Jump to content

lindal

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, I am. I have some days off starting tomorrow and can get back to you then. Thanks for leaving me on here.
  2. Please dont close this topic. Just been too busy to sit at my computer.
  3. Do I need to disable Malwarebytes Antimalware?
  4. Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.210000 GHz Memory total: 937177088, free: 167895040 Downloaded database version: v2014.04.15.06 Downloaded database version: v2014.03.27.01 ======================================= There is no mbar log. Should I run mbar.exe again?
  5. Malwarebytes will no longer open and the icon has disappeared from the start up bar. I have tried to run as an administrator and opening from the start Menu. Nothing will open it.
  6. # AdwCleaner v3.022 - Report created 29/03/2014 at 09:24:44 # Updated 13/03/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : LindaL - LINDA-PC # Running from : C:\Users\LindaL\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : APNMCP Service Found : FromDocToPDF_65Service ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\user.js File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Windows\System32\Tasks\BitGuard File Found : C:\Windows\System32\Tasks\Browser Manager Folder Found C:\Program Files\AskPartnerNetwork Folder Found C:\ProgramData\apn Folder Found C:\ProgramData\AskPartnerNetwork Folder Found C:\ProgramData\Babylon Folder Found C:\ProgramData\boost_interprocess ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AskPartnerNetwork Key Found : HKCU\Software\d57ded8b168ea17 Key Found : HKCU\Software\filescout Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\AskPartnerNetwork Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\d57ded8b168ea17 Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D902D79-4E67-4F1E-A3C9-93A54A74A262} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FDC4D3-0768-4BD0-9014-94EF13D84288} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Key Found : HKLM\Software\Playbryte Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}] ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Mozilla Firefox v26.0 (en-US) -\\ Google Chrome v33.0.1750.154 ************************* AdwCleaner[R0].txt - [10504 octets] - [29/03/2014 09:24:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10565 octets] ##########
  7. # AdwCleaner v3.023 - Report created 10/04/2014 at 19:02:11 # Updated 01/04/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : LindaL - LINDA-PC # Running from : C:\Users\LindaL\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Program Files\Mozilla Firefox\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Mozilla Firefox v28.0 (en-US) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by LindaL (administrator) on LINDA-PC on 29-03-2014 09:16:49 Running from C:\Users\LindaL\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company) HKLM\...\Run: [(default)] - [X] HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop SearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06930^us&si=CLmrktWH7LkCFQFk7AodQh4A4A&ptb=30FA59BF-A543-4ECF-936C-B4E63B46EB37&ind=2013092713&n=77fd5b69&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms} SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms} SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.) BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34 FireFox: ======== FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default FF Homepage: google.com FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29] FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File CHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File CHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22] CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22] CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25] ========================== Services (Whitelisted) ================= S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 19:15 - 2014-03-28 19:16 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt 2014-03-28 19:13 - 2014-03-29 09:16 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt 2014-03-28 19:12 - 2014-03-29 09:16 - 00000000 ____D () C:\FRST 2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe 2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt 2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt 2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine 2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe 2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod 2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes 2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime ==================== One Month Modified Files and Folders ======= 2014-03-29 09:17 - 2014-03-28 19:13 - 00018436 _____ () C:\Users\LindaL\Downloads\FRST.txt 2014-03-29 09:16 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST 2014-03-29 09:10 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-29 09:10 - 2006-11-02 07:52 - 01779765 _____ () C:\Windows\WindowsUpdate.log 2014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-29 07:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-28 22:27 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-28 19:16 - 2014-03-28 19:15 - 00038260 _____ () C:\Users\LindaL\Downloads\Addition.txt 2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe 2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes 2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine 2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt 2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt 2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe 2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows 2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works 2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared 2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log 2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA 2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager 2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache 2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes 2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod 2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications Files to move or delete: ==================== C:\Users\LindaL.Linda-PC\couponprinter.exe C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exe C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe Some content of TEMP: ==================== C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exe C:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-29 01:56 ==================== End Of Log ============================ -\\ Google Chrome v33.0.1750.154 ************************* AdwCleaner[R0].txt - [10646 octets] - [29/03/2014 09:24:44] AdwCleaner[R1].txt - [898 octets] - [10/04/2014 18:56:21] AdwCleaner[s0].txt - [10917 octets] - [29/03/2014 09:29:13] AdwCleaner[s1].txt - [822 octets] - [10/04/2014 19:02:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [881 octets] ##########
