Jump to content

WhiteriverSpike

Honorary Members
  • Posts

    44
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I believe everything is clean. I'll save everything we did in a file somewhere just in case this comes up again. Sincerely appreciate your time and expertise. JP
  2. All processes killed ========== FILES ========== C:\Program Files\Uninstaller folder moved successfully. C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe moved successfully. C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe moved successfully. C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe moved successfully. C:\Users\computer doctor\Downloads\pdfconverter-setup.exe moved successfully. C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe moved successfully. C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe moved successfully. C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: computer doctor ->Temp folder emptied: 2156774 bytes ->Temporary Internet Files folder emptied: 17767942 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 62895670 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 990 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: spike ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: spike.computerdoctor ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 31594 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 30208 bytes Total Files Cleaned = 79.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 01132014_143205 Files moved on Reboot... File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... No more issues that I'm aware of!
  3. C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A application C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe a variant of Win32/CNETInstaller.B application C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe a variant of Win32/InstallCore.DN application C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application C:\Users\computer doctor\Downloads\pdfconverter-setup.exe Win32/DownloadAdmin.G application C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe Win32/Systweak.B application C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe Win32/Systweak.B application C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe Win32/Systweak.B application
  4. C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A application C:\Users\computer doctor\Downloads\cbsidlm-cbsi145-PDF995_Printer_Driver-SEO-10068482.exe a variant of Win32/CNETInstaller.B application C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe a variant of Win32/InstallCore.DN application C:\Users\computer doctor\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application C:\Users\computer doctor\Downloads\pdfconverter-setup.exe Win32/DownloadAdmin.G application C:\Users\computer doctor\Downloads\rcpsetup1_dcomnew_util_300_dcomnew_util_300.exe Win32/Systweak.B application C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728(1).exe Win32/Systweak.B application C:\Users\computer doctor\Downloads\rcpsetup3_dcomnew_util_728_dcomnew_util_728.exe Win32/Systweak.B application Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9015) Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (26.0) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. Helped some, think I'll disable Skype to, never use it so why not? I think we're good Kevin, appreciate your time and all your expert advise. I'll save all your replys, never know when I might need them again. Thank You JP
  6. Don't see conduit anywhere! Startup is a little slower that prior to the .dll problems but, maybe I can do some housekeeping and speed things up unless you have something specific I can try.
  7. No HKCU:Run ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng Microsoft Corporation "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3311875\plugins\TBVerifier.dll",RunConduitFloatingPlugin blklojfklgnogjaijkibhfjepakiocng No HKCU:Run ConduitFloatingPlugin_jonjajmpblmjkhjemkalbddhodlehkfg Microsoft Corporation "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3153924\plugins\TBVerifier.dll",RunConduitFloatingPlugin jonjajmpblmjkhjemkalbddhodlehkfg No HKCU:Run ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj Microsoft Corporation "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3287811\plugins\TBVerifier.dll",RunConduitFloatingPlugin jpkgnchjblgnciiopegmabnakdoapgkj No HKCU:Run ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil Microsoft Corporation "C:\Windows\system32\Rundll32.exe" "C:\Users\COMPUT~1\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun Yes HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" Yes HKCU:RunOnce Uninstall C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 Microsoft Corporation C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Yes HKLM:Run bdruninstaller "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart" Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime Yes HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Yes Startup Common Adobe Gamma Loader.lnk Adobe Systems, Inc. C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Yes Startup Common Kodak EasyShare software.lnk Eastman Kodak Company C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe Yes Startup Common Secunia PSI Tray.lnk Secunia C:\Program Files\Secunia\PSI\psi_tray.exe
  8. # AdwCleaner v3.017 - Report created 12/01/2014 at 11:35:16 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : computer doctor - COMPUTERDOCTOR # Running from : C:\Users\computer doctor\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Mobogenie Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller Folder Deleted : C:\Users\computer doctor\AppData\Local\emaze Folder Deleted : C:\Users\computer doctor\AppData\Local\genienext Folder Deleted : C:\Users\computer doctor\AppData\Local\Mobogenie Folder Deleted : C:\Users\computer doctor\Documents\Mobogenie ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\AppDataLow\Software\Video-Saver-1 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794\prefs.js ] [ File : C:\Users\spike.computerdoctor\AppData\Roaming\Mozilla\Firefox\Profiles\qiuyq0os.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\computer doctor\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : search_url Deleted : suggest_url Deleted : keyword Deleted : urls_to_restore_on_startup [ File : C:\Users\spike.computerdoctor\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2340 octets] - [12/01/2014 11:27:23] AdwCleaner[s0].txt - [2142 octets] - [12/01/2014 11:35:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2202 octets] ########## Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.12.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 computer doctor :: COMPUTERDOCTOR [administrator] Protection: Enabled 1/12/2014 11:47:47 AM mbam-log-2014-01-12 (11-47-47).txt Scan type: Full scan (C:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 378024 Time elapsed: 1 hour(s), 16 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Looks like everything is good! Only remaining question: in system configuration under the start up tab are four entries, ConduitFloati... Unknown C:\Windows\s... HKCU\SOFTWARE\M I unchecked the boxes on all four. Since then the four dialog boxes indicating TBVerifier.dll no longer show up when starting up.
