Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Computer Infected w/ Adware Despite Using Removal Tools [Sol


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello TheRedQueen



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

Advertisements


#17
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Gringo, I bought another computer last night. A laptop, but that's ok. I was not able to even use this one last night for work, it was so slow. I had to do a system restore to the last point which was only a couple of days ago but it's better now. I appreciate your time, but I think I am going to lay this computer to rest. Thanks for your help.
  • 0

#18
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I did not even see this that you told me to run farbar. I am not sure if you want to continue given I bought another computer. I haven't gotten it yet and would like this one to work but not sure if you still want to work to fix it. Like I told you last night, after those two scans it was non-operational. I had to system restore it so I could finish my work. If that messed things up I'm sorry, but I'm a writer and all my files are on this stupid computer. I did do the scans you asked for here:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by User (administrator) on HP on 27-02-2014 19:17:25
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
( ) C:\Windows\system32\dlbucoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [dlbumon.exe] - C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbumon.exe [431600 2007-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [MemoryCardManager] - C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe [304624 2007-02-28] ()
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3895396991-2907312546-3781059850-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:51155;https=127.0.0.1:51155
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91B3EF07DF61CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3eysvra.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11111&tm=251&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Extension: AboutBar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3eysvra.default\Extensions\[email protected] [2012-10-12]
FF Extension: Speed Test 127 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3eysvra.default\Extensions\[email protected] [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]

