am
2014-09-30 11:11 - 2014-10-02 14:31 - 00000000 ____D () C:\Users\Mommy\Kids - School

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:53 - 2013-07-14 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-30 09:41 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 09:41 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 09:06 - 2013-05-14 19:20 - 00000000 ____D () C:\Users\Mommy
2014-10-30 08:30 - 2006-11-02 07:46 - 00005722 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 07:06 - 2013-05-12 15:43 - 01289093 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 19:00 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 18:54 - 2008-01-20 22:26 - 00163866 _____ () C:\Windows\PFRO.log
2014-10-29 18:53 - 2006-11-02 10:42 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 17:08 - 2008-08-20 14:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-29 13:06 - 2013-07-14 20:17 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-29 11:15 - 2006-11-02 10:22 - 00000000 ____D () C:\Windows\Setup
2014-10-29 11:14 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\MSAgent
2014-10-27 10:26 - 2013-05-14 19:46 - 00000985 _____ () C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-27 09:55 - 2006-11-02 08:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-27 09:53 - 2014-09-25 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-26 19:05 - 2013-05-17 09:26 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\BitTorrent
2014-10-26 15:52 - 2008-08-20 14:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 15:50 - 2006-11-02 10:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-26 15:45 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-26 15:42 - 2013-05-17 09:46 - 00000000 ____D () C:\Users\Mommy\Downloads\The Sims - Makin Magic + Serial & No CD Fix
2014-10-26 15:37 - 2013-05-14 20:00 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Mozilla
2014-10-25 19:52 - 2013-05-12 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-25 19:49 - 2006-11-02 07:34 - 00000219 _____ () C:\Windows\win.ini
2014-10-25 19:27 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-10-25 17:29 - 2014-09-25 15:53 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-10-25 17:20 - 2013-05-16 22:53 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Google
2014-10-25 16:09 - 2013-05-14 19:46 - 00115376 _____ () C:\Users\Mommy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 16:07 - 2006-11-02 10:21 - 00405232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 15:58 - 2006-11-02 10:07 - 00000000 ____D () C:\Windows\ShellNew
2014-10-25 15:42 - 2013-05-12 15:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-25 15:41 - 2006-11-02 10:07 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-10-25 15:38 - 2013-05-12 15:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-25 15:28 - 2013-05-12 15:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-16 11:36 - 2013-11-15 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 11:30 - 2006-11-02 07:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-07 14:59 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-07 14:58 - 2006-11-02 08:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 09:53 - 2013-05-12 16:34 - 00062296 _____ () C:\Windows\DirectX.log
2014-10-06 16:12 - 2006-11-02 10:27 - 00031248 _____ () C:\Windows\setupact.log
2014-10-02 03:07 - 2013-05-12 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-10-02 03:07 - 2013-05-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-10-02 03:07 - 2013-05-12 15:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-09-30 12:14 - 2013-11-28 17:30 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate
2014-09-30 11:06 - 2013-05-12 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Mommy\AppData\Local\Temp\bitool.dll
C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe
C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe
C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-30 07:11

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Mommy at 2014-10-30 10:35:01
Running from C:\Users\Mommy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Adobe Reader 8.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{3C2673D2-8248-EDDC-B759-1D1D53C6709A}) (Version: 3.0.634.0 - ATI Technologies, Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (HKLM-x32\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (x32 Version: 2007.0815.2326.40058 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM-x32\...\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}) (Version: 3.01.01 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D7400 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
D7400_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart Printer Driver Software 10.0.02 (HKLM\...\{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}) (Version: 10.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iBackupBot 5.2.2 (HKLM-x32\...\iBackupBot) (Version: 5.2.2 - VOWSoft, Ltd.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
LogMeIn Rescue Technician Console  (HKLM-x32\...\{7BE9A43E-A5E7-42F7-BFCE-D6F51B1D192C}) (Version: 7.5.2353 - LogMeIn, Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{B31017AA-FBF8-4003-8785-EC789C2AE0C2}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSSUB) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PS_SF_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_SF_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skins (x32 Version: 2007.0815.2326.40058 - ATI) Hidden
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TOSHIBA Application Disc Creator (HKLM\...\{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.03 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM-x32\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.2.64 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM-x32\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.87 (SM2187ALS04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.24.64 - TOSHIBA Corporation)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-10-2014 14:06:28 Scheduled Checkpoint
26-10-2014 14:06:48 Windows Update
26-10-2014 15:38:05 Windows Update
26-10-2014 18:14:59 Windows Update
26-10-2014 20:50:18 Removed The Sims Makin' Magic
26-10-2014 23:56:59 Windows Update
27-10-2014 00:05:13 Removed Bonjour
27-10-2014 14:51:47 Windows Update
27-10-2014 15:55:36 Windows Update
28-10-2014 23:37:40 Scheduled Checkpoint
29-10-2014 01:59:42 Windows Update
29-10-2014 17:45:48 Scheduled Checkpoint
30-10-2014 12:31:17 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2014-10-26 17:01 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4502B967-E2C4-4B7C-B39F-6A1795AC74DC} - \GPUP No Task File <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7B780ADF-1701-4186-890E-363E718A36E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8690B0BB-FB9D-42B1-A455-585A42D7726A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {A3D304E1-D6E9-4069-8AF2-37EECBEC6BA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D86F9475-BFA0-4146-9544-ECBB256FD362} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-28] (Jelbrus)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-12 16:02 - 2007-07-28 00:26 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-08-20 14:07 - 2007-12-07 18:48 - 00071168 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\cmdpst.dll
2014-09-25 15:08 - 2014-09-25 15:08 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-02 17:20 - 2013-07-02 17:20 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SmartFaceVWatchSrv => 3
MSCONFIG\Services: TMachInfo => 2
MSCONFIG\Services: TNaviSrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA SMART Log Service => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: OfficeSubscriptionAgent => "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RAVCpl64.exe
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WPCUMI => C:\Windows\system32\WpcUmi.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2668706330-732816361-1631804343-500 - Administrator - Disabled)
Christian (S-1-5-21-2668706330-732816361-1631804343-1003 - Administrator - Enabled) => C:\Users\Christian
Guest (S-1-5-21-2668706330-732816361-1631804343-501 - Limited - Disabled)
Mommy (S-1-5-21-2668706330-732816361-1631804343-1002 - Administrator - Enabled) => C:\Users\Mommy
Ozaiis (S-1-5-21-2668706330-732816361-1631804343-1000 - Limited - Enabled) => C:\Users\Ozaiis