  8. I am new at this so forgive me if I have responded incorrectly. Thank you for your help, Linda Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by LindaL (administrator) on LINDA-PC on 28-03-2014 19:13:44 Running from C:\Users\LindaL\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\LindaL\Local\Akamai\netsession_win.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company) HKLM\...\Run: [(default)] - [X] HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [browserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-18] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\Run: [Akamai NetSession Interface] - C:\Users\LindaL\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-2564070238-2279486731-854449523-1001\...\MountPoints2: {5db4233c-f939-11e1-946a-806e6f6e6963} - E:\setup.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop SearchScopes: HKLM - DefaultScope {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM - {19811DE0-5BB2-456B-BADA-195A8CC5FB5E} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 SearchScopes: HKLM - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06930^us&si=CLmrktWH7LkCFQFk7AodQh4A4A&ptb=30FA59BF-A543-4ECF-936C-B4E63B46EB37&ind=2013092713&n=77fd5b69&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE92F2AAF-A0C0-46C3-ACF8-660B2A41F81D&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {1142AE02-FE4A-450E-A8A0-D2B9C6924D6B} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {4B787802-306D-4ADE-92CB-E0E3D94BDBFA} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=12505de3-a827-4ef9-82c6-5f8ec0db5712&query={searchTerms} SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms} SearchScopes: HKCU - {99EC4466-79F5-4C5E-A2E5-D11A29B5E805} URL = SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) BHO: Aimersoft Video Converter Ultimate - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.) BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.) DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 69.170.120.194 216.114.44.34 FireFox: ======== FF ProfilePath: C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default FF Homepage: google.com FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Extension: PlayBryte - C:\Users\LindaL.Linda-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1colt6w.default\Extensions\playbryte@playbryte.com [2013-04-04] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF Extension: Coupons.com CouponBar - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29] FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File CHR Plugin: (Application Manager) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File CHR Plugin: (Wajam) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Search) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-22] CHR Extension: (Gmail) - C:\Users\LindaL.Linda-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-22] CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-08-25] ========================== Services (Whitelisted) ================= S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-26] (APN LLC.) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 MpKsl38bd2942; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB5B6D0-0C9C-4655-BF34-641BE02CEE57}\MpKsl38bd2942.sys [39464 2014-03-28] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S1 eclkjpxs; \??\C:\Windows\system32\drivers\eclkjpxs.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SABKUTIL; \??\C:\Users\LindaL\Desktop\SABKUTIL.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 19:13 - 2014-03-28 19:14 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt 2014-03-28 19:12 - 2014-03-28 19:13 - 00000000 ____D () C:\FRST 2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe 2014-03-28 15:47 - 2014-03-28 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 15:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 15:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 15:41 - 2014-03-28 15:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt 2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt 2014-03-28 14:12 - 2014-03-28 14:31 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine 2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe 2014-03-15 16:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-15 16:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-15 16:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-15 16:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-15 16:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-15 16:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-15 16:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-15 16:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-15 16:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-15 16:41 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-15 16:41 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-15 16:41 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-15 16:41 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-15 15:58 - 2014-02-07 05:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-15 15:58 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-15 15:58 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-15 15:57 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod 2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-05 08:28 - 2014-03-05 08:30 - 00000000 ____D () C:\Program Files\iTunes 2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime ==================== One Month Modified Files and Folders ======= 2014-03-28 19:14 - 2014-03-28 19:13 - 00018643 _____ () C:\Users\LindaL\Downloads\FRST.txt 2014-03-28 19:13 - 2014-03-28 19:12 - 00000000 ____D () C:\FRST 2014-03-28 19:11 - 2014-03-28 19:11 - 01145856 _____ (Farbar) C:\Users\LindaL\Downloads\FRST.exe 2014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-28 19:09 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-28 18:27 - 2012-09-15 18:24 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-28 17:29 - 2014-03-28 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 15:44 - 2014-03-28 15:44 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 15:44 - 2014-03-28 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\Users\LindaL.Linda-PC\AppData\Roaming\Malwarebytes 2014-03-28 15:44 - 2013-12-23 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 