==================== Services (Whitelisted) =================

R2 dlbu_device; C:\Windows\system32\dlbucoms.exe [567280 2007-02-28] ( )
R2 dlbu_device; C:\Windows\SysWOW64\dlbucoms.exe [538096 2007-02-28] ( )
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 19:17 - 2014-02-27 19:17 - 00008459 _____ () C:\Users\User\Downloads\FRST.txt
2014-02-27 19:17 - 2014-02-27 19:17 - 00000000 ____D () C:\FRST
2014-02-27 19:16 - 2014-02-27 19:16 - 00001428 _____ () C:\Users\User\Desktop\FRST64 - Shortcut.lnk
2014-02-27 19:14 - 2014-02-27 19:14 - 02155520 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-02-26 23:18 - 2014-02-26 23:18 - 00001818 _____ () C:\Users\User\Desktop\RKreport[0]_D_02262014_231638 rouge report for gringo.txt
2014-02-26 23:14 - 2014-02-27 00:43 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-02-26 20:16 - 2014-02-26 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 20:12 - 2014-02-27 00:43 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-02-26 06:51 - 2014-02-26 06:51 - 00000000 ____D () C:\ProgramData\HP
2014-02-25 16:49 - 2014-02-25 16:49 - 00000000 ____D () C:\Users\User\Documents\Inogen One Editorial Calendars
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Users\User\Documents\Inogen One Invoices
2014-02-24 16:00 - 2014-02-24 16:00 - 00016092 _____ () C:\ComboFix.txt
2014-02-24 12:30 - 2014-02-24 12:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nuance
2014-02-24 12:23 - 2014-02-24 12:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-24 12:22 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-24 12:22 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-24 12:21 - 2014-02-24 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-24 12:20 - 2014-02-27 00:44 - 00000000 ____D () C:\Users\Guest
2014-02-24 12:20 - 2014-02-24 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-24 12:20 - 2012-07-11 17:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-02-24 12:20 - 2011-12-11 10:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-02-24 11:37 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Mozilla
2014-02-24 11:37 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Standard Account\AppData\Local\Mozilla
2014-02-24 11:33 - 2014-02-24 11:33 - 00109368 _____ () C:\Users\Standard Account\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 11:32 - 2014-02-24 11:32 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Nuance
2014-02-24 11:31 - 2014-02-24 11:31 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Adobe
2014-02-24 11:30 - 2014-02-24 11:30 - 00000000 ____D () C:\Users\Standard Account\AppData\Local\VirtualStore
2014-02-24 11:29 - 2014-02-27 00:44 - 00000000 ____D () C:\Users\Standard Account
2014-02-24 11:29 - 2012-07-11 17:25 - 00000000 ____D () C:\Users\Standard Account\AppData\Local\Microsoft Help
2014-02-24 11:29 - 2011-12-11 10:55 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Macromedia
2014-02-23 08:47 - 2014-02-23 08:47 - 01241834 _____ () C:\Users\User\Downloads\AdwCleaner(2).exe
2014-02-23 08:41 - 2014-02-23 08:40 - 00000865 _____ () C:\Users\User\Desktop\JRT.txt
2014-02-23 07:56 - 2014-02-23 07:56 - 01241834 _____ () C:\Users\User\Downloads\AdwCleaner(1).exe
2014-02-23 07:53 - 2014-02-23 07:53 - 00003939 _____ () C:\Users\User\Documents\geeks to go step one.txt
2014-02-22 13:07 - 2014-02-22 13:07 - 00085835 _____ () C:\Users\User\Documents\MLS Landscape Mariposa Comps.xps
2014-02-22 12:59 - 2014-02-22 12:59 - 00148953 _____ () C:\Users\User\Documents\MLS Mariposa Comps.xps
2014-02-22 12:57 - 2014-02-22 12:57 - 00148955 _____ () C:\Users\User\Documents\MLS comparables Mariposa 29 Palms.xps
2014-02-22 12:50 - 2014-02-22 12:51 - 00148958 _____ () C:\Users\User\Documents\MLS comps Mariposa.xps
2014-02-22 08:17 - 2014-02-22 08:17 - 00008521 _____ () C:\Users\User\Downloads\DDS 2.txt
2014-02-22 08:16 - 2014-02-22 08:16 - 00015500 _____ () C:\Users\User\Downloads\DDS 1.txt
2014-02-22 08:10 - 2014-02-22 08:10 - 00015500 _____ () C:\Users\User\Desktop\dds.txt
2014-02-22 08:10 - 2014-02-22 08:10 - 00008521 _____ () C:\Users\User\Desktop\attach.txt
2014-02-22 08:08 - 2014-02-22 08:08 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr
2014-02-22 08:08 - 2014-02-22 08:08 - 00071352 _____ () C:\Users\User\Desktop\OTL.Txt
2014-02-22 07:42 - 2014-02-22 07:42 - 00072878 _____ () C:\Users\User\Downloads\Extras.Txt
2014-02-22 07:42 - 2014-02-22 07:42 - 00071352 _____ () C:\Users\User\Downloads\OTL.Txt
2014-02-22 07:33 - 2014-02-22 07:33 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-02-22 00:22 - 2014-02-22 00:22 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-02-21 19:14 - 2014-02-21 19:14 - 00000744 _____ () C:\Windows\Tasks\BrowserSafeguard Update Task.job
2014-02-21 19:12 - 2014-02-21 19:13 - 00559912 _____ (Fusion Install ) C:\Users\User\Downloads\update.exe
2014-02-21 16:31 - 2014-02-23 08:25 - 00001396 _____ () C:\Users\User\Desktop\JRT(2) - Shortcut.lnk
2014-02-21 16:30 - 2014-02-21 16:30 - 01037734 _____ (Thisisu) C:\Users\User\Downloads\JRT(2).exe
2014-02-20 12:31 - 2014-02-20 12:31 - 00000642 _____ () C:\Users\User\Documents\Tico Bus instructions.txt
2014-02-20 08:34 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-20 08:34 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-20 08:34 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-20 08:34 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-20 08:34 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-20 08:34 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-20 08:34 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-20 08:34 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-20 08:07 - 2014-02-27 00:42 - 00000000 ____D () C:\Qoobox