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (10/29/2014 07:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 06:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 06:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b,
process id 0x10b4, application start time 0xplugin-container.exe0.

Error: (10/29/2014 06:45:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/29/2014 06:01:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/29/2014 04:54:03 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog


System errors:
=============
Error: (10/30/2014 10:02:06 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom3, is not ready for access yet.

Error: (10/30/2014 10:02:05 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom3, is not ready for access yet.

Error: (10/30/2014 09:47:32 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom3, is not ready for access yet.

Error: (10/30/2014 09:32:34 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom3, is not ready for access yet.

Error: (10/30/2014 08:49:05 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/30/2014 08:49:01 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/30/2014 08:29:32 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'TSSTcrp CTDVDW TS=L632H0 ATA Device' (IDE\CdRomTSSTcrp_CTDVDW_TS=L632H0_______________T_01____\5&2758e738&0&0.0.0) disappeared from the system without first being prepared for removal.

Error: (10/30/2014 08:29:18 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom2, is not ready for access yet.

Error: (10/30/2014 08:27:14 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom2, is not ready for access yet.

Error: (10/30/2014 08:27:12 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom2, is not ready for access yet.


Microsoft Office Sessions:
=========================
Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (10/30/2014 08:30:48 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (10/30/2014 07:00:21 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (10/29/2014 07:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 06:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 06:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b10b401cff3d27589c2b0

Error: (10/29/2014 06:45:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/29/2014 06:01:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/29/2014 04:54:03 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context:  Application, SystemIndex Catalog


CodeIntegrity Errors:
===================================
  Date: 2014-10-30 10:34:50.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:49.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:49.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:49.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:49.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:48.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:48.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:48.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:10.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-30 10:34:09.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion 64 X2 Mobile Technology TL-60
Percentage of memory in use: 56%
Total physical RAM: 3964.7 MB
Available physical RAM: 1740.34 MB
Total Pagefile: 8151.93 MB
Available Pagefile: 6127.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SQ004823V02) (Fixed) (Total:231.42 GB) (Free:112.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (THESIMSEP7) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: CA519DD9)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

1. Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Thank you!!  I am downloading RougeKiller now.

Here is my Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/31/2014
Scan Time: 8:06:20 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.31.05
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: Mommy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407155
Time Elapsed: 44 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mommy [Administrator]
Mode : Scan -- Date : 10/31/2014  09:11:40

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 31 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} | DhcpNameServer : 10.0.1.254 [(Private Address) (XX)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2668706330-732816361-1631804343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++
--- User ---
[MBR] 9c99d8f1a4317f558e37fc2f636b7225
[bSP] 26c558306341bd593ee8eea47af089f4 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 MB
User = LL1 ... OK
User = LL2 ... OK


Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ============================

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan (Malwarebytes)