15:42 - 2014-03-28 15:41 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\LindaL\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 14:31 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\LindaL\Desktop\RK_Quarantine 2014-03-28 14:29 - 2014-03-28 14:29 - 00002896 _____ () C:\Users\LindaL\Desktop\RKreport[0]_D_03282014_142920.txt 2014-03-28 14:25 - 2014-03-28 14:25 - 00002997 _____ () C:\Users\LindaL\Desktop\RKreport[0]_S_03282014_142529.txt 2014-03-28 14:11 - 2014-03-28 14:11 - 03972608 _____ () C:\Users\LindaL\Downloads\RogueKiller.exe 2014-03-28 14:05 - 2006-11-02 07:52 - 01777578 _____ () C:\Windows\WindowsUpdate.log 2014-03-28 13:09 - 2012-09-15 18:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-28 13:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-27 17:33 - 2006-11-02 08:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-26 21:34 - 2012-09-09 20:19 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-03-26 21:32 - 2012-09-09 20:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-25 08:29 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-22 11:46 - 2012-09-07 16:05 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows 2014-03-22 11:42 - 2012-09-07 15:59 - 00000000 ____D () C:\Program Files\Microsoft Works 2014-03-22 11:35 - 2013-04-10 21:18 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared 2014-03-21 22:24 - 2014-01-07 23:09 - 00009872 _____ () C:\Windows\PFRO.log 2014-03-21 22:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA 2014-03-21 22:14 - 2013-12-03 08:14 - 00000000 ____D () C:\Program Files\OpenDownloaderManager 2014-03-15 19:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache 2014-03-15 19:17 - 2006-11-02 07:47 - 00353752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-15 19:15 - 2013-06-20 09:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-15 16:40 - 2013-08-14 03:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-15 16:06 - 2006-11-02 05:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-15 13:35 - 2013-12-08 15:00 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-06 22:46 - 2012-10-13 22:10 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-03-05 09:26 - 2014-03-28 15:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-28 15:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2013-12-23 16:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-05 08:30 - 2014-03-05 08:30 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-05 08:30 - 2014-03-05 08:28 - 00000000 ____D () C:\Program Files\iTunes 2014-03-05 08:29 - 2014-03-05 08:29 - 00000000 ____D () C:\Program Files\iPod 2014-03-05 08:29 - 2012-10-13 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-05 08:11 - 2014-03-05 08:11 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-28 10:47 - 2013-01-06 14:17 - 00000000 ____D () C:\Users\LindaL\Mobile Applications Files to move or delete: ==================== C:\Users\LindaL.Linda-PC\couponprinter.exe C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup (1).exe C:\Users\LindaL.Linda-PC\gtk-2.2.0.1-setup.exe Some content of TEMP: ==================== C:\Users\LindaL.Linda-PC\AppData\Local\Temp\6_Offer_17.exe C:\Users\LindaL.Linda-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\LindaL.Linda-PC\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 13:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by LindaL at 2014-03-28 19:15:04 Running from C:\Users\LindaL\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - ) Avery Toolbar (HKLM\...\{41565256-3700-A76A-76A7-A758B70C0300}) (Version: 12.3.0.994 - APN, LLC) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-J5910DW (HKLM\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.0.0.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION CouponBar (HKLM\...\CouponBar5.0.0.5) (Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTION D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.) Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard) Family Tree Maker Version 16 (HKLM\...\{2B59AB31-EBD0-45E4-A725-7112904DA605}) (Version: - ) FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker) Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.) HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard) HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard) HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard) HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.10712 - HP) HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden HP Total Care Advisor (HKLM\...\{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}) (Version: 1.0.95 - Hewlett-Packard) HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard) HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LightScribe 1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - ) Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) muvee autoProducer 5.0 (HKLM\...\{77CA976C-403C-47E2-940B-733ECAB6F62B}) (Version: 5.00.050 - muvee Technologies) My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent) Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.) Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.) Rhapsody (HKLM\...\Rhapsody) (Version: - ) Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks) Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.) Scansoft PDF Professional (Version: - ) Hidden Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Restore Points ========================= 07-03-2014 05:02:24 Scheduled Checkpoint 08-03-2014 06:00:15 Scheduled Checkpoint 09-03-2014 04:02:13 Windows Update 10-03-2014 05:00:22 Scheduled Checkpoint 10-03-2014 20:44:12 Scheduled Checkpoint 12-03-2014 05:00:17 Scheduled Checkpoint 12-03-2014 10:19:29 Windows Update 13-03-2014 05:00:17 Scheduled Checkpoint 15-03-2014 04:28:38 Scheduled Checkpoint 15-03-2014 20:58:52 Windows Update 17-03-2014 06:37:55 Scheduled Checkpoint 18-03-2014 05:00:24 Scheduled Checkpoint 19-03-2014 00:34:45 Windows Update 20-03-2014 05:00:20 Scheduled Checkpoint 21-03-2014 05:00:18 Scheduled Checkpoint 22-03-2014 04:06:55 Scheduled Checkpoint 23-03-2014 03:40:25 Windows Update 24-03-2014 05:00:19 Scheduled Checkpoint 25-03-2014 14:31:01 Scheduled Checkpoint 26-03-2014 05:00:12 Scheduled Checkpoint 26-03-2014 10:16:40 Windows Update 27-03-2014 02:29:30 Windows Update 27-03-2014 22:06:14 Scheduled Checkpoint 28-03-2014 20:21:07 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {08AD78F6-4A94-4EF1-8E6E-EA289657B28C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - LindaL => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2AA89941-7D9B-4459-BFB5-BBB4C2A0BCC6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {303A3CD1-5082-4BA8-89F0-A5203F7E88B1} - \AdobeFlashPlayerUpdate No Task File Task: {32C9FA04-B080-447B-8AF5-BB0A63A99C46} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation) Task: {4D902D79-4E67-4F1E-A3C9-93A54A74A262} - System32\Tasks\Browser Manager Task: {57638869-A2BD-4DD9-AC70-6D153152F3B1} - \AdobeFlashPlayerUpdate 2 No Task File Task: {6CD12707-4555-4174-A94B-16B34A760286} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {7530CC19-FFCB-4914-A2AC-C1493B1597B4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-27] () Task: {8EBD4F13-CE58-42BA-8A20-3AC1CA746D61} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation) Task: {985E22F3-A7AB-4BE4-8D8C-B592B9652515} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade Task: {9EB30B29-377B-4E2C-ABED-1F51272A4EA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.) Task: {A01FD0D4-5922-4043-82E3-798151753923} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {A1F9FEBB-CFC6-4D07-AD04-7DBB0A4888FE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload Task: {B2FDC4D3-0768-4BD0-9014-94EF13D84288} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {B7C7EF2F-64F0-43BF-B3D8-E3E4DA62DC1B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {BEF9E918-CA0A-4891-90A4-1E0BB11A351B} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard) Task: {D212A3D5-7C21-4A8D-8D9B-B8E252D8C6BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D9AC7EBA-9D02-4D70-8964-B58489BDD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-09-08] () Task: {E7B7F630-F4DE-4C51-842B-FCD8449364EF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Linda => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-27 13:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2014-03-15 13:35 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 13:35 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 13:35 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 13:35 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\LindaL\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeARMservice => 3 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2 MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: BBSvc => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Garmin Core Update Service => 3 MSCONFIG\Services: GorillaPrice => 2 MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PDFProFiltSrvPP => 2 MSCONFIG\Services: RoxMediaDB9 => 3 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: WatGorp => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk => C:\Windows\pss\HP Connections.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^LindaL.Linda-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: FromDocToPDF Search Scope Monitor => "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: FromDocToPDF_65 Browser Plugin Loader => C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit MSCONFIG\startupreg: OsdMaestro => "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" MSCONFIG\startupreg: PPort12reminder => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: F:\ Description: MFC-J5910DW Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Brother Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Compact Flash Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: MS/MS-Pro Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SD/MMC Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SM/xD-Picture Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2014 07:12:28 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 07:12:21 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 05:39:31 PM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0x80072EFE Error: (03/28/2014 05:34:37 PM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0x80072EFE Error: (03/28/2014 03:45:25 PM) (Source: Application Error) (User: ) Description: Faulting application mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, faulting module mbamservice.exe, version 2.1.9.0, time stamp 0x530619b7, exception code 0x40000015, fault offset 0x0007d28a, process id 0x1f4, application start time 0xmbamservice.exe0. Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 03:43:10 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:12:03 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:12:01 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. Error: (03/28/2014 02:08:27 PM) (Source: profsvc) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The specified path is invalid. System errors: ============= Error: (03/28/2014 03:46:02 PM) (Source: Service Control Manager) (User: ) Description: MBAMService1 Error: (03/28/2014 02:14:43 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume D: were aborted because volume D:, which contains shadow copy storage for this shadow copy, was force dismounted. Error: (03/28/2014 02:05:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1103.0){EB062BB7-6D0A-45A4-9257-DFB6158E65E3}201 Error: (03/28/2014 02:03:00 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 02:01:30 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Error Code: %NT AUTHORITY601 Error description: %NT AUTHORITY602 Error: (03/28/2014 02:01:29 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:57:39 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.1103.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Error Code: %NT AUTHORITY601 Error description: %NT AUTHORITY602 Error: (03/28/2014 01:57:30 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/28/2014 01:10:54 PM) (Source: Service Control Manager) (User: ) Description: i8042prt SABKUTIL Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-03-28 19:14:55.071 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:54.091 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.748 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:53.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:52.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:52.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-28 19:14:51.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 87% Total physical RAM: 893.76 MB Available physical RAM: 109.32 MB Total Pagefile: 2054.1 MB Available Pagefile: 709.72 MB Total Virtual: 2047.88 MB Available Virtual: 1872.73 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:290.41 GB) (Free:160.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:7.68 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 2E444B01) Partition 1: (Active) - (Size=290 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. Please help me rescue my computer from this malware invasion. How do I permanently remove these 14 occurrences of svchost.exe?
  10. I have svchost.exe listed 14 times in task manager! HELP!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.