2014-02-20 08:06 - 2014-02-27 00:43 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 08:06 - 2014-02-20 08:06 - 05183886 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-02-18 11:30 - 2014-02-18 11:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-18 11:29 - 2014-02-18 11:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-18 11:29 - 2014-02-18 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 11:29 - 2014-02-18 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-18 11:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-18 11:28 - 2014-02-18 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 12:56 - 2014-02-25 16:43 - 00008643 _____ () C:\Users\User\Documents\February 2014 Invoice.xlsx
2014-02-17 11:21 - 2014-02-20 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 10:34 - 2014-02-17 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 10:29 - 2014-02-17 10:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Real
2014-02-17 10:29 - 2014-02-17 10:29 - 00000000 ____D () C:\Program Files (x86)\Real
2014-02-17 10:28 - 2014-02-17 10:31 - 00000000 ____D () C:\ProgramData\Real
2014-02-17 04:06 - 2014-02-20 08:30 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-17 04:04 - 2014-02-17 04:04 - 13670584 _____ (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2014-02-17 01:20 - 2014-02-17 01:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-13 19:13 - 2014-02-13 19:13 - 00021034 _____ () C:\Windows\system32\.crusader
2014-02-13 19:06 - 2014-02-13 19:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-13 19:05 - 2014-02-13 19:05 - 10820032 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2014-02-13 19:00 - 2014-02-13 19:00 - 03379320 _____ (http://www.maxuninstaller.com/ ) C:\Users\User\Downloads\MaxUninstaller_Setup.exe
2014-02-13 16:48 - 2014-02-23 08:47 - 00000000 ____D () C:\AdwCleaner
2014-02-13 16:48 - 2014-02-13 16:48 - 01166132 _____ () C:\Users\User\Downloads\adwcleaner.exe
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-02-13 16:41 - 2014-02-13 16:41 - 02184968 _____ (Reason Software Company Inc.) C:\Users\User\Downloads\ShouldIRemoveIt_Setup.exe
2014-02-13 03:02 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:02 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:01 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:01 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:01 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:01 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:01 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:01 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:01 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:01 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:01 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:01 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:01 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:01 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:01 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:01 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:01 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:01 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:01 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:01 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:01 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 09:38 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:38 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:38 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:38 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:38 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:38 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:38 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:38 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:38 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:38 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:38 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:38 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:38 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:38 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:38 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:38 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:38 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:38 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:38 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:38 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:38 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:38 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:38 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:38 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 07:46 - 2014-02-27 06:53 - 00001456 _____ () C:\Windows\setupact.log
2014-02-12 07:46 - 2014-02-12 07:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 07:45 - 2014-02-22 07:26 - 00022364 _____ () C:\Windows\PFRO.log
2014-02-09 12:10 - 2014-02-09 12:10 - 00000000 ____D () C:\Windows\system32\log
2014-02-09 12:09 - 2014-02-09 12:09 - 09613984 _____ () C:\Users\User\Downloads\yet_another_cleaner.exe
2014-02-08 18:42 - 2014-02-24 21:36 - 00012092 _____ () C:\Users\User\Documents\Inogen One February Editorial Calendar.xlsx
2014-02-07 07:09 - 2014-02-07 07:36 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-02-07 07:09 - 2014-02-07 07:09 - 03053496 ____N (Symantec Corporation) C:\Users\User\Downloads\NPE(2).exe
2014-02-07 07:09 - 2014-02-07 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 07:08 - 2014-02-07 07:08 - 03053496 _____ (Symantec Corporation) C:\Users\User\Downloads\NPE(1).exe
2014-02-07 07:06 - 2014-02-07 07:06 - 03053496 _____ (Symantec Corporation) C:\Users\User\Downloads\NPE.exe
2014-02-07 06:43 - 2014-02-07 06:44 - 00001797 _____ () C:\Users\User\Uninstall-VzInHomeAgentlog.log
2014-02-06 18:26 - 2014-02-06 18:26 - 00000000 ____D () C:\ProgramData\systemk
2014-02-06 18:25 - 2014-02-06 18:25 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-02-06 18:24 - 2014-02-06 18:24 - 05154304 _____ () C:\Users\User\Desktop\WindowsDefender.msi
2014-02-03 20:21 - 2014-02-03 20:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\User\Downloads\spybot-2.2.exe
2014-02-02 17:23 - 2014-02-02 17:23 - 01727624 _____ () C:\Users\User\Downloads\Adaware_Installer(1).exe