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Mommy at 2014-10-31 11:20:56 Run:1
Running from C:\Users\Mommy\Downloads
Loaded Profiles: Ozaiis & Mommy (Available profiles: Ozaiis & Mommy & Christian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...1I7TSHB_enUS536
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
C:\Users\Mommy\AppData\Local\Temp\bitool.dll
C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe
C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe
C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe
Task: {4502B967-E2C4-4B7C-B39F-6A1795AC74DC} - \GPUP No Task File <==== ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2668706330-732816361-1631804343-1000\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully.
"HKCR\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully.
C:\Users\Mommy\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe => Moved successfully.
C:\Users\Mommy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mommy\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe => Moved successfully.
C:\Users\Ozaiis\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4502B967-E2C4-4B7C-B39F-6A1795AC74DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4502B967-E2C4-4B7C-B39F-6A1795AC74DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.311 - Report created 31/10/2014 at 11:54:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 1 (64 bits)
# Username : Mommy - OZAIIS-PC
# Running from : C:\Users\Mommy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Mommy\AppData\Roaming\dvdvideosoftiehelpers
[!] Folder Deleted : C:\Users\Mommy\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Mommy\AppData\Roaming\Mozilla\Firefox\Profiles\7ly00fpp.default-1414676892928\prefs.js ]


[ File : C:\Users\Ozaiis\AppData\Roaming\Mozilla\Firefox\Profiles\3rnnikgc.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3055 octets] - [31/10/2014 11:37:16]
AdwCleaner[s0].txt - [2842 octets] - [31/10/2014 11:54:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2902 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/31/2014
Scan Time: 12:27:13 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.31.09
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: Mommy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407176
Time Elapsed: 26 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

I am still seeing the ads and having progressively slower browsing.

Link to post
Share on other sites

OK...Next:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

TDSSKiller log 1:

 

13:45:15.0946 0x0974  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:45:22.0265 0x0974  ============================================================
13:45:22.0266 0x0974  Current date / time: 2014/10/31 13:45:22.0265
13:45:22.0266 0x0974  SystemInfo:
13:45:22.0266 0x0974  
13:45:22.0266 0x0974  OS Version: 6.0.6001 ServicePack: 1.0
13:45:22.0266 0x0974  Product type: Workstation
13:45:22.0266 0x0974  ComputerName: OZAIIS-PC
13:45:22.0266 0x0974  UserName: Mommy
13:45:22.0266 0x0974  Windows directory: C:\Windows
13:45:22.0266 0x0974  System windows directory: C:\Windows
13:45:22.0266 0x0974  Running under WOW64
13:45:22.0266 0x0974  Processor architecture: Intel x64
13:45:22.0266 0x0974  Number of processors: 2
13:45:22.0266 0x0974  Page size: 0x1000
13:45:22.0266 0x0974  Boot type: Normal boot
13:45:22.0266 0x0974  ============================================================
13:45:24.0840 0x0974  KLMD registered as C:\Windows\system32\drivers\65372705.sys
13:45:25.0525 0x0974  System UUID: {199011B3-ED27-BBB5-AC64-12B29D011795}
13:45:26.0616 0x0974  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:45:26.0621 0x0974  ============================================================
13:45:26.0621 0x0974  \Device\Harddisk0\DR0:
13:45:26.0622 0x0974  MBR partitions:
13:45:26.0622 0x0974  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
13:45:26.0622 0x0974  ============================================================
13:45:26.0659 0x0974  C: <-> \Device\Harddisk0\DR0\Partition1
13:45:26.0659 0x0974  ============================================================
13:45:26.0659 0x0974  Initialize success
13:45:26.0659 0x0974  ============================================================
13:46:02.0981 0x0664  KLMD registered as C:\Windows\system32\drivers\64137810.sys
13:46:04.0798 0x0664  Deinitialize success
 

Link to post
Share on other sites

I'm back.  Things got a little crazy around here.  My husband did some things on the computer and it seemed fine for a few days but the ads are back with a vengeance today. 

 

I ran another scan with Malwarebytes, here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/7/2014
Scan Time: 8:03:20 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: Mommy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421064
Time Elapsed: 41 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.TehSnab, C:\$RECYCLE.BIN\S-1-5-21-2668706330-732816361-1631804343-1002\$RPLIA13.exe, Quarantined, [856afd3b1e5ec472fb91f83a2bda847c],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I noticed you didn't run Junk Removal Tool:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Then........

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

FAQ

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unsafe applications is checked

Click Advanced settings and select the following:

ceba8c51-8f88-44b9-ad41-5f07ba8351b1.png

Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows Vista Home Premium x64
Ran by Mommy on Sat 11/08/2014 at 10:41:27.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Mommy\AppData\Roaming\mozilla\firefox\profiles\7ly00fpp.default-1414676892928\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/08/2014 at 10:53:33.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Link to post
Share on other sites

ESET log

 

C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\bitool.dll.xBAD    Win32/Somoto.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe.xBAD    a variant of Win32/InstallCore.BQ potentially unwanted application
C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\optprosetup.exe.xBAD    a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Mommy\AppData\Local\Temp\uttF06D.tmp.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\Mommy\Downloads\FreeYouTubeDownload.exe    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Mommy\Downloads\FreeYouTubeToMP3Converter.exe    a variant of Win32/OpenCandy.A potentially unsafe application
 

Link to post
Share on other sites

It has to be connected to a program you installed, usually free apps come bundled with this type of adware.

Can you tell me the date the ads started and can you remember what programs, apps or extensions you installed recently??

 

These ads happen in all of your browsers correct????

 

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.