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 Ran by computer doctor (administrator) on COMPUTERDOCTOR on 12-01-2014 10:02:42 Running from C:\Users\computer doctor\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [bdruninstaller] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart" HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-19] (Google Inc.) HKCU\...\Runonce: [uninstall C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer doctor\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV= BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Bitdefender QuickScan - C:\Users\computer doctor\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qm1ut.default-1389492445794\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-01-11] FF HKLM\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] - C:\Program Files\Soda PDF 5\FFSoda5Ext FF Extension: No Name - C:\Program Files\Soda PDF 5\FFSoda5Ext [2013-12-06] Chrome: ======= CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP16E96683-23D2-44B6-84F7-9FBAFB7D8409&q={searchTerms}&SSPV= CHR DefaultNewTabURL: CHR Extension: (Google Wallet) - C:\Users\computer doctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 [2013-11-26] CHR HKLM\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\computer doctor\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-26] CHR HKLM\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\computer doctor\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-11-26] CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2013-11-26] CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\computer doctor\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-26] CHR HKCU\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\computer doctor\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-11-26] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) ==================== Drivers (Whitelisted) ==================== R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia) S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [x] S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [x] S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [x] S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [x] S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [x] R1 AFD; \SystemRoot\system32\drivers\afd.sys [x] S3 agp440; \SystemRoot\system32\drivers\agp440.sys [x] S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [x] S3 aliide; \SystemRoot\system32\drivers\aliide.sys [x] S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [x] S3 amdide; \SystemRoot\system32\drivers\amdide.sys [x] S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [x] S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x] S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [x] S3 AppID; \SystemRoot\system32\drivers\appid.sys [x] S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [x] S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [x] S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [x] S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [x] S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [x] S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x] S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x] S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x] S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x] S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [x] R1 cdrom; \SystemRoot\system32\drivers\cdrom.sys [x] S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [x] S3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [x] S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [x] R3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [x] S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [x] S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [x] R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [x] S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [x] S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [x] S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [x] S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [x] S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [x] S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [x] S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x] S3 HdAudAddService; \SystemRoot\system32\drivers\HdAudio.sys [x] R3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [x] S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [x] S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [x] S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [x] S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [x] S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x] S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [x] S3 intelide; \SystemRoot\system32\drivers\intelide.sys [x] S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [x] S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [x] S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [x] S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [x] S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [x] S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [x] S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [x] S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [x] R2 luafv; \SystemRoot\system32\drivers\luafv.sys [x] S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [x] S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [x] R3 mouclass; \SystemRoot\system32\drivers\mouclass.sys [x] S3 mpio; \SystemRoot\system32\drivers\mpio.sys [x] S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [x] S3 msahci; \SystemRoot\system32\drivers\msahci.sys [x] S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [x] S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [x] R1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [x] S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [x] S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [x] S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x] S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [x] S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [x] S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [x] S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [x] S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [x] S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [x] S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [x] S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [x] S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [x] S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [x] S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [x] S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [x] S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [x] S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [x] S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [x] S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [x] S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [x] S3 sisagp; \SystemRoot\system32\drivers\sisagp.sys [x] S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [x] S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [x] S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [x] R3 swenum; \SystemRoot\system32\drivers\swenum.sys [x] R1 TermDD; \SystemRoot\system32\drivers\termdd.sys [x] S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [x] S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [x] R3 umbus; \SystemRoot\system32\drivers\umbus.sys [x] S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [x] S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [x] S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [x] R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x] S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [x] S3 viaagp; \SystemRoot\system32\drivers\viaagp.sys [x] S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [x] S3 viaide; \SystemRoot\system32\drivers\viaide.sys [x] S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [x] S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [x] S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x] S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [x] S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [x] R1 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [x] U3 mbr; \??\C:\Users\COMPUT~1\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 10:02 - 2014-01-12 10:02 - 00017460 _____ C:\Users\computer doctor\Desktop\FRST.txt 2014-01-12 10:01 - 2014-01-12 10:01 - 00000000 ____D C:\FRST 2014-01-12 10:00 - 2014-01-12 10:00 - 01219584 _____ (Farbar) C:\Users\computer doctor\Desktop\FRST.exe 2014-01-12 09:32 - 2014-01-12 09:32 - 00015001 _____ C:\Users\computer doctor\Desktop\dds.txt 2014-01-12 09:32 - 2014-01-12 09:32 - 00008402 _____ C:\Users\computer doctor\Desktop\attach.txt 2014-01-12 09:30 - 2014-01-12 09:30 - 00688992 ____R (Swearware) C:\Users\computer doctor\Desktop\dds.scr 2014-01-11 20:34 - 2014-01-11 20:35 - 94744344 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\msert.exe 2014-01-11 20:07 - 2014-01-11 20:07 - 00000000 ____D C:\Users\computer doctor\Desktop\Old Firefox Data 2014-01-11 19:55 - 2014-01-11 19:55 - 00987410 _____ C:\Users\computer doctor\Downloads\SecurityCheck(1).exe 2014-01-11 19:46 - 2014-01-11 19:46 - 00602112 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\OTL(1).exe 2014-01-11 19:43 - 2014-01-12 09:02 - 00000336 _____ C:\Windows\setupact.log 2014-01-11 19:43 - 2014-01-11 19:43 - 00000000 _____ C:\Windows\setuperr.log 2014-01-11 18:39 - 2014-01-11 18:39 - 11125072 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\mseinstall(1).exe 2014-01-11 18:30 - 2014-01-11 18:30 - 00448512 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\TFC(1).exe 2014-01-11 16:24 - 2014-01-11 18:28 - 00000000 ____D C:\Windows\Minidump 2014-01-11 15:12 - 2014-01-11 15:47 - 00000000 ____D C:\Users\computer doctor\aldus 2014-01-11 15:04 - 2014-01-11 18:22 - 00000000 ___RD C:\Users\computer doctor\Virtual Machines 2014-01-11 14:52 - 2014-01-11 14:52 - 00000000 ___HT C:\Windows\wusa.lock 2014-01-11 14:51 - 2014-01-11 14:51 - 01528184 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\GenuineCheck.exe 2014-01-11 14:48 - 2014-01-11 14:48 - 16070039 _____ C:\Users\computer doctor\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu 2014-01-11 11:46 - 2014-01-11 11:46 - 00000000 ____D C:\Users\computer doctor\AppData\Local\DOSBox 2014-01-11 11:42 - 2014-01-11 12:18 - 00000000 ____D C:\Program Files\DOSBox-0.74 2014-01-11 11:22 - 2014-01-11 11:22 - 00000000 ____D C:\Windows\pss 2014-01-11 10:28 - 2014-01-11 10:28 - 00000000 ____D C:\Users\computer doctor\Downloads\AMD-VwithRVI_Hyper-V_CompatibilityUtility 2014-01-11 09:00 - 2014-01-11 09:02 - 00183624 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\havdetectiontool.exe 2014-01-10 19:16 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Common Files\Macromedia 2014-01-10 19:14 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Macromedia 2014-01-10 17:15 - 2014-01-10 17:15 - 00043955 _____ C:\Users\computer doctor\Downloads\XPe_3mflp132_v10.zip 2014-01-10 15:38 - 2014-01-10 15:42 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Mobogenie 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\Documents\Mobogenie 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\genienext 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\cache 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\.android 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 _____ C:\Users\computer doctor\daemonprocess.txt 2014-01-10 15:37 - 2014-01-10 15:42 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-10 15:37 - 2014-01-10 15:36 - 00026835 _____ C:\Users\computer doctor\Downloads\BT144.zip 2014-01-10 15:35 - 2014-01-10 15:35 - 00632152 _____ C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe 2013-12-30 18:35 - 2013-12-30 18:43 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-30 17:28 - 2013-12-30 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-30 17:27 - 2013-12-30 17:28 - 00000000 ____D C:\Users\computer doctor\Desktop\mbar 2013-12-30 17:27 - 2013-12-30 17:27 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-30 17:26 - 2013-12-30 17:27 - 12582688 _____ (Malwarebytes Corp.) C:\Users\computer doctor\Downloads\mbar-1.07.0.1008.exe 2013-12-28 19:43 - 2013-12-28 19:43 - 00000000 ____D C:\Users\computer doctor\Documents\My Weblog Posts 2013-12-27 18:47 - 2013-12-28 19:51 - 01247056 _____ (Microsoft Corporation) C:\Users\computer doctor\Desktop\wlsetup-web.exe 2013-12-24 10:44 - 2013-12-24 10:44 - 00000000 ____D C:\Users\computer doctor\Desktop\orchid 2013-12-21 13:52 - 2013-12-21 13:57 - 00000000 ____D C:\Users\computer doctor\Desktop\Patrick 2013-12-14 13:05 - 2013-12-12 15:47 - 13107859 _____ C:\Users\Public\Documents\pdf995.zip ==================== One Month Modified Files and Folders ======= 2014-01-12 10:02 - 2014-01-12 10:02 - 00017460 _____ C:\Users\computer doctor\Desktop\FRST.txt 2014-01-12 10:01 - 2014-01-12 10:01 - 00000000 ____D C:\FRST 2014-01-12 10:00 - 2014-01-12 10:00 - 01219584 _____ (Farbar) C:\Users\computer doctor\Desktop\FRST.exe 2014-01-12 09:33 - 2013-11-19 16:17 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-12 09:32 - 2014-01-12 09:32 - 00015001 _____ C:\Users\computer doctor\Desktop\dds.txt 2014-01-12 09:32 - 2014-01-12 09:32 - 00008402 _____ C:\Users\computer doctor\Desktop\attach.txt 2014-01-12 09:30 - 2014-01-12 09:30 - 00688992 ____R (Swearware) C:\Users\computer doctor\Desktop\dds.scr 2014-01-12 09:09 - 2009-07-13 22:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-12 09:09 - 2009-07-13 22:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-12 09:05 - 2013-11-19 16:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-12 09:05 - 2013-11-18 17:27 - 01948061 _____ C:\Windows\WindowsUpdate.log 2014-01-12 09:02 - 2014-01-11 19:43 - 00000336 _____ C:\Windows\setupact.log 2014-01-12 09:02 - 2013-11-19 16:16 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-12 09:02 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-11 22:01 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2014-01-11 20:35 - 2014-01-11 20:34 - 94744344 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\msert.exe 2014-01-11 20:20 - 2013-12-09 17:55 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\QuickScan 2014-01-11 20:07 - 2014-01-11 20:07 - 00000000 ____D C:\Users\computer doctor\Desktop\Old Firefox Data 2014-01-11 19:55 - 2014-01-11 19:55 - 00987410 _____ C:\Users\computer doctor\Downloads\SecurityCheck(1).exe 2014-01-11 19:52 - 2013-12-07 12:44 - 00049426 _____ C:\Users\computer doctor\Downloads\OTL.Txt 2014-01-11 19:46 - 2014-01-11 19:46 - 00602112 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\OTL(1).exe 2014-01-11 19:43 - 2014-01-11 19:43 - 00000000 _____ C:\Windows\setuperr.log 2014-01-11 18:40 - 2013-11-19 10:33 - 00002198 _____ C:\Windows\epplauncher.mif 2014-01-11 18:39 - 2014-01-11 18:39 - 11125072 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\mseinstall(1).exe 2014-01-11 18:30 - 2014-01-11 18:30 - 00448512 _____ (OldTimer Tools) C:\Users\computer doctor\Downloads\TFC(1).exe 2014-01-11 18:28 - 2014-01-11 16:24 - 00000000 ____D C:\Windows\Minidump 2014-01-11 18:28 - 2013-11-21 13:03 - 00000000 ____D C:\Users\computer doctor\Tracing 2014-01-11 18:22 - 2014-01-11 15:04 - 00000000 ___RD C:\Users\computer doctor\Virtual Machines 2014-01-11 18:22 - 2013-12-12 16:39 - 00000000 ____D C:\ProgramData\ArcSoft 2014-01-11 18:22 - 2013-12-12 15:17 - 00000000 ____D C:\ProgramData\pdf995 2014-01-11 18:22 - 2013-12-10 21:27 - 00000000 ____D C:\Users\spike.computerdoctor 2014-01-11 18:22 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\wfp 2014-01-11 18:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration 2014-01-11 16:24 - 2013-11-18 16:51 - 00000000 ____D C:\Users\computer doctor 2014-01-11 15:47 - 2014-01-11 15:12 - 00000000 ____D C:\Users\computer doctor\aldus 2014-01-11 14:52 - 2014-01-11 14:52 - 00000000 ___HT C:\Windows\wusa.lock 2014-01-11 14:51 - 2014-01-11 14:51 - 01528184 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\GenuineCheck.exe 2014-01-11 14:48 - 2014-01-11 14:48 - 16070039 _____ C:\Users\computer doctor\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu 2014-01-11 12:18 - 2014-01-11 11:42 - 00000000 ____D C:\Program Files\DOSBox-0.74 2014-01-11 11:54 - 2013-11-18 16:57 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-11 11:46 - 2014-01-11 11:46 - 00000000 ____D C:\Users\computer doctor\AppData\Local\DOSBox 2014-01-11 11:22 - 2014-01-11 11:22 - 00000000 ____D C:\Windows\pss 2014-01-11 10:28 - 2014-01-11 10:28 - 00000000 ____D C:\Users\computer doctor\Downloads\AMD-VwithRVI_Hyper-V_CompatibilityUtility 2014-01-11 09:02 - 2014-01-11 09:00 - 00183624 _____ (Microsoft Corporation) C:\Users\computer doctor\Downloads\havdetectiontool.exe 2014-01-10 19:22 - 2013-11-19 16:20 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\Macromedia 2014-01-10 19:16 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Common Files\Macromedia 2014-01-10 19:16 - 2014-01-10 19:14 - 00000000 ____D C:\Program Files\Macromedia 2014-01-10 19:16 - 2013-12-12 16:38 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2014-01-10 17:15 - 2014-01-10 17:15 - 00043955 _____ C:\Users\computer doctor\Downloads\XPe_3mflp132_v10.zip 2014-01-10 17:00 - 2013-11-18 16:51 - 00000000 ____D C:\Users\computer doctor\AppData\Local\VirtualStore 2014-01-10 15:42 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Mobogenie 2014-01-10 15:42 - 2014-01-10 15:37 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\Documents\Mobogenie 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\genienext 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\AppData\Local\cache 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\computer doctor\.android 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 _____ C:\Users\computer doctor\daemonprocess.txt 2014-01-10 15:36 - 2014-01-10 15:37 - 00026835 _____ C:\Users\computer doctor\Downloads\BT144.zip 2014-01-10 15:35 - 2014-01-10 15:35 - 00632152 _____ C:\Users\computer doctor\Downloads\DriverGuide_Driver_Download_626192.exe 2014-01-10 13:07 - 2013-11-21 13:17 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\Skype 2014-01-09 16:29 - 2013-11-28 20:56 - 00000420 _____ C:\Windows\Tasks\EasyShare Registration Task.job 2014-01-08 12:32 - 2013-12-08 12:11 - 00000000 ____D C:\Users\computer doctor\Desktop\budget 2014-01-08 12:28 - 2013-12-08 12:12 - 00000000 ____D C:\Users\computer doctor\Desktop\taxes 2013 2014-01-03 13:08 - 2009-07-13 22:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-30 21:04 - 2013-12-12 17:15 - 00000000 ____D C:\Program Files\SpywareBlaster 2013-12-30 20:59 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF 2013-12-30 18:51 - 2013-12-12 12:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2013-12-30 18:43 - 2013-12-30 18:35 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-30 17:52 - 2013-11-27 15:08 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-12-30 17:28 - 2013-12-30 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-30 17:28 - 2013-12-30 17:27 - 00000000 ____D C:\Users\computer doctor\Desktop\mbar 2013-12-30 17:27 - 2013-12-30 17:27 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-30 17:27 - 2013-12-30 17:26 - 12582688 _____ (Malwarebytes Corp.) C:\Users\computer doctor\Downloads\mbar-1.07.0.1008.exe 2013-12-30 11:01 - 2013-12-02 08:16 - 00000000 ____D C:\Users\computer doctor\Desktop\corps 2013-12-29 14:24 - 2013-11-24 10:13 - 00000059 _____ C:\Windows\wpd99.drv 2013-12-28 20:09 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-28 19:55 - 2013-11-21 13:16 - 00000000 ____D C:\ProgramData\Skype 2013-12-28 19:55 - 2013-11-21 11:45 - 00000000 ____D C:\Program Files\Windows Live 2013-12-28 19:51 - 2013-12-27 18:47 - 01247056 _____ (Microsoft Corporation) C:\Users\computer doctor\Desktop\wlsetup-web.exe 2013-12-28 19:43 - 2013-12-28 19:43 - 00000000 ____D C:\Users\computer doctor\Documents\My Weblog Posts 2013-12-28 19:43 - 2013-11-21 13:42 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Windows Live Writer 2013-12-27 20:52 - 2013-12-09 20:36 - 00000000 ____D C:\Users\computer doctor\Desktop\plans 2013-12-27 20:25 - 2013-11-21 11:37 - 00000000 ____D C:\Users\computer doctor\AppData\Local\Windows Live 2013-12-24 10:44 - 2013-12-24 10:44 - 00000000 ____D C:\Users\computer doctor\Desktop\orchid 2013-12-21 13:57 - 2013-12-21 13:52 - 00000000 ____D C:\Users\computer doctor\Desktop\Patrick 2013-12-21 11:18 - 2013-11-27 18:20 - 00000000 ____D C:\Program Files\CCleaner 2013-12-20 13:36 - 2013-11-28 12:47 - 11796480 ____R C:\Users\Public\Documents\ESBK.mbb 2013-12-20 13:36 - 2013-11-28 12:47 - 06324224 ____R C:\Users\Public\Documents\ESBK.mb 2013-12-14 10:52 - 2013-11-29 23:59 - 00000000 ____D C:\Program Files\MSXML 4.0 2013-12-13 18:07 - 2013-12-12 16:39 - 00000000 ____D C:\Users\computer doctor\AppData\Roaming\ArcSoft Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.4092.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 14:08 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2014 Ran by computer doctor at 2014-01-12 10:03:24 Running from C:\Users\computer doctor\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Illustrator 9.0.1 (Version: 9.0.1 - Adobe Systems, Inc.) Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated) Adobe SVG Viewer (Version: 1.0 - Adobe Systems, Inc.) Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) ArcSoft Print Creations - Album Page (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (Version: - ArcSoft) ArcSoft Print Creations (Version: 2.8.255.384 - ArcSoft) Ask Toolbar (Version: 12.7.0.15 - APN, LLC) <==== ATTENTION CardRd81 (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden CCleaner (Version: 4.09 - Piriform) CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden CR2 (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden FileParade Bundle (Version: 1.0.0.0 - FileParade Bundle) Google Chrome (Version: 31.0.1650.63 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (Version: 7.5.4601.54 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden Java 7 Update 45 (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden Kodak EasyShare software (Version: - Eastman Kodak Company) Macromedia Dreamweaver MX (Version: 6.0 - Macromedia) Macromedia Extension Manager (Version: 1.5 - Macromedia) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SkyDrive (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden Pdf995 (Version: - ) PdfEdit995 (Version: - ) Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden QuickShare (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION QuickTime (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (Version: - ) Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group) Secunia PSI (3.0.0.9015) (Version: 3.0.0.9015 - Secunia) SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.) staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ==================== Restore Points ========================= 09-01-2014 14:58:53 Windows Update 10-01-2014 21:37:48 Installed WeatherBug 10-01-2014 21:42:59 Removed WeatherBug 10-01-2014 22:41:47 Windows Backup 11-01-2014 01:14:36 Installed Dreamweaver MX 11-01-2014 01:16:17 Installed Extension Manager 11-01-2014 16:00:16 Windows Backup 11-01-2014 20:53:06 Windows Update 12-01-2014 03:51:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 12-01-2014 03:58:26 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 12-01-2014 03:58:38 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 12-01-2014 03:59:44 Revo Uninstaller's restore point - Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 12-01-2014 03:59:54 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 12-01-2014 04:00:36 Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 12-01-2014 04:00:49 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 12-01-2014 04:02:00 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB954430) 12-01-2014 04:03:55 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB973688) ==================== Hosts content: ========================== 2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {125499AD-F98B-4459-8F3A-092E58CE614A} - System32\Tasks\TidyNetwork Update => C:\Users\computer doctor\AppData\Local\TidyNetwork\petnupdate.exe Task: {2B997118-5CE7-463D-A6E3-F1A3F1C545C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.) Task: {5D58D39C-255F-49CA-ADC0-39EF64403F65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {5E05F2CB-6643-469A-BAC8-C182980C102E} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 Task: {86D437D4-F864-4E76-B539-2299C29D1848} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {8CE08E69-86CD-46A5-BAFB-C893563CBBF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D60883AC-82BA-41F6-BBCB-803787606401} - System32\Tasks\{3C27B136-F8B4-4864-8102-FFE0AD4D7708} => C:\pdf995\res\utilities\signature995\signature995.exe Task: {DD1B01FA-C3CF-47AE-8B90-2A295EFA65C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.) Task: {EA2A931A-9CB4-4A48-9D57-98D652E2C0F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {EFCFA8DF-A22E-4F63-97DF-3D5ACCE7B7D4} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION Task: {F147D325-9A25-4FBA-BA75-F6E185C90A11} - System32\Tasks\{0E91789F-9BA1-4099-A940-ACFB3399C43B} => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EasyShare Registration Task.job => rž$ªÕ D‚XE#WŽ¨Fr< s$€À €!Þ 'ƒ!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16computer doctor0Ý Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-02-23 17:24 - 2013-12-12 16:39 - 00406016 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll 2011-02-23 17:23 - 2013-12-12 16:39 - 00264192 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll 2011-02-23 17:21 - 2013-12-12 16:39 - 00356352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll 2011-02-23 17:19 - 2013-12-12 16:39 - 00237568 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll 2011-02-23 17:38 - 2013-12-12 16:39 - 00234496 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx 2011-02-23 17:15 - 2013-12-12 16:39 - 00090112 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll 2011-02-23 17:39 - 2013-12-12 16:39 - 00078848 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx 2011-02-23 17:11 - 2013-12-12 16:39 - 00062464 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll 2006-03-07 10:05 - 2013-12-12 16:39 - 01564672 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll 2011-02-23 17:37 - 2013-12-12 16:39 - 00761856 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx 2011-02-23 17:17 - 2013-12-12 16:39 - 00152576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx 2011-02-23 18:00 - 2013-12-12 16:39 - 00684032 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx 2011-02-23 17:24 - 2013-12-12 16:39 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll 2011-02-23 17:15 - 2013-12-12 16:39 - 00129536 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll 2011-02-23 18:55 - 2013-12-12 16:39 - 11503616 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx 2009-09-28 21:19 - 2013-12-12 16:39 - 00782336 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll 2009-09-28 21:19 - 2013-12-12 16:39 - 00868352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll 2009-09-28 21:20 - 2013-12-12 16:39 - 00462848 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll 2009-09-28 21:19 - 2013-12-12 16:39 - 00155648 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll 2009-09-28 21:21 - 2013-12-12 16:39 - 00528384 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll 2009-09-28 21:20 - 2013-12-12 16:39 - 02236416 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll 2009-09-28 21:21 - 2013-12-12 16:39 - 00847872 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll 2009-09-28 21:21 - 2013-12-12 16:39 - 01396736 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll 2011-02-23 18:04 - 2013-12-12 16:39 - 00171520 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx 2011-02-23 17:38 - 2013-12-12 16:39 - 00052224 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll 2011-02-23 17:36 - 2013-12-12 16:40 - 00143360 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll 2011-02-23 17:15 - 2013-12-12 16:39 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx 2011-02-23 15:25 - 2013-12-12 16:39 - 00010240 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll 2011-02-23 19:02 - 2013-12-12 16:39 - 00339968 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx 2011-02-23 18:01 - 2013-12-12 16:39 - 00098304 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx 2011-02-23 18:05 - 2013-12-12 16:39 - 00315392 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx 2011-02-23 17:55 - 2013-12-12 16:40 - 00688128 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll 2011-02-23 19:00 - 2013-12-12 16:39 - 00471040 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll 2011-02-23 17:16 - 2013-12-12 16:39 - 00044544 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll 2013-11-21 18:01 - 2013-12-05 13:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:346465CA AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2014 09:19:14 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (01/11/2014 09:51:35 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1dc041a7-b3b4-4efd-aa31-a5328d874249} Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (01/12/2014 09:02:05 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Null Error: (01/11/2014 10:15:55 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Null Error: (01/11/2014 10:06:39 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Null Error: (01/11/2014 08:56:49 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Null Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/11/2014 08:50:57 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/11/2014 08:49:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (01/12/2014 09:19:14 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (01/11/2014 09:51:35 PM) (Source: VSS)(User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1dc041a7-b3b4-4efd-aa31-a5328d874249} Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/11/2014 08:29:49 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/11/2014 08:29:48 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3006.49 MB Available physical RAM: 1808.59 MB Total Pagefile: 6011.27 MB Available Pagefile: 4772.98 MB Total Virtual: 2047.88 MB Available Virtual: 1886.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.53 GB) (Free:46.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive j: (MY BOOK) (Fixed) (Total:74.51 GB) (Free:61.54 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: A65BA183) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 75 GB) (Disk ID: 8F9C798A) Partition 1: (Not Active) - (Size=75 GB) - (Type=0C) ==================== End Of Log ============================
  10. Here's the two logs requested by Borislov. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/18/2013 4:51:00 PM System Uptime: 1/12/2014 9:01:39 AM (0 hours ago) . Motherboard: Dell Inc. | | 0RY206 Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2900/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 46.63 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (FAT32) - 75 GiB total, 61.543 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Null Device ID: ROOT\LEGACY_NULL\0000 Manufacturer: Name: Null PNP Device ID: ROOT\LEGACY_NULL\0000 Service: Null . ==== System Restore Points =================== . RP124: 1/9/2014 8:58:53 AM - Windows Update RP125: 1/10/2014 3:37:48 PM - Installed WeatherBug RP126: 1/10/2014 3:42:59 PM - Removed WeatherBug RP127: 1/10/2014 4:41:47 PM - Windows Backup RP129: 1/10/2014 7:14:36 PM - Installed Dreamweaver MX RP131: 1/10/2014 7:16:17 PM - Installed Extension Manager RP132: 1/11/2014 10:00:16 AM - Windows Backup RP133: 1/11/2014 2:53:06 PM - Windows Update RP135: 1/11/2014 9:51:39 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 RP137: 1/11/2014 9:58:26 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 RP138: 1/11/2014 9:58:38 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 RP140: 1/11/2014 9:59:44 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 RP141: 1/11/2014 9:59:54 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 RP143: 1/11/2014 10:00:36 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 RP144: 1/11/2014 10:00:49 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 RP146: 1/11/2014 10:02:00 PM - Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB954430) RP148: 1/11/2014 10:03:55 PM - Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB973688) . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Illustrator 9.0.1 Adobe Reader X (10.1.8) Adobe SVG Viewer Apple Application Support Apple Software Update ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card Ask Toolbar CardRd81 CCleaner CCScore CR2 D3DX10 ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt fflink FileParade Bundle Google Chrome Google Toolbar for Internet Explorer Google Update Helper Java 7 Update 45 Java Auto Updater Junk Mail filter update kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kodak EasyShare software Macromedia Dreamweaver MX Macromedia Extension Manager Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Movie Maker Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) netbrdg NVIDIA Control Panel 307.83 NVIDIA Drivers NVIDIA Graphics Driver 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components OfotoXMI Pdf995 PdfEdit995 Photo Common Photo Gallery QuickShare QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.95 Secunia PSI (3.0.0.9015) SFR SHASTA skin0001 SKINXSDK Skype™ 6.3 staticcr VPRINTOL Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WIRELESS . ==== Event Viewer Messages From Past Week ======== . 1/9/2014 2:43:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 1/7/2014 11:20:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 1/7/2014 10:02:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 1/12/2014 9:02:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null 1/11/2014 8:50:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/11/2014 8:49:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/11/2014 8:49:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/11/2014 8:49:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/11/2014 8:49:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/11/2014 8:48:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/11/2014 8:48:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter Null spldr Wanarpv6 1/11/2014 8:48:46 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/11/2014 8:29:49 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 1/11/2014 8:29:49 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 1/11/2014 6:31:33 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 1/11/2014 4:24:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000006b (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011114-19266-01. 1/10/2014 12:02:08 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by computer doctor at 9:31:51 on 2014-01-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3006.1908 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Windows\system32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Secunia\PSI\sua.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyOverride = <-loopback> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRunOnce: [uninstall c:\users\computer doctor\appdata\local\microsoft\skydrive\16.4.6013.0910] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\computer doctor\appdata\local\microsoft\skydrive\16.4.6013.0910" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [bdruninstaller] "c:\program files\common files\bitdefender\setupinformation\downloader\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\downloader\setupdownloader.exe" /args:"/after_restart" mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 10.0.0.1 TCP: Interfaces\{E11CF67E-48B2-4BA0-B0C9-7C3EDD36CA08} : DHCPNameServer = 10.0.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\computer doctor\appdata\roaming\mozilla\firefox\profiles\bt2qm1ut.default-1389492445794\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\computer doctor\appdata\roaming\mozilla\firefox\profiles\bt2qm1ut.default-1389492445794\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll . ============= SERVICES / DRIVERS =============== . R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696] R1 MpKslf1f4a502;MpKslf1f4a502;c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\MpKslf1f4a502.sys [2014-1-12 40392] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-21 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-21 701512] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-21 22856] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-11-21 49664] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2013-2-5 1512448] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-10 108032] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-21 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-21 1343400] . =============== File Associations =============== . FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1" . =============== Created Last 30 ================ . 2014-01-12 15:02:10 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\MpKslf1f4a502.sys 2014-01-12 02:30:16 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ff018123-3f44-49af-88fd-5ff64243abbf}\mpengine.dll 2014-01-11 21:12:16 -------- d-----w- c:\users\computer doctor\aldus 2014-01-11 21:04:20 -------- d-----r- c:\users\computer doctor\Virtual Machines 2014-01-11 17:46:11 -------- d-----w- c:\users\computer doctor\appdata\local\DOSBox 2014-01-11 17:42:57 -------- d-----w- c:\program files\DOSBox-0.74 2014-01-11 17:22:18 -------- d-----w- c:\windows\pss 2014-01-11 01:16:05 -------- d-----w- c:\program files\common files\Macromedia 2014-01-11 01:14:45 -------- d-----w- c:\program files\Macromedia 2014-01-10 21:38:54 -------- d-----w- c:\users\computer doctor\.android 2014-01-10 21:38:53 -------- d-----w- c:\users\computer doctor\appdata\local\cache 2014-01-10 21:38:51 -------- d-----w- c:\users\computer doctor\appdata\local\Mobogenie 2014-01-10 21:38:51 -------- d-----w- c:\users\computer doctor\appdata\local\genienext 2014-01-10 21:37:54 -------- d-----w- c:\program files\Mobogenie 2014-01-10 15:34:49 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2014-01-01 21:18:21 -------- dc----w- c:\users\computer doctor\appdata\local\MigWiz 2013-12-31 00:35:54 -------- d-----w- c:\programdata\HitmanPro 2013-12-31 00:34:49 -------- d-----w- c:\program files\sweetpacks bundle uninstaller 2013-12-30 23:28:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-12-30 23:27:28 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-12-14 04:11:18 2876528 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll 2013-12-14 04:10:57 42168 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll . ==================== Find3M ==================== . 2013-12-29 20:24:24 59 ----a-w- c:\windows\wpd99.drv 2013-12-12 21:44:51 36864 ----a-w- c:\windows\system32\pdf995mon.dll 2013-12-12 21:44:51 1672192 ----a-w- c:\windows\system32\pdfmona.dll 2013-12-11 00:04:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-11 00:04:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-07 05:41:45 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-22 16:31:13 640512 ----a-w- c:\windows\system32\advapi32.dll 2013-11-22 16:31:13 619520 ----a-w- c:\windows\system32\tdh.dll 2013-11-22 16:31:13 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-11-22 16:31:13 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-11-22 16:31:13 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-11-22 16:30:44 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-11-22 16:30:44 231424 ----a-w- c:\windows\system32\mswsock.dll 2013-11-22 16:30:44 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-11-22 16:23:11 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-11-21 21:45:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-11-21 21:16:33 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll 2013-11-04 12:42:02 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys 2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll 2013-10-30 01:27:28 2349056 ----a-w- c:\windows\system32\win32k.sys 2013-10-19 01:36:59 159232 ----a-w- c:\windows\system32\imagehlp.dll . ============= FINISH: 9:32:29.45 ===============
  11. Forgot to mention the four conduit entries are in Windows Start up within System Configuration so, I unchecked the boxes and the dll dialog boxes no longer appear when starting up however, my startup is considerably slower that it had been!
  12. I just took a look in System Configuration and noticed four entries: ConduitFloating C:\Windows\s...HKCU\Software\M... Manufacturer Unknown
  13. On startup I get four dialog boxes indicating "There was a problem starting" C:\Users\Comput~\AppData\Local\Temp\CT 3311875\plugins\TB Verifier.dll. Module could not be found. The other three dialog boxes refer to CT 3153924 CT 3287811 CT 3306061 When I start in Safe Mode everything is fine meaning none of the above dialog boxes show up. I have updated Malwarebytes and ran full scans without any malware or adware or anything showing up. I have downloaded some programs today and have a feeling something sneaked into my computer like Conduit but, I have not been able to track it down! In addition, the computer is significantly slower starting up. Any help would be appreciated. JP
  14. Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarde...log-page_7.html The above was in your last comment, day before yesterday #37 at 07:48, when I switched to Standard user account is when the problem started which was yesterday. Windows Live Mail is the client program. When the computer starts up two icons appear, one administrator and one standard user. Clicking on administrator gives me access to everything just as before. Clicking on standard user is when everything disappears. I guess it's that big a deal for me to use administrator.
  15. Update: When I log in as administrator everything that was missing as noted above is ok. Logging in as standard user and everthing is lost! Downloaded latest update from Malwarebytes-ran quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.11.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 computer doctor :: COMPUTERDOCTOR [administrator] Protection: Enabled 12/10/2013 10:34:46 PM mbam-log-2013-12-10 (22-34-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 269724 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Downloaded latest from Windows Update Quick Scan in Microsoft Security Essentials=No threats.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.