==================== One Month Modified Files and Folders =======

2014-02-27 19:17 - 2014-02-27 19:17 - 00008459 _____ () C:\Users\User\Downloads\FRST.txt
2014-02-27 19:17 - 2014-02-27 19:17 - 00000000 ____D () C:\FRST
2014-02-27 19:16 - 2014-02-27 19:16 - 00001428 _____ () C:\Users\User\Desktop\FRST64 - Shortcut.lnk
2014-02-27 19:14 - 2014-02-27 19:14 - 02155520 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-02-27 18:26 - 2012-06-29 23:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 11:31 - 2012-07-14 09:42 - 00003898 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B965FBB6-9AF8-4B7D-B175-5F59F02A24FF}
2014-02-27 07:01 - 2009-07-13 20:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 07:01 - 2009-07-13 20:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 06:57 - 2011-12-11 01:06 - 01276371 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 06:53 - 2014-02-12 07:46 - 00001456 _____ () C:\Windows\setupact.log
2014-02-27 06:53 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 00:44 - 2014-02-24 12:20 - 00000000 ____D () C:\Users\Guest
2014-02-27 00:44 - 2014-02-24 11:29 - 00000000 ____D () C:\Users\Standard Account
2014-02-27 00:43 - 2014-02-26 23:14 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-02-27 00:43 - 2014-02-26 20:12 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-02-27 00:43 - 2014-02-20 08:06 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 00:43 - 2013-08-22 08:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-27 00:43 - 2012-06-16 15:55 - 00000000 ____D () C:\Users\User\Documents\COPDquiz
2014-02-27 00:43 - 2012-06-16 15:53 - 00000000 ____D () C:\Users\User\Documents\quizzes
2014-02-27 00:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-27 00:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-27 00:42 - 2014-02-20 08:07 - 00000000 ____D () C:\Qoobox
2014-02-27 00:42 - 2012-07-09 14:55 - 00000000 ____D () C:\Users\User\Documents\RentaYenta
2014-02-26 23:18 - 2014-02-26 23:18 - 00001818 _____ () C:\Users\User\Desktop\RKreport[0]_D_02262014_231638 rouge report for gringo.txt
2014-02-26 22:51 - 2014-02-26 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 06:51 - 2014-02-26 06:51 - 00000000 ____D () C:\ProgramData\HP
2014-02-25 16:49 - 2014-02-25 16:49 - 00000000 ____D () C:\Users\User\Documents\Inogen One Editorial Calendars
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Users\User\Documents\Inogen One Invoices
2014-02-25 16:47 - 2012-06-16 15:53 - 00000000 ____D () C:\Users\User\Documents\Quiz Files About.com
2014-02-25 16:43 - 2014-02-17 12:56 - 00008643 _____ () C:\Users\User\Documents\February 2014 Invoice.xlsx
2014-02-24 21:36 - 2014-02-08 18:42 - 00012092 _____ () C:\Users\User\Documents\Inogen One February Editorial Calendar.xlsx
2014-02-24 16:00 - 2014-02-24 16:00 - 00016092 _____ () C:\ComboFix.txt
2014-02-24 15:41 - 2013-02-12 07:04 - 00040960 ___SH () C:\Users\User\Documents\Thumbs.db
2014-02-24 12:30 - 2014-02-24 12:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nuance
2014-02-24 12:23 - 2014-02-24 12:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-24 12:22 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-24 12:22 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-24 12:21 - 2014-02-24 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-24 12:20 - 2014-02-24 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-24 11:37 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Mozilla
2014-02-24 11:37 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Standard Account\AppData\Local\Mozilla
2014-02-24 11:33 - 2014-02-24 11:33 - 00109368 _____ () C:\Users\Standard Account\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 11:32 - 2014-02-24 11:32 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Nuance
2014-02-24 11:31 - 2014-02-24 11:31 - 00000000 ____D () C:\Users\Standard Account\AppData\Roaming\Adobe
2014-02-24 11:30 - 2014-02-24 11:30 - 00000000 ____D () C:\Users\Standard Account\AppData\Local\VirtualStore
2014-02-23 08:47 - 2014-02-23 08:47 - 01241834 _____ () C:\Users\User\Downloads\AdwCleaner(2).exe
2014-02-23 08:47 - 2014-02-13 16:48 - 00000000 ____D () C:\AdwCleaner
2014-02-23 08:40 - 2014-02-23 08:41 - 00000865 _____ () C:\Users\User\Desktop\JRT.txt
2014-02-23 08:25 - 2014-02-21 16:31 - 00001396 _____ () C:\Users\User\Desktop\JRT(2) - Shortcut.lnk
2014-02-23 07:56 - 2014-02-23 07:56 - 01241834 _____ () C:\Users\User\Downloads\AdwCleaner(1).exe
2014-02-23 07:53 - 2014-02-23 07:53 - 00003939 _____ () C:\Users\User\Documents\geeks to go step one.txt
2014-02-22 13:07 - 2014-02-22 13:07 - 00085835 _____ () C:\Users\User\Documents\MLS Landscape Mariposa Comps.xps
2014-02-22 12:59 - 2014-02-22 12:59 - 00148953 _____ () C:\Users\User\Documents\MLS Mariposa Comps.xps
2014-02-22 12:57 - 2014-02-22 12:57 - 00148955 _____ () C:\Users\User\Documents\MLS comparables Mariposa 29 Palms.xps
2014-02-22 12:51 - 2014-02-22 12:50 - 00148958 _____ () C:\Users\User\Documents\MLS comps Mariposa.xps
2014-02-22 08:17 - 2014-02-22 08:17 - 00008521 _____ () C:\Users\User\Downloads\DDS 2.txt
2014-02-22 08:16 - 2014-02-22 08:16 - 00015500 _____ () C:\Users\User\Downloads\DDS 1.txt
2014-02-22 08:10 - 2014-02-22 08:10 - 00015500 _____ () C:\Users\User\Desktop\dds.txt
2014-02-22 08:10 - 2014-02-22 08:10 - 00008521 _____ () C:\Users\User\Desktop\attach.txt
2014-02-22 08:08 - 2014-02-22 08:08 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr
2014-02-22 08:08 - 2014-02-22 08:08 - 00071352 _____ () C:\Users\User\Desktop\OTL.Txt
2014-02-22 07:42 - 2014-02-22 07:42 - 00072878 _____ () C:\Users\User\Downloads\Extras.Txt
2014-02-22 07:42 - 2014-02-22 07:42 - 00071352 _____ () C:\Users\User\Downloads\OTL.Txt
2014-02-22 07:33 - 2014-02-22 07:33 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-02-22 07:26 - 2014-02-12 07:45 - 00022364 _____ () C:\Windows\PFRO.log
2014-02-22 00:22 - 2014-02-22 00:22 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-02-21 19:23 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-21 19:14 - 2014-02-21 19:14 - 00000744 _____ () C:\Windows\Tasks\BrowserSafeguard Update Task.job
2014-02-21 19:13 - 2014-02-21 19:12 - 00559912 _____ (Fusion Install ) C:\Users\User\Downloads\update.exe
2014-02-21 16:30 - 2014-02-21 16:30 - 01037734 _____ (Thisisu) C:\Users\User\Downloads\JRT(2).exe
2014-02-20 16:26 - 2012-06-29 23:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 16:26 - 2012-06-29 23:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 16:26 - 2012-06-29 23:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 12:31 - 2014-02-20 12:31 - 00000642 _____ () C:\Users\User\Documents\Tico Bus instructions.txt
2014-02-20 08:45 - 2014-02-17 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 08:30 - 2014-02-17 04:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-20 08:06 - 2014-02-20 08:06 - 05183886 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-02-18 11:30 - 2014-02-18 11:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-18 11:29 - 2014-02-18 11:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-18 11:29 - 2014-02-18 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 11:29 - 2014-02-18 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-18 11:29 - 2014-02-18 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 11:17 - 2013-11-27 15:18 - 00000000 ____D () C:\Windows\pss
2014-02-17 12:58 - 2012-06-29 22:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 10:34 - 2014-02-17 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 10:31 - 2014-02-17 10:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Real
2014-02-17 10:31 - 2014-02-17 10:28 - 00000000 ____D () C:\ProgramData\Real
2014-02-17 10:29 - 2014-02-17 10:29 - 00000000 ____D () C:\Program Files (x86)\Real
2014-02-17 09:57 - 2013-08-22 07:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 09:54 - 2011-12-11 08:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 09:47 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 04:04 - 2014-02-17 04:04 - 13670584 _____ (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2014-02-17 01:20 - 2014-02-17 01:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-17 01:20 - 2013-10-27 12:14 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-13 19:14 - 2014-02-13 19:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-13 19:13 - 2014-02-13 19:13 - 00021034 _____ () C:\Windows\system32\.crusader
2014-02-13 19:13 - 2011-12-11 08:25 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-13 19:05 - 2014-02-13 19:05 - 10820032 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2014-02-13 19:00 - 2014-02-13 19:00 - 03379320 _____ (http://www.maxuninstaller.com/ ) C:\Users\User\Downloads\MaxUninstaller_Setup.exe
2014-02-13 16:48 - 2014-02-13 16:48 - 01166132 _____ () C:\Users\User\Downloads\adwcleaner.exe
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-02-13 16:41 - 2014-02-13 16:41 - 02184968 _____ (Reason Software Company Inc.) C:\Users\User\Downloads\ShouldIRemoveIt_Setup.exe
2014-02-13 04:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:05 - 2013-09-20 11:26 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 07:46 - 2014-02-12 07:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 16:35 - 2013-06-14 06:15 - 00000000 ____D () C:\Program Files (x86)\Tenorshare iPhone 5 Data Recovery
2014-02-09 16:34 - 2013-09-20 11:29 - 00000000 ____D () C:\Program Files\Creative
2014-02-09 16:33 - 2012-10-24 11:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 16:32 - 2012-06-16 16:32 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-02-09 16:30 - 2013-05-18 13:20 - 00000260 _____ () C:\Windows\SysWOW64\cmdVBS.vbs
2014-02-09 16:30 - 2013-05-18 13:20 - 00000256 _____ () C:\Windows\SysWOW64\MSIevent.bat
2014-02-09 16:16 - 2013-09-09 07:05 - 00000000 ____D () C:\Windows\Minidump
2014-02-09 12:10 - 2014-02-09 12:10 - 00000000 ____D () C:\Windows\system32\log
2014-02-09 12:09 - 2014-02-09 12:09 - 09613984 _____ () C:\Users\User\Downloads\yet_another_cleaner.exe
2014-02-07 19:26 - 2014-01-03 08:24 - 00011927 _____ () C:\Users\User\Documents\Inogen One January 2014 Editorial Calendar.xlsx
2014-02-07 19:23 - 2014-01-22 10:49 - 00011924 _____ () C:\Users\User\Documents\Inogen One January 2014 Invoice.xlsx
2014-02-07 07:36 - 2014-02-07 07:09 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-02-07 07:09 - 2014-02-07 07:09 - 03053496 ____N (Symantec Corporation) C:\Users\User\Downloads\NPE(2).exe
2014-02-07 07:09 - 2014-02-07 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 07:08 - 2014-02-07 07:08 - 03053496 _____ (Symantec Corporation) C:\Users\User\Downloads\NPE(1).exe
2014-02-07 07:06 - 2014-02-07 07:06 - 03053496 _____ (Symantec Corporation) C:\Users\User\Downloads\NPE.exe
2014-02-07 06:44 - 2014-02-07 06:43 - 00001797 _____ () C:\Users\User\Uninstall-VzInHomeAgentlog.log
2014-02-07 06:44 - 2013-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\Verizon
2014-02-07 06:43 - 2013-06-14 06:10 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-02-06 18:38 - 2013-10-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-06 18:26 - 2014-02-06 18:26 - 00000000 ____D () C:\ProgramData\systemk
2014-02-06 18:25 - 2014-02-06 18:25 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-02-06 18:24 - 2014-02-06 18:24 - 05154304 _____ () C:\Users\User\Desktop\WindowsDefender.msi
2014-02-06 04:16 - 2014-02-13 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-13 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-13 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-13 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-13 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-13 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-13 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-13 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-13 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-13 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-13 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-13 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-13 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-13 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-13 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-13 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-13 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-13 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-13 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-13 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-13 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-13 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-13 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-13 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-13 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-13 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-13 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-13 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-13 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-13 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-13 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-13 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-13 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-13 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-13 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-13 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 20:28 - 2014-02-03 20:21 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\User\Downloads\spybot-2.2.exe
2014-02-02 17:23 - 2014-02-02 17:23 - 01727624 _____ () C:\Users\User\Downloads\Adaware_Installer(1).exe
2014-02-01 09:39 - 2013-09-20 11:27 - 00001515 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 16:38

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by User at 2014-02-27 19:18:19
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION
Canon Utilities Digital Photo Professional 1.0 (HKLM-x32\...\InstallShield_{F011B8F1-BCCD-4E73-84F8-CB2F2D258755}) (Version: 1.0 - Canon)
Canon Utilities Digital Photo Professional 1.0 (x32 Version: 1.0 - Canon) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.31.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Photo AIO Printer 942 (HKLM\...\Dell Photo AIO Printer 942) (Version: - Dell, Inc.)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)
HP LaserJet 200 color M251 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.12 - HP) Hidden
HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )

==================== Restore Points =========================

24-02-2014 03:00:04 Windows Backup
25-02-2014 23:17:35 Windows Update
27-02-2014 08:38:42 Restore Operation
27-02-2014 08:49:43 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2014-02-20 08:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04ED014E-92D3-4BA8-8CCE-571C306B186F} - System32\Tasks\{734637E5-8F5D-4658-BB5E-E017A514210E} => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
Task: {0E568BE8-DE99-49F2-AE97-B17D0B883315} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1F3E3124-7C81-40E3-A2EB-50D5D852956D} - \BackgroundContainer Startup Task No Task File
Task: {2A2CD733-3089-40D4-A1D8-8B2D9E911009} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {2FF55151-4B07-47E6-A567-6114966A0D42} - System32\Tasks\{2A77995B-A154-497A-BB95-55CB23D0F252} => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
Task: {4F129D43-2A2C-4E02-8999-7D62A851600B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {56F5B6A4-D7F3-4D4D-85C6-2C6229D9EB03} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {586DDE0D-F094-4E87-9B9C-0A4C2AFDFD73} - System32\Tasks\{BF3C3E87-D5F1-4035-81DF-DCC1387CA317} => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
Task: {B51E179F-1CD6-496C-8043-14024547DF86} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B646CDB4-1A58-4456-9354-66ED52945E98} - System32\Tasks\{7DB5C124-92B7-4FC0-A515-DCB13ABD84DA} => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
Task: {B6DAC72F-357A-46F5-814D-8B51E512BA3C} - System32\Tasks\{CE01B154-3DBF-47C7-89FC-6D54A6484888} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe [2014-01-03] (Nuance Communications, Inc.)
Task: {C888DA84-22A5-425C-A281-5EF589EFCB58} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D2D101B9-4999-481D-81F6-B47113DAB3DF} - System32\Tasks\{39CB346E-A17C-45DF-BCE0-238356FD7195} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe [2014-01-03] (Nuance Communications, Inc.)
Task: {D5E0DA6F-920E-4465-B1EA-35FA542731C1} - System32\Tasks\{C54D177D-11AC-4B94-BBAE-40D54C718924} => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BrowserSafeguard Update Task.job => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-06-16 16:09 - 2011-02-17 18:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2012-06-16 16:17 - 2007-02-28 17:37 - 00304624 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-16 16:17 - 2007-01-22 01:19 - 00069632 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUcfg.dll
2012-06-16 16:17 - 2005-09-20 06:40 - 00122880 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUdrec.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\Users\User\Documents\Columnist for Shape Magazine.eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Documents\Medical Ghost Writer Wanted (New Jersey).eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Documents\Re_ position availability Web Content Writer.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Search Protection => C:\ProgramData\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2014 08:11:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/26/2014 07:38:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2014 00:31:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/24/2014 11:03:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/23/2014 09:15:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/26/2014 08:31:43 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:31:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:27:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:27:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:27:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:26:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:26:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/26/2014 08:26:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-20 08:44:09.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-20 08:44:09.168
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 2039.43 MB
Available physical RAM: 1120.52 MB
Total Pagefile: 6135.43 MB
Available Pagefile: 4765.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:19.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 68647E8D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello TheRedQueen

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

#20
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, but what will happen to all my files saved on my harddrive? Like my word files? And will this delete all my programs and drivers that have been installed? I'm a writer and all my files are saved on this computer. Maybe I should wait to do it until I get my new computer on Monday. I would hate to have something happen. What do you think?
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
That will only reset firefox and not the computer


gringo
  • 0

#22
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok I will do today
  • 0

#23
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi,
I reset FF. I have not been on it today to see how it's going, but I am starting now to use it so will let you know. Thanks a lot.
  • 0

#24
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well, I've been using it for the last couple hours and no popups. I guess this concludes everything. Once again, thank you for your time.
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello TheRedQueen

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements


#26
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here you go:

2007 Microsoft Office Suite Service Pack 3 (SP3)
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader XI (11.0.06)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
BrowserSafeguard with RocketTab
Canon Utilities Digital Photo Professional 1.0
Canon Utilities Digital Photo Professional 3.11
Canon Utilities WFT Utility
Connect
D3DX10
Dragon NaturallySpeaking 12
HP LaserJet 200 color M251
HP LaserJet 200 color M251 HP Device Toolbox
HP Product FWUpdater
HP Unified IO
HP Update
hpbDSService
hpbM251DSService
HPDXP
HPLaserJet200color-M251_HelpLearnCenter_SI
HPLJDXPHelper
HPLJUTCore
HPLJUTM251
hppLaserJetService
hppM251LaserJetService
hpStatusAlerts
hpStatusAlertsM251
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
kuler
LJDXPHelperUI
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PDF Settings CS4
Photoshop Camera Raw
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

Can you tell me why my computer was so stubborn in removing these things? What can I do in the future to prevent this from happening?

Edited by TheRedQueen, 02 March 2014 - 09:41 AM.

  • 0

#27
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 7 Update 45
[/list]


Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#28
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Since we did the reverting back to firefox or whatever it's called, I have not had any popups. But, now after I did what you just asked me to do, my computer is very slow again.

Also, I guess my trial is over tomorrow for Malware bytes. I am not going pay to purchase it so whatever else you recommend, let me know.

Here are the last things you asked for:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
User :: HP [administrator]

Protection: Enabled

3/2/2014 6:11:03 PM
mbam-log-2014-03-02 (18-11-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264116
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Downloads\update.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:01 PM, on 3/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\User\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51155;https=127.0.0.1:51155
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...30321/CTPID.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: dlbu_device - - C:\Windows\system32\dlbucoms.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8826 bytes

Edited by TheRedQueen, 02 March 2014 - 08:47 PM.

  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#30
TheRedQueen

TheRedQueen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, for whatever reason, IE would not allow me to open my Google mail. I had to download IE 11 but it still wouldn't let me open my gmail.

At any rate, here is the report from the Eset scan:

C:\$RECYCLE.BIN\S-1-5-21-3895396991-2907312546-3781059850-1000\$RBYJ86H.exe a variant of Win32/ELEX.Q potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\del_DM_DLL_nsv1CBB.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\del_DM_LL_nsv1CBB.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\del_mg_nsv1CBB.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\systemk.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\systemku.exe a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\del_DM_LL_nsv1CBB.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\User\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\User\Downloads\WinZip165.exe a variant of Win32/OpenInstall potentially unwanted application

Edited by TheRedQueen, 03 March 2014 - 01:46 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP