1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved System Security Center will not start

Discussion in 'Malware and Virus Removal Archive' started by larsonjean, 2014/03/05.

  1. 2014/03/05
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    [Solved] System Security Center will not start

    Hi,
    I previously posted to the Vista Forum (with the same title) but was told that it was probably a mallware problem so it sent me to this site after following the instructions before posting.
    I tried to turn on Windows Firewall but it will not let me.
    I did run Microsoft Security Essentials and Malwarebytes but it didn't let me update as I cannot get on the internet.

    I tried to Turn on Windows Firewall but it said "Security Center can't turn on Windows Firewall. "

    I did download DDS on my laptop and moved it to my desktop and it produced the two following documents:

    DDS text
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 1.6.0_39
    Run by Jean at 21:55:10 on 2014-03-05
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3071.2368 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\locator.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1334930562\ee\aolsoftware.exe
    C:\Program Files\Brownie\BrStsWnd.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    C:\Program Files\Common Files\aol\1334930562\ee\aolsoftware.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
    uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    uRun: [Google Update] "c:\users\jean\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [Skytel] Skytel.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
    mRun: [MapsGalaxy EPM Support] "c:\progra~1\mapsga~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [HostManager] c:\program files\common files\aol\1334930562\ee\AOLSoftware.exe
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [Brdefprn] c:\program files\brother\brhl2140\Brdefprn.exe -d
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
    StartupFolder: c:\users\jean\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jean\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0271D2AC-1FFD-4C96-A066-B06379D17507} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{575FEBB4-1BC0-4E1A-ABFD-91934B099DA3} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{8B21746E-DFB3-49C0-989C-BE3769660D3B} : DHCPNameServer = 172.20.10.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jean\appdata\roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314312&CUI=UN29952748441156936&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN33812119381801467&UM=2&q=
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mapsgalaxy_39\bar\1.bin\NP39Stub.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jean\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: c:\users\jean\appdata\roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}\plugins\np-mswmp.dll
    FF - plugin: c:\users\jean\appdata\roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 346b032200000000000000e0b8e6ca40
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15897
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:36:32
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4940
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    FF - user.js: extensions.shownSelectionUI - true
    .
    .
    .
    .
    FF - user.js: extensions.mysearchdial.hmpg - true
    FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=331951358&ir=
    FF - user.js: extensions.mysearchdial.dfltSrch - true
    FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
    FF - user.js: extensions.mysearchdial.dnsErr - true
    FF - user.js: extensions.mysearchdial_i.newTab - false
    FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=331951358&ir=
    FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=331951358&ir=&q=
    FF - user.js: extensions.mysearchdial.id - 00E0B8E6CA400322
    FF - user.js: extensions.mysearchdial.instlDay - 16059
    FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
    FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
    FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.021:33:29
    FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
    FF - user.js: extensions.mysearchdial.prdct - mysearchdial
    FF - user.js: extensions.mysearchdial.aflt - file1202
    FF - user.js: extensions.mysearchdial_i.smplGrp - none
    FF - user.js: extensions.mysearchdial.tlbrId - base
    FF - user.js: extensions.mysearchdial.instlRef -
    FF - user.js: extensions.mysearchdial.dfltLng -
    FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    FF - user.js: extensions.mysearchdial.excTlbr - false
    FF - user.js: extensions.mysearchdial_i.hmpg - true
    FF - user.js: extensions.mysearchdial.cr - 331951358
    FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
    FF - user.js: extensions.irmysearch.aflt - file1202
    FF - user.js: extensions.irmysearch.instlRef -
    FF - user.js: extensions.irmysearch.cr - 331951358
    FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
    .
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-2-18 47640]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
    S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2012-11-24 47264]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-7-11 27192]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2012-2-18 19968]
    S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
    S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-17 5087584]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2014-03-03 20:16:50 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{893a9fcb-21d3-4c76-be3e-8cd5ba61f181}\mpengine.dll
    2014-03-03 15:49:05 -------- d-----w- c:\users\jean\appdata\local\Ahead
    2014-03-01 14:55:16 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-02-28 14:53:08 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bf2f323e-4b31-4057-a60c-b5ff3702a95d}\gapaengine.dll
    2014-02-26 21:23:21 -------- d-----w- c:\program files\MapsGalaxy_39
    2014-02-25 17:40:31 -------- d-----w- c:\windows\en
    2014-02-25 17:39:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2014-02-25 17:38:00 -------- d-----w- c:\program files\Microsoft
    2014-02-25 17:37:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2014-02-25 17:37:58 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2014-02-25 17:37:58 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2014-02-25 17:37:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2014-02-25 17:14:35 7450888 ----a-w- c:\program files\common files\windows live\.cache\d4443621cf324d47\bingbarsetup.exe
    2014-02-25 17:13:08 15712 ----a-w- c:\program files\common files\windows live\.cache\da5dde221cf324c38\MeshBetaRemover.exe
    2014-02-25 17:11:49 89944 ----a-w- c:\program files\common files\windows live\.cache\ab5c06121cf324c2b\DSETUP.dll
    2014-02-25 17:11:49 537432 ----a-w- c:\program files\common files\windows live\.cache\ab5c06121cf324c2b\DXSETUP.exe
    2014-02-25 17:11:49 1801048 ----a-w- c:\program files\common files\windows live\.cache\ab5c06121cf324c2b\dsetup32.dll
    2014-02-25 17:11:45 94040 ----a-w- c:\program files\common files\windows live\.cache\a86079521cf324c2a\DSETUP.dll
    2014-02-25 17:11:45 525656 ----a-w- c:\program files\common files\windows live\.cache\a86079521cf324c2a\DXSETUP.exe
    2014-02-25 17:11:45 1691480 ----a-w- c:\program files\common files\windows live\.cache\a86079521cf324c2a\dsetup32.dll
    2014-02-25 17:09:50 6260088 ----a-w- c:\program files\common files\windows live\.cache\6407ada21cf324c17\Silverlight.4.0.exe
    2014-02-25 17:07:44 -------- d-----w- c:\users\jean\appdata\local\Windows Live
    2014-02-25 17:07:44 -------- d-----w- c:\program files\common files\Windows Live
    2014-02-25 17:07:23 754688 ----a-w- c:\windows\system32\webservices.dll
    2014-02-20 03:22:00 -------- d-----w- c:\users\jean\appdata\local\Apple
    2014-02-18 14:33:08 -------- d-----w- c:\users\jean\appdata\local\Apple Computer
    2014-02-17 01:38:24 -------- d-----w- c:\users\jean\appdata\local\AOL
    2014-02-17 01:37:07 -------- d-----w- c:\users\jean\appdata\local\Adobe
    2014-02-16 21:40:09 -------- d-----w- c:\windows\Migration
    2014-02-13 13:33:13 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-04 21:31:46 -------- d-----w- c:\users\jean\appdata\local\Macromedia
    .
    ==================== Find3M ====================
    .
    2014-02-24 20:14:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-24 20:14:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 21:56:26.15 ===============


    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/17/2012 2:10:19 PM
    System Uptime: 3/5/2014 9:48:16 PM (0 hours ago)
    .
    Motherboard: ELITEGROUP | | 680IT-GB
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 326.027 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.761 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    Z: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 12 ActiveX
    Adobe Photoshop 5.0.2
    Adobe Reader XI (11.0.06)
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 3.0
    Belarc Advisor 8.2
    Bonjour
    Brother HL-2140
    Browser Address Error Redirector
    Canon MG5200 series MP Drivers
    CCleaner
    CleanUp!
    Compatibility Pack for the 2007 Office system
    Copy Utility
    D3DX10
    Digital Media Reader
    Dropbox
    EasyCleaner
    EPSON Photo Print
    EPSON Smart Panel
    EPSON TWAIN 5
    Free Studio Free Download Packages
    Free YouTube Download version 3.2.11.812
    Gateway Recovery Center Installer
    Glary Utilities 4.0
    Google Chrome
    Google Drive
    Google Earth
    Google Earth Free Download Packages
    Google Earth Free Download Packages 21
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hand And Foot 1.0.3.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hoyle Card Games 4
    Hoyle Card Games 5
    Ipswitch WS_FTP 12
    IrfanView (remove only)
    IrfanView Free Download Packages
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 39
    Java(TM) 6 Update 4
    Junk Mail filter update
    MailWasherPro
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft Works 6-9 Converter
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 24.3.0 (x86 en-US)
    Mozilla Thunderbird Free Download Packages
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    Nero 8
    neroxml
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 311.06
    NVIDIA Control Panel 311.06
    NVIDIA Drivers
    NVIDIA Graphics Driver 311.06
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Omar Sharif Bridge
    Palm Desktop
    PDF reDirect (remove only)
    Quicken 2007
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.95
    Revo Uninstaller Pro 3.0.5
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
    Segoe UI
    Strongvault Online Backup
    TClockEx
    TeamViewer 8
    Uninstall AOL Emergency Connect Utility 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewpoint Media Player
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WordPerfect Office 12
    .
    ==== End Of File ===========================

    I would appreciate any help you can give me as I really miss using my desktop.

    Thank you.

    Jeanne
     
  2. 2014/03/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    How are you posting since you can't get on the internet?
     

  3. to hide this advert.

  4. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    Hi. I am using my windows 7 laptop.
     
  5. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  6. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    I ran the programs suggested and here are the results of the files:
    AdwCleaner[S1].txt
    # AdwCleaner v3.020 - Report created 06/03/2014 at 20:21:09
    # Updated 27/02/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Jean - JEAN-PC
    # Running from : C:\Users\Jean\Desktop\adwcleaner.exe
    # Option : Clean

    JRT text file:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Jean on Thu 03/06/2014 at 20:30:07.78
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-528091951-17181806-3350549182-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{820DCD39-CA6E-422F-A5D3-B3C88AFAC685}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Jean\appdata\locallow\SkwConfig.bin "



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Jean\appdata\local\cre "
    Successfully deleted: [Folder] "C:\Users\Jean\appdata\local\stronghold_llc "



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
    Successfully deleted the following from C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\prefs.js

    user_pref( "toparcadehits.settings.addon_data ", "hxxp://tt.toparcadehits.com/cmn?p=YTIzMDA1Mjc5OTWWvS%2B%2F2M4bkzrh%2FAEkr2PNpTGSzn9wCFyXqj42wcPKawYek4Vic1hU6sbuAlQWhSOB%2FdPu5
    Emptied folder: C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\02xdd2fr.default-1373117438142\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/06/2014 at 20:32:28.15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You posted only partial log from AdwCleaner.
     
  8. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    REMAINDER OF FILES:

    FRST TXT FILE:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
    Ran by Jean (administrator) on JEAN-PC on 06-03-2014 20:42:06
    Running from C:\Users\Jean\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Windows\system32\locator.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1334930562\ee\aolsoftware.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Google Inc.) C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe
    (Dropbox, Inc.) C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
    HKLM\...\Run: [MapsGalaxy EPM Support] - "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
    HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1334930562\ee\AOLSoftware.exe [41800 2010-02-10] (AOL Inc.)
    HKLM\...\Run: [BrStsWnd] - C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-06-11] (brother)
    HKLM\...\Run: [Brdefprn] - C:\Program Files\Brother\BRHL2140\Brdefprn.exe [45056 2008-10-20] ()
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-07-13] (soft thinks)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-528091951-17181806-3350549182-1000\...\Run: [TClockEx] - C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
    HKU\S-1-5-21-528091951-17181806-3350549182-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
    HKU\S-1-5-21-528091951-17181806-3350549182-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
    HKU\S-1-5-21-528091951-17181806-3350549182-1000\...\Run: [Google Update] - C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
    HKU\S-1-5-21-528091951-17181806-3350549182-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
    Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
    SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jean\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jean\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Google Update) - C:\Users\Jean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (Google Drive) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-30]
    CHR Extension: (YouTube) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
    CHR Extension: (Google Search) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
    CHR Extension: (SweetPacks A5) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd [2013-10-14]
    CHR Extension: (Google Wallet) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
    CHR Extension: (VisualBee V.11) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma [2013-09-11]
    CHR Extension: (Gmail) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jean\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-07]
    CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-07]

    ========================== Services (Whitelisted) =================

    S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
    S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)

    ==================== Drivers (Whitelisted) ====================

    S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
    S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [47264 2012-03-21] (Tether)
    R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    S3 LVRS; system32\DRIVERS\lvrs.sys [X]
    S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIM; system32\DRIVERS\SymIM.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-06 20:42 - 2014-03-06 20:42 - 00015571 _____ () C:\Users\Jean\Desktop\FRST.txt
    2014-03-06 20:41 - 2014-03-06 20:42 - 00000000 ____D () C:\FRST
    2014-03-06 20:41 - 2014-03-06 20:41 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-06 20:41 - 2014-03-06 20:41 - 00000000 _____ () C:\Windows\setupact.log
    2014-03-06 20:32 - 2014-03-06 20:40 - 00005181 _____ () C:\Users\Jean\Desktop\JRT.txt
    2014-03-06 20:29 - 2014-03-06 20:29 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-06 20:21 - 2014-03-06 20:21 - 00035364 _____ () C:\Users\Jean\Desktop\AdwCleaner[S1].txt
    2014-03-06 20:13 - 2014-03-06 20:28 - 00000000 ____D () C:\AdwCleaner
    2014-03-06 20:13 - 2014-03-06 20:11 - 01145344 _____ (Farbar) C:\Users\Jean\Desktop\FRST.exe
    2014-03-06 20:13 - 2014-03-06 20:08 - 01244192 _____ () C:\Users\Jean\Desktop\adwcleaner.exe
    2014-03-06 20:13 - 2014-03-06 20:08 - 01037734 _____ (Thisisu) C:\Users\Jean\Desktop\JRT.exe
    2014-03-06 20:06 - 2014-03-06 10:22 - 00000000 ____D () C:\Users\Jean\Desktop\Lance trip 3 4 14
    2014-03-06 12:14 - 2014-03-06 15:11 - 00000000 ____D () C:\Users\Jean\Desktop\FIRST Lance trip 3 4 14
    2014-03-05 21:56 - 2014-03-05 21:56 - 00017584 _____ () C:\Users\Jean\Desktop\dds.txt
    2014-03-05 21:56 - 2014-03-05 21:56 - 00009222 _____ () C:\Users\Jean\Desktop\attach.txt
    2014-03-05 21:54 - 2014-03-05 21:52 - 00688992 ____R (Swearware) C:\Users\Jean\Desktop\dds.com
    2014-03-05 16:06 - 2014-03-05 16:06 - 00337193 _____ () C:\Users\Jean\Desktop\LAST CBS.log
    2014-03-04 16:21 - 2014-03-04 16:21 - 00054272 _____ () C:\Users\Jean\Desktop\Jean.xls
    2014-03-04 16:21 - 2014-03-04 16:21 - 00012946 _____ () C:\Users\Jean\AppData\Roaming\Microsoft Excel 97-2003.CAL
    2014-03-04 16:17 - 2014-03-04 16:17 - 00000342 _____ () C:\Windows\PFRO.log
    2014-03-04 09:17 - 2014-03-04 09:17 - 08397824 _____ () C:\Users\Jean\Desktop\Outlook backup.pst
    2014-03-03 12:04 - 2014-03-06 20:36 - 00017192 _____ () C:\Windows\WindowsUpdate.log
    2014-03-03 11:16 - 2013-04-11 10:31 - 00002595 _____ () C:\Users\Jean\Desktop\Microsoft Office PowerPoint 2007.lnk
    2014-03-03 11:16 - 2012-12-25 09:34 - 00001708 _____ () C:\Users\Jean\Desktop\Hoyle Card Games.lnk
    2014-03-03 11:16 - 2012-11-16 10:34 - 00000949 _____ () C:\Users\Jean\Desktop\Microsoft Office Outlook.lnk
    2014-03-03 11:16 - 2012-06-22 11:37 - 00001763 _____ () C:\Users\Jean\Desktop\Ipswitch WS_FTP 12.lnk
    2014-03-03 11:14 - 2014-03-03 11:32 - 00000000 ___RD () C:\Users\Public\pROGRAMS TO RELOAD
    2014-03-03 10:49 - 2014-03-03 10:49 - 00000000 ____D () C:\Users\Jean\AppData\Local\Ahead
    2014-03-02 18:39 - 2014-03-02 18:39 - 00008068 ____N () C:\bootex.log
    2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2014-02-25 12:38 - 2014-02-25 12:40 - 00000000 ____D () C:\Program Files\Windows Live
    2014-02-25 12:37 - 2014-02-27 13:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-02-25 12:37 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2014-02-25 12:37 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2014-02-25 12:37 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-02-25 12:37 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-02-25 12:07 - 2014-02-25 12:07 - 00000000 ____D () C:\Users\Jean\AppData\Local\Windows Live
    2014-02-25 12:07 - 2014-02-25 12:07 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
    2014-02-25 12:07 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
    2014-02-22 21:54 - 2014-02-24 09:19 - 00011093 _____ () C:\Users\Public\BOWLING GAMBLE.xlsx
    2014-02-19 22:22 - 2014-02-19 22:22 - 00000000 ____D () C:\Users\Jean\AppData\Local\Apple
    2014-02-19 15:17 - 2014-02-19 15:17 - 00000118 _____ () C:\Users\Public\Documents\SAH_Install.ini
    2014-02-18 09:33 - 2014-03-06 20:18 - 00000000 ____D () C:\Users\Jean\AppData\Local\Apple Computer
    2014-02-16 20:38 - 2014-03-03 10:49 - 00000000 ____D () C:\Users\Jean\AppData\Local\AOL
    2014-02-16 20:37 - 2014-02-16 20:37 - 00000000 ____D () C:\Users\Jean\AppData\Local\Adobe
    2014-02-14 08:06 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-14 08:06 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-14 08:06 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-14 08:06 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-14 08:06 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-14 08:06 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-14 08:06 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-14 08:06 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-14 08:06 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-14 08:06 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-14 08:06 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-14 08:06 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-14 08:06 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-14 08:06 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-14 08:06 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-14 08:06 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-13 08:33 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-02-04 16:31 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Jean\AppData\Local\Macromedia

    ==================== One Month Modified Files and Folders =======

    2014-03-06 20:42 - 2014-03-06 20:42 - 00015571 _____ () C:\Users\Jean\Desktop\FRST.txt
    2014-03-06 20:42 - 2014-03-06 20:41 - 00000000 ____D () C:\FRST
    2014-03-06 20:41 - 2014-03-06 20:41 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-06 20:41 - 2014-03-06 20:41 - 00000000 _____ () C:\Windows\setupact.log
    2014-03-06 20:41 - 2006-11-02 07:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-06 20:41 - 2006-11-02 07:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-06 20:40 - 2014-03-06 20:32 - 00005181 _____ () C:\Users\Jean\Desktop\JRT.txt
    2014-03-06 20:36 - 2014-03-03 12:04 - 00017192 _____ () C:\Windows\WindowsUpdate.log
    2014-03-06 20:29 - 2014-03-06 20:29 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-06 20:28 - 2014-03-06 20:13 - 00000000 ____D () C:\AdwCleaner
    2014-03-06 20:28 - 2013-06-25 11:36 - 00000000 ____D () C:\Users\Jean\AppData\Roaming\Dropbox
    2014-03-06 20:26 - 2012-02-18 18:54 - 00000263 _____ () C:\Windows\Brownie.ini
    2014-03-06 20:21 - 2014-03-06 20:21 - 00035364 _____ () C:\Users\Jean\Desktop\AdwCleaner[S1].txt
    2014-03-06 20:18 - 2014-02-18 09:33 - 00000000 ____D () C:\Users\Jean\AppData\Local\Apple Computer
    2014-03-06 20:18 - 2013-08-11 19:37 - 00000000 ____D () C:\Users\Jean\AppData\Local\CA1FDF8C-D281-4EC5-B221-5353301612E7.aplzod
    2014-03-06 20:11 - 2014-03-06 20:13 - 01145344 _____ (Farbar) C:\Users\Jean\Desktop\FRST.exe
    2014-03-06 20:08 - 2014-03-06 20:13 - 01244192 _____ () C:\Users\Jean\Desktop\adwcleaner.exe
    2014-03-06 20:08 - 2014-03-06 20:13 - 01037734 _____ (Thisisu) C:\Users\Jean\Desktop\JRT.exe
    2014-03-06 15:11 - 2014-03-06 12:14 - 00000000 ____D () C:\Users\Jean\Desktop\FIRST Lance trip 3 4 14
    2014-03-06 10:22 - 2014-03-06 20:06 - 00000000 ____D () C:\Users\Jean\Desktop\Lance trip 3 4 14
    2014-03-05 21:56 - 2014-03-05 21:56 - 00017584 _____ () C:\Users\Jean\Desktop\dds.txt
    2014-03-05 21:56 - 2014-03-05 21:56 - 00009222 _____ () C:\Users\Jean\Desktop\attach.txt
    2014-03-05 21:56 - 2006-11-02 05:33 - 00829270 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-05 21:52 - 2014-03-05 21:54 - 00688992 ____R (Swearware) C:\Users\Jean\Desktop\dds.com
    2014-03-05 21:44 - 2013-11-20 11:44 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
    2014-03-05 16:06 - 2014-03-05 16:06 - 00337193 _____ () C:\Users\Jean\Desktop\LAST CBS.log
    2014-03-04 16:36 - 2012-02-19 19:39 - 00000000 ____D () C:\Windows\pss
    2014-03-04 16:21 - 2014-03-04 16:21 - 00054272 _____ () C:\Users\Jean\Desktop\Jean.xls
    2014-03-04 16:21 - 2014-03-04 16:21 - 00012946 _____ () C:\Users\Jean\AppData\Roaming\Microsoft Excel 97-2003.CAL
    2014-03-04 16:17 - 2014-03-04 16:17 - 00000342 _____ () C:\Windows\PFRO.log
    2014-03-04 16:16 - 2012-02-17 11:29 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-03-04 09:17 - 2014-03-04 09:17 - 08397824 _____ () C:\Users\Jean\Desktop\Outlook backup.pst
    2014-03-03 11:32 - 2014-03-03 11:14 - 00000000 ___RD () C:\Users\Public\pROGRAMS TO RELOAD
    2014-03-03 11:14 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
    2014-03-03 10:49 - 2014-03-03 10:49 - 00000000 ____D () C:\Users\Jean\AppData\Local\Ahead
    2014-03-03 10:49 - 2014-02-16 20:38 - 00000000 ____D () C:\Users\Jean\AppData\Local\AOL
    2014-03-02 18:39 - 2014-03-02 18:39 - 00008068 ____N () C:\bootex.log
    2014-03-02 18:18 - 2012-09-09 08:50 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-02 18:10 - 2012-07-03 19:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000UA.job
    2014-03-02 17:58 - 2012-03-31 16:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-02 17:40 - 2012-09-09 08:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-02 17:09 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-02 09:06 - 2006-11-02 08:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-03-01 21:23 - 2012-07-03 19:19 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000Core.job
    2014-03-01 15:58 - 2012-09-01 07:52 - 00131584 _____ () C:\Users\Public\CR V MILEAGE.xls
    2014-03-01 09:58 - 2012-09-06 18:17 - 00000000 ____D () C:\Users\Public\Budget
    2014-02-28 11:32 - 2014-01-22 13:22 - 00009951 _____ () C:\Users\Public\Lance Repair items for Duffer Ct..xlsx
    2014-02-27 13:57 - 2014-02-25 12:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-02-25 21:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
    2014-02-25 20:55 - 2012-02-17 11:43 - 00131640 _____ () C:\Users\Jean\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-02-25 20:54 - 2006-11-02 07:47 - 00481656 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-02-25 12:45 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-02-25 12:40 - 2014-02-25 12:38 - 00000000 ____D () C:\Program Files\Windows Live
    2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2014-02-25 12:38 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-02-25 12:07 - 2014-02-25 12:07 - 00000000 ____D () C:\Users\Jean\AppData\Local\Windows Live
    2014-02-25 12:07 - 2014-02-25 12:07 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
    2014-02-25 09:17 - 2012-02-18 18:16 - 00107008 _____ () C:\Users\Public\AddresBook 2014 Larson.xls
    2014-02-24 15:14 - 2012-03-31 16:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-02-24 15:14 - 2012-02-20 22:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-02-24 09:19 - 2014-02-22 21:54 - 00011093 _____ () C:\Users\Public\BOWLING GAMBLE.xlsx
    2014-02-21 22:14 - 2012-09-30 08:10 - 00002048 _____ () C:\Users\Jean\Desktop\Google Chrome.lnk
    2014-02-19 22:22 - 2014-02-19 22:22 - 00000000 ____D () C:\Users\Jean\AppData\Local\Apple
    2014-02-19 15:17 - 2014-02-19 15:17 - 00000118 _____ () C:\Users\Public\Documents\SAH_Install.ini
    2014-02-16 20:41 - 2014-01-19 12:24 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-02-16 20:41 - 2014-01-19 12:24 - 00000000 ____D () C:\Program Files\CCleaner
    2014-02-16 20:37 - 2014-02-16 20:37 - 00000000 ____D () C:\Users\Jean\AppData\Local\Adobe
    2014-02-16 09:41 - 2012-02-17 13:51 - 00000000 ____D () C:\Windows\SMINST
    2014-02-15 15:18 - 2012-02-18 18:55 - 00000426 _____ () C:\Windows\BRWMARK.INI
    2014-02-13 08:37 - 2013-08-14 07:24 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-13 08:36 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-02-10 19:04 - 2012-02-17 11:42 - 00000000 ____D () C:\Users\Jean
    2014-02-10 19:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-02-10 19:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-02-10 19:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
    2014-02-10 19:04 - 2006-11-02 05:22 - 51642368 _____ () C:\Windows\system32\config\software_previous
    2014-02-10 19:04 - 2006-11-02 05:22 - 20709376 _____ () C:\Windows\system32\config\system_previous
    2014-02-10 18:59 - 2006-11-02 05:22 - 33816576 _____ () C:\Windows\system32\config\components_previous
    2014-02-10 18:59 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
    2014-02-10 09:29 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
    2014-02-10 09:29 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2014-02-05 09:52 - 2012-10-13 14:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-02-05 03:58 - 2014-02-14 08:06 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-05 03:56 - 2014-02-14 08:06 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-05 03:53 - 2014-02-14 08:06 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-05 03:51 - 2014-02-14 08:06 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-05 03:50 - 2014-02-14 08:06 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-05 03:49 - 2014-02-14 08:06 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-05 03:49 - 2014-02-14 08:06 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-05 03:48 - 2014-02-14 08:06 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-05 03:48 - 2014-02-14 08:06 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-05 03:48 - 2014-02-14 08:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-05 03:48 - 2014-02-14 08:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-05 03:48 - 2014-02-14 08:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-05 03:47 - 2014-02-14 08:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-05 03:47 - 2014-02-14 08:06 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-05 03:47 - 2014-02-14 08:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-05 03:46 - 2014-02-14 08:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-04 23:03 - 2013-08-06 19:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
    2014-02-04 16:31 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Jean\AppData\Local\Macromedia

    Some content of TEMP:
    ====================
    C:\Users\Jean\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-06 20:31

    ==================== End Of Log ============================
     
  9. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    ADDITION FILE:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-03-2014
    Ran by Jean at 2014-03-06 20:42:58
    Running from C:\Users\Jean\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL LLC)
    Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 3.0 (HKLM\...\ArcSoft PhotoImpression 3.0) (Version: - )
    Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.6 - Belarc Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Brother HL-2140 (HKLM\...\{93691D57-668D-4940-814E-4D7E16F7459B}) (Version: 1.00 - Brother)
    Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
    CleanUp! (HKLM\...\CleanUp!) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy Utility (HKLM\...\Copy Utility) (Version: - )
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
    EPSON Photo Print (HKLM\...\EPSON Photo Print) (Version: - )
    EPSON Smart Panel (HKLM\...\EPSON Smart Panel) (Version: - )
    EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
    Free Studio Free Download Packages (HKCU\...\Free Studio Free Download Packages) (Version: - ) <==== ATTENTION
    Free YouTube Download version 3.2.11.812 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
    Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.033 - Gateway)
    Glary Utilities 4.0 (HKLM\...\Glary Utilities 4) (Version: 4.0.0.50 - Glarysoft Ltd)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
    Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
    Google Earth (HKLM\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
    Google Earth Free Download Packages (HKCU\...\Google Earth Free Download Packages) (Version: - ) <==== ATTENTION
    Google Earth Free Download Packages 21 (HKCU\...\Google Earth Free Download Packages 21) (Version: - ) <==== ATTENTION
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
    Hand And Foot 1.0.3.1 (HKLM\...\HandAndFoot_is1) (Version: - )
    Hoyle Card Games 4 (HKLM\...\Hoyle Card Games 4) (Version: - )
    Hoyle Card Games 5 (HKLM\...\Hoyle Card Games 5) (Version: - )
    Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
    IrfanView Free Download Packages (HKCU\...\IrfanView Free Download Packages) (Version: - ) <==== ATTENTION
    iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
    Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
    Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)
    Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    MailWasherPro (HKLM\...\{6657DA03-A39B-472C-8458-6292E128A3D9}) (Version: 7.2.0 - Firetrust)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Accounting 2007 (HKLM\...\Microsoft Office Accounting 2007) (Version: 2.0.7503.0 - Microsoft Corporation)
    Microsoft Office Accounting 2007 (Version: 2.0.7503.0 - Microsoft Corporation) Hidden
    Microsoft Office Accounting ADP Payroll Addin (HKLM\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
    Microsoft Office Accounting Equifax Addin (HKLM\...\{8C711818-076E-475C-B95B-DF11CD9D8DBE}) (Version: 2.0.7416.00 - Microsoft Corporation)
    Microsoft Office Accounting Fixed Asset Manager (HKLM\...\{46614A49-222A-48EF-87A9-BFD603E608E1}) (Version: 2.0.7416.00 - Microsoft Corporation)
    Microsoft Office Accounting PayPal Addin (HKLM\...\{353D20CC-719B-4A60-AD33-D03F88C10330}) (Version: 2.0.7416.00 - Microsoft Corporation)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Small Business 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
    Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
    Mozilla Thunderbird Free Download Packages (HKCU\...\Mozilla Thunderbird Free Download Packages) (Version: - ) <==== ATTENTION
    MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nero 8 (HKLM\...\{B4DD23DF-FA02-4BA0-8087-9FFB5C081033}) (Version: 8.3.85 - Nero AG)
    neroxml (Version: 1.0.0 - Nero AG) Hidden
    NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
    Omar Sharif Bridge (HKLM\...\{E30DECE7-42AF-489D-ABB4-BAD765347272}) (Version: - )
    Palm Desktop (HKCU\...\Pilot Desktop) (Version: - )
    PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)
    Quicken 2007 (HKLM\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Strongvault Online Backup (Version: 5.0.2.34 - Strongvault Online Backup) Hidden
    TClockEx (HKLM\...\TClockEx_is1) (Version: - )
    TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
    Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1302A3B6-5898-4775-B40A-152B7A71D9E7} - \GlaryInitialize 3 No Task File
    Task: {1B811D7C-FF6C-4876-8B8A-ACEAD06C11E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {56ECA06D-8DB5-4FF3-A496-B5BFC764B011} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {5BE0EE0B-2A85-472E-BE93-441CAA797358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000UA => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
    Task: {7442601D-02B0-430F-92A7-B0D4AFCCCF04} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glarysoft\Glary Utilities 4\Initialize.exe [2013-11-18] (Glarysoft Ltd)
    Task: {84EC1B4D-3A85-4ADE-863D-5D9483570567} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
    Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
    Task: {D47E6179-FF32-42BA-9461-E4DFA669639E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {D8C4361A-A368-49E4-9644-C1AA31B83F19} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: {E9DCF927-BAE1-4DE5-A593-F8159F06743B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000Core => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
    Task: {EC527BB1-9B65-4C7A-A664-4A853990FED2} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
    Task: {EEA185C6-24EF-436B-9644-140A35562EAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F1B82DE3-17CB-45A5-A60F-6F29C949FEEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-24] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glarysoft\Glary Utilities 4\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000Core.job => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528091951-17181806-3350549182-1000UA.job => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Jean\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-06-22 11:37 - 2010-09-28 14:56 - 06551672 _____ () C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll
    2012-06-22 11:37 - 2010-09-28 14:53 - 00948496 _____ () C:\Program Files\Ipswitch\WS_FTP 12\LIBEAY32.dll
    2012-06-22 11:37 - 2010-09-28 14:53 - 00153360 _____ () C:\Program Files\Ipswitch\WS_FTP 12\SSLEAY32.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => " "= "Service "

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AeLookupSvc => 2
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AOL ACS => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: AudioEndpointBuilder => 2
    MSCONFIG\Services: Audiosrv => 2
    MSCONFIG\Services: BBSvc => 3
    MSCONFIG\Services: BFE => 2
    MSCONFIG\Services: BITS => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Browser => 2
    MSCONFIG\Services: CertPropSvc => 3
    MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
    MSCONFIG\Services: COMSysApp => 3
    MSCONFIG\Services: CryptSvc => 2
    MSCONFIG\Services: DFSR => 3
    MSCONFIG\Services: Dhcp => 2
    MSCONFIG\Services: Dnscache => 2
    MSCONFIG\Services: dot3svc => 3
    MSCONFIG\Services: DPS => 2
    MSCONFIG\Services: EapHost => 3
    MSCONFIG\Services: ehRecvr => 3
    MSCONFIG\Services: ehSched => 3
    MSCONFIG\Services: ehstart => 2
    MSCONFIG\Services: EMDMgmt => 2
    MSCONFIG\Services: Eventlog => 2
    MSCONFIG\Services: EventSystem => 2
    MSCONFIG\Services: fdPHost => 3
    MSCONFIG\Services: FDResPub => 2
    MSCONFIG\Services: FontCache => 2
    MSCONFIG\Services: FontCache3.0.0.0 => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: hidserv => 2
    MSCONFIG\Services: hkmsvc => 3
    MSCONFIG\Services: idsvc => 3
    MSCONFIG\Services: IKEEXT => 2
    MSCONFIG\Services: IPBusEnum => 2
    MSCONFIG\Services: iphlpsvc => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: KeyIso => 3
    MSCONFIG\Services: KtmRm => 2
    MSCONFIG\Services: LanmanServer => 2
    MSCONFIG\Services: LanmanWorkstation => 2
    MSCONFIG\Services: lltdsvc => 3
    MSCONFIG\Services: lmhosts => 2
    MSCONFIG\Services: MMCSS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MpsSvc => 2
    MSCONFIG\Services: MSDTC => 3
    MSCONFIG\Services: MSiSCSI => 3
    MSCONFIG\Services: msiserver => 3
    MSCONFIG\Services: MSSQL$MSSMLBIZ => 2
    MSCONFIG\Services: napagent => 3
    MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
    MSCONFIG\Services: Netlogon => 3
    MSCONFIG\Services: Netman => 3
    MSCONFIG\Services: netprofm => 2
    MSCONFIG\Services: NlaSvc => 2
    MSCONFIG\Services: NMIndexingService => 3
    MSCONFIG\Services: nsi => 2
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: odserv => 3
    MSCONFIG\Services: ose => 3
    MSCONFIG\Services: p2pimsvc => 3
    MSCONFIG\Services: p2psvc => 3
    MSCONFIG\Services: PcaSvc => 2
    MSCONFIG\Services: pla => 3
    MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
    MSCONFIG\Services: PNRPAutoReg => 3
    MSCONFIG\Services: PNRPsvc => 3
    MSCONFIG\Services: PolicyAgent => 2
    MSCONFIG\Services: ProtectedStorage => 3
    MSCONFIG\Services: QWAVE => 3
    MSCONFIG\Services: RasAuto => 3
    MSCONFIG\Services: RasMan => 3
    MSCONFIG\Services: RemoteRegistry => 3
    MSCONFIG\Services: RpcLocator => 3
    MSCONFIG\Services: SamSs => 2
    MSCONFIG\Services: SCardSvr => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: SDRSVC => 3
    MSCONFIG\Services: SeaPort => 2
    MSCONFIG\Services: seclogon => 2
    MSCONFIG\Services: SENS => 2
    MSCONFIG\Services: SessionEnv => 3
    MSCONFIG\Services: ShellHWDetection => 2
    MSCONFIG\Services: SLUINotify => 3
    MSCONFIG\Services: SNMPTRAP => 3
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: SQLBrowser => 2
    MSCONFIG\Services: SQLWriter => 2
    MSCONFIG\Services: SSDPSRV => 3
    MSCONFIG\Services: SstpSvc => 3
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: stisvc => 2
    MSCONFIG\Services: SupportSoft RemoteAssist => 2
    MSCONFIG\Services: swprv => 3
    MSCONFIG\Services: SysMain => 2
    MSCONFIG\Services: TabletInputService => 2
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: TBS => 2
    MSCONFIG\Services: TeamViewer8 => 2
    MSCONFIG\Services: TermService => 2
    MSCONFIG\Services: Themes => 2
    MSCONFIG\Services: THREADORDER => 3
    MSCONFIG\Services: TrkWks => 2
    MSCONFIG\Services: TrustedInstaller => 3
    MSCONFIG\Services: UI0Detect => 3
    MSCONFIG\Services: upnphost => 2
    MSCONFIG\Services: UxSms => 2
    MSCONFIG\Services: vds => 3
    MSCONFIG\Services: VSS => 3
    MSCONFIG\Services: W32Time => 2
    MSCONFIG\Services: wcncsvc => 3
    MSCONFIG\Services: WcsPlugInService => 3
    MSCONFIG\Services: WdiServiceHost => 3
    MSCONFIG\Services: WdiSystemHost => 3
    MSCONFIG\Services: WebClient => 2
    MSCONFIG\Services: Wecsvc => 3
    MSCONFIG\Services: wercplsupport => 3
    MSCONFIG\Services: WerSvc => 2
    MSCONFIG\Services: WinDefend => 2
    MSCONFIG\Services: WinHttpAutoProxySvc => 3
    MSCONFIG\Services: Winmgmt => 2
    MSCONFIG\Services: WinRM => 3
    MSCONFIG\Services: Wlansvc => 2
    MSCONFIG\Services: wlidsvc => 2
    MSCONFIG\Services: wmiApSrv => 3
    MSCONFIG\Services: WMPNetworkSvc => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: WPDBusEnum => 2
    MSCONFIG\Services: WPFFontCache_v0400 => 3
    MSCONFIG\Services: wscsvc => 2
    MSCONFIG\Services: WSearch => 2
    MSCONFIG\Services: wuauserv => 2
    MSCONFIG\Services: wudfsvc => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk => C:\Windows\pss\BigFix.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Jean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not Reminders.lnk => C:\Windows\pss\Forget Me Not Reminders.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Jean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.exe - Shortcut.lnk => C:\Windows\pss\MailWasherPro.exe - Shortcut.lnk.Startup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
    MSCONFIG\startupreg: LogMeIn GUI =>
    MSCONFIG\startupreg: Skype =>

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/02/2014 06:26:40 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/02/2014 06:21:18 PM) (Source: Application Hang) (User: )
    Description: The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 17cc
    Start Time: 01cf366e108442e6
    Termination Time: 12

    Error: (03/02/2014 06:20:56 PM) (Source: Application Hang) (User: )
    Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 1410
    Start Time: 01cf366d929815f6
    Termination Time: 11

    Error: (03/02/2014 06:18:17 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {4714d963-b2e6-49ed-91cd-a2eebca180c5}

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: LsaC:\Windows\system32\Secur32.dll4

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: ESENTC:\Windows\system32\esentprf.dll4

    Error: (03/02/2014 05:13:26 PM) (Source: Perflib) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


    System errors:
    =============
    Error: (03/02/2014 06:27:13 PM) (Source: Service Control Manager) (User: )
    Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

    Error: (03/02/2014 06:27:01 PM) (Source: Service Control Manager) (User: )
    Description: Microsoft Antimalware Service1150001Restart the service

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: AFD
    DfsC
    MpFilter
    NetBIOS
    netbt
    nsiproxy
    PSched
    RasAcd
    rdbss
    Smb
    spldr
    tdx
    Wanarpv6

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: Network Location AwarenessNetwork Store Interface Service%%1068

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: IP HelperNetwork Store Interface Service%%1068

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: WebClientWebDav Client Redirector Driver%%1068

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

    Error: (03/02/2014 06:26:40 PM) (Source: Service Control Manager) (User: )
    Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068


    Microsoft Office Sessions:
    =========================
    Error: (02/26/2014 04:26:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 235 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (02/16/2014 10:02:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (02/15/2014 03:13:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1311 seconds with 600 seconds of active time. This session ended with a crash.

    Error: (01/29/2014 11:21:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (01/22/2014 01:24:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 158 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (01/16/2014 09:22:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (01/16/2014 08:45:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (01/11/2014 11:51:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 223 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (01/08/2014 10:28:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 158 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (01/08/2014 10:25:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 336 seconds with 120 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-03-04 11:20:44.208
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:44.083
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.958
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.833
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.708
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.584
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.412
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.287
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.162
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.038
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 3070.64 MB
    Available physical RAM: 2341.72 MB
    Total Pagefile: 6340.53 MB
    Available Pagefile: 5781.5 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1913.38 MB

    ==================== Drives ================================

    Drive c: (Partition_1) (Fixed) (Total:455.59 GB) (Free:325.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:10.17 GB) (Free:4.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive i: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 5549B0F3)
    Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 961 MB) (Disk ID: 72FB762F)
    Partition 1: (Not Active) - (Size=960 MB) - (Type=06)

    ==================== End Of Log ============================
     
  10. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
  11. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    I will post AdwCleaner again, only half of it:

    # AdwCleaner v3.020 - Report created 06/03/2014 at 20:21:09
    # Updated 27/02/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Jean - JEAN-PC
    # Running from : C:\Users\Jean\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Jean\AppData\Roaming\SearchProtect
    Folder Deleted : C:\Users\Jean\AppData\Roaming\strongvault
    Folder Deleted : C:\Users\Jean\Documents\Mobogenie
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\Smartbar
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\CT3287810
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\CT3314312
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\Extensions\39ffxtbr@MapsGalaxy_39.com
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\Extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
    Folder Deleted : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
    Folder Deleted : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
    File Deleted : C:\END
    File Deleted : C:\Windows\system32\dmwu.exe
    File Deleted : C:\Windows\system32\ImhxxpComm.dll
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\invalidprefs.js
    File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\Babylon.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\Conduit.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\delta.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\caphyon
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\wnlt
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
    Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\caphyon
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\MapsGalaxy_39
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\Software\wnlt
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\visualbee
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Whilokii
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16533

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\02xdd2fr.default-1373117438142\prefs.js ]

    Line Deleted : user_pref( "CT3287810.1000082.isPlayDisplay ", "true ");
    Line Deleted : user_pref( "CT3287810.1000082.state ", "{\ "state\ ":\ "stopped\ ",\ "text\ ":\ "Californi...\ ",\ "description\ ":\ "California Rock - Rock\ ",\ "url\ ":\ "hxxp://www.feedlive.net/california.asx\ "} ");
    Line Deleted : user_pref( "CT3287810.ENABALE_HISTORY ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.FF19Solved ", "true ");
    Line Deleted : user_pref( "CT3287810.FirstTime ", "true ");
    Line Deleted : user_pref( "CT3287810.FirstTimeFF3 ", "true ");
    Line Deleted : user_pref( "CT3287810.PG_ENABLE ", "dHJ1ZQ== ");
    Line Deleted : user_pref( "CT3287810.SF_JUST_INSTALLED.enc ", "RkFMU0U= ");
    Line Deleted : user_pref( "CT3287810.SF_STATUS.enc ", "RU5BQkxFRA== ");
    Line Deleted : user_pref( "CT3287810.SF_USER_ID ", "%E9%EF%EA%E5%B7%BF%B7%B8%B8%B6%B7%B9%B7%BB%B8%B8%BA%BC%BA%B8%BB%B6%B7%BB ");
    Line Deleted : user_pref( "CT3287810.SF_USER_ID.enc ", "Y2lkXzE5MTIyMDEzMTUyMjQ2NDI1MDE1 ");
    Line Deleted : user_pref( "CT3287810.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN33812119381801467&UM=2&q= ");
    Line Deleted : user_pref( "CT3287810.UserID ", "UN33812119381801467 ");
    Line Deleted : user_pref( "CT3287810._key_cl_active ", "%BB%BF%EC%BF%BF%BF%BA%B7%B3%BA%BE%B8%B6%B3%BA%BD%BC%B9%B3%E8%E7%BF%BF%B3%E8%EC%B8%B9%B6%B8%BD%BC%EA%BB%BE%B9 ");
    Line Deleted : user_pref( "CT3287810._key_cl_active.enc ", "NTlmOTk5NDEtNDgyMC00NzYzLWJhOTktYmYyMzAyNzZkNTgz ");
    Line Deleted : user_pref( "CT3287810.addressBarTakeOverEnabledInHidden ", "true ");
    Line Deleted : user_pref( "CT3287810.browser.search.defaultthis.engineName ", "true ");
    Line Deleted : user_pref( "CT3287810.cbfirsttime.enc ", "TW9uIFNlcCAyMyAyMDEzIDEyOjU5OjE4IEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp ");
    Line Deleted : user_pref( "CT3287810.countryCode ", "US ");
    Line Deleted : user_pref( "CT3287810.defaultSearch ", "true ");
    Line Deleted : user_pref( "CT3287810.discover-experiments-photopop ", "ā%A8%F4%E7%F3%EB%A8%C0%A8%F6%EE%F5%FA%F5%F6%F5%F6%E5%F4%E7%A8%B2%A8%FC%EB%F8%F9%EF%F5%F4%A8%C0%B7%B6ă ");
    Line Deleted : user_pref( "CT3287810.discover-experiments-photopop.enc ", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0= ");
    Line Deleted : user_pref( "CT3287810.discover-periodic-reports ", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BD%BA%BE%BA%BB%BD%BE%BB%BC%BB%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă ");
    Line Deleted : user_pref( "CT3287810.discover-periodic-reports.enc ", "eyJwaW5nXzAiOlsxMzg3NDg0NTc4NTY1LDE0NDAwMDAwXX0= ");
    Line Deleted : user_pref( "CT3287810.discover-user-id ", "%A8%BA%EA%B7%EA%B9%BC%E7%E7%B3%EB%B9%BD%EC%B3%BA%EC%BE%B9%B3%BF%BD%E9%E8%B3%E7%BF%B9%B9%EB%B8%B6%E7%BB%BF%BD%B9%A8 ");
    Line Deleted : user_pref( "CT3287810.discover-user-id.enc ", "IjRkMWQzNmFhLWUzN2YtNGY4My05N2NiLWE5MzNlMjBhNTk3MyI= ");
    Line Deleted : user_pref( "CT3287810.embeddedsData ", "[{\ "appId\ ":\ "130058504954995283\ ",\ "apiPermissions\ ":{\ "crossDomainAjax\ ":true,\ "getMainFrameTitle\ ":true,\ "getMainFrameUrl\ ":true,\ "getSearchTerm\ ":true,\ "insta[...]
    Line Deleted : user_pref( "CT3287810.enableAlerts ", "true ");
    Line Deleted : user_pref( "CT3287810.enableSearchFromAddressBar ", "true ");
    Line Deleted : user_pref( "CT3287810.firstTimeDialogOpened ", "true ");
    Line Deleted : user_pref( "CT3287810.fixPageNotFoundError ", "true ");
    Line Deleted : user_pref( "CT3287810.fixPageNotFoundErrorByUser ", "true ");
    Line Deleted : user_pref( "CT3287810.fixPageNotFoundErrorInHidden ", "true ");
    Line Deleted : user_pref( "CT3287810.fullUserID ", "UN33812119381801467.IN.20130911090922 ");
    Line Deleted : user_pref( "CT3287810.ground-country-code ", "%A8%DB%D9%A8 ");
    Line Deleted : user_pref( "CT3287810.ground-country-code.enc ", "IlVTIg== ");
    Line Deleted : user_pref( "CT3287810.impression_session_counter ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.impression_session_counter.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.impression_session_id ", "%A8%B9%E9%E7%BA%B7%EA%BD%E7%B3%BD%B7%B9%BE%B3%BA%E9%E7%BB%B3%E7%EA%EC%BC%B3%EA%E7%BA%B8%BC%B8%BC%EB%EB%EA%B8%EC%A8 ");
    Line Deleted : user_pref( "CT3287810.impression_session_id.enc ", "IjNjYTQxZDdhLTcxMzgtNGNhNS1hZGY2LWRhNDI2MjZlZWQyZiI= ");
    Line Deleted : user_pref( "CT3287810.impression_session_last_active ", "%B7%B9%BE%BD%BA%BE%BE%BE%B6%B8%B8%B9%BF ");
    Line Deleted : user_pref( "CT3287810.impression_session_last_active.enc ", "MTM4NzQ4ODgwMjIzOQ== ");
    Line Deleted : user_pref( "CT3287810.installDate ", "11/09/2013 09:09:44 ");
    Line Deleted : user_pref( "CT3287810.installId ", "stub.exe ");
    Line Deleted : user_pref( "CT3287810.installSessionId ", "{7AE576EA-D31A-43FF-9C48-E093606EB465} ");
    Line Deleted : user_pref( "CT3287810.installSp ", "TRUE ");
    Line Deleted : user_pref( "CT3287810.installType ", "conduitnsisintegration ");
    Line Deleted : user_pref( "CT3287810.installUsage ", "2013-09-23T19:59:04.5949937+03:00 ");
    Line Deleted : user_pref( "CT3287810.installUsageEarly ", "2013-09-23T19:59:03.6121748+03:00 ");
    Line Deleted : user_pref( "CT3287810.installerVersion ", "1.7.0.9 ");
    Line Deleted : user_pref( "CT3287810.isCheckedStartAsHidden ", true);
    Line Deleted : user_pref( "CT3287810.isEnableAllDialogs ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.isFirstTimeToolbarLoading ", "false ");
    Line Deleted : user_pref( "CT3287810.isToolbarShrinked ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "false\ "} ");
    Line Deleted : user_pref( "CT3287810.keyword ", "true ");
    Line Deleted : user_pref( "CT3287810.lastNewTabSettings ", "{\ "isEnabled\ ":true,\ "newTabUrl\ ":\ "hxxp://search.conduit.com/?ctid=CT3287810&octid=CT3287810&SearchSource=15&CUI=UN33812119381801467&SSPV=&Lay=1&UM=2\ "} ");
    Line Deleted : user_pref( "CT3287810.lastVersion ", "10.20.1.508 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appStateReportTime ", "%B7%B9%BF%B9%BD%B7%B7%B6%BE%BA%B8%BC%BD ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appStateReportTime.enc ", "MTM5MzcxMTA4NDI2Nw== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_ACplus.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Clarity_Active ", "%F5%F4 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Clarity_Active.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_CouponBuddy.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Discover.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Easytobook.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Easytobook_targeted.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_Find-a-Pro.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_PiclickV2-WebSearch.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_PriceGong.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appState_WindowShopper.enc ", "b24= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appsConfig.enc ", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_appsDefaultEnabled ", "%F4%FB%F2%F2 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_appsDefaultEnabled.enc ", "bnVsbA== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_calledSetupService.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_currentBadgeValue ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_currentBadgeValue.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_currentVersion ", "%B7%B4%B7%B9%B4%B6%B4%B7%BD ");
    Line Deleted : user_pref( "CT3287810.mam_gk_currentVersion.enc ", "MS4xMy4wLjE3 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_eventsCache ", "ā%A8%EB%BE%EA%BC%E9%E7%BA%EB%B3%B7%B7%EA%B8%B3%BA%E9%E9%B7%B3%BE%EC%BE%BE%B3%BD%BC%BC%E9%EC%E7%BB%BE%BA%EA%BF%B9%A8%C0ā%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_eventsCache.enc ", "eyJlOGQ2Y2E0ZS0xMWQyLTRjYzEtOGY4OC03NjZjZmE1ODRkOTMiOnsidG9waWMiOiJzaG93QmFkZ2UiLCJkYXRhIjoiIiwidW5pcXVlSWQiOiJlOGQ2Y2E0ZS0xMWQyLTRjYzEtOGY4OC03NjZjZmE1O[...]
     
  12. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    Rest of ADW cleaner:

    Line Deleted : user_pref( "CT3287810.mam_gk_existingUsersRecoveryDone.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_first_time ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_first_time.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_globalKeysMigratedToLocalStorage ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_globalKeysMigratedToLocalStorage.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_installer_preapproved.enc ", "ZmFsc2U= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_lastLoginTime ", "%B7%B9%BF%B9%BD%B7%B7%B6%BE%BA%BA%B9%B9 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_lastLoginTime.enc ", "MTM5MzcxMTA4NDQzMw== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_localization.enc ", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_mamEnabled.enc ", "dHJ1ZQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_newApps ", "%E1ā%A8%EF%EA%A8%C0%A8%C9%EE%E7%F4%ED%F5%A8%B2%A8%F4%E7%F3%EB%A8%C0%A8%C9%EE%E7%F4%ED%F5%A8%B2%A8%EA%EB%F9%E9%F8%EF%F6%FA%EF%F5%F4%A8%C0%A8%C9%EE%E7%F4%ED%F[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_newApps.enc ", "W3siaWQiOiJDaGFuZ28iLCJuYW1lIjoiQ2hhbmdvIiwiZGVzY3JpcHRpb24iOiJDaGFuZ28gaXMgYSBkYXRhIGRyaXZlbiBtYXJrZXRpbmcgY29tcGFueSB3aGljaCBwcm92aWRlcyB5b3Ugd2l0aCBhZCByZ[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_new_welcome_experience.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_pgUnloadedOnce.enc ", "dHJ1ZQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.10.4.0.enc ", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.11.4.2 ", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.11.4.2.enc ", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.12.0.5 ", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.12.0.5.enc ", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMjAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.13.0.17 ", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_settings1.13.0.17.enc ", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAzMDIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSyI6Ikg0c0lBQUFBQUFBRUFPeTl[...]
    Line Deleted : user_pref( "CT3287810.mam_gk_showWelcomeGadget ", "%EC%E7%F2%F9%EB ");
    Line Deleted : user_pref( "CT3287810.mam_gk_showWelcomeGadget.enc ", "ZmFsc2U= ");
    Line Deleted : user_pref( "CT3287810.mam_gk_stamp ", "%B7%B6%BA%B9%E5%B6 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_stamp.enc ", "MTA0M18w ");
    Line Deleted : user_pref( "CT3287810.mam_gk_userBornDate ", "%D4%B5%C7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_userBornDate.enc ", "Ti9B ");
    Line Deleted : user_pref( "CT3287810.mam_gk_userId ", "%B8%B8%BA%BF%EB%BA%BA%BF%B3%BE%BE%EA%BD%B3%BA%B6%BF%BC%B3%BE%EB%EC%E8%B3%EB%B8%BE%BF%E8%BB%EB%B8%B6%BA%B8%EC ");
    Line Deleted : user_pref( "CT3287810.mam_gk_userId.enc ", "MjI0OWU0NDktODhkNy00MDk2LThlZmItZTI4OWI1ZTIwNDJm ");
    Line Deleted : user_pref( "CT3287810.mam_gk_user_approval_interacted ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_user_approval_interacted.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.mam_gk_welcomeDialogMode ", "%B7 ");
    Line Deleted : user_pref( "CT3287810.mam_gk_welcomeDialogMode.enc ", "MQ== ");
    Line Deleted : user_pref( "CT3287810.navigationAliasesJson ", "{\ "EB_SEARCH_TERM\ ":\ "\ ",\ "EB_MAIN_FRAME_URL\ ":\ "\ ",\ "EB_MAIN_FRAME_TITLE\ ":\ "\ ",\ "EB_TOOLBAR_SUB_DOMAIN\ ":\ "hxxp://VisualBeeV11.OurToolbar.com/\ ",\ "EB_TO[...]
    Line Deleted : user_pref( "CT3287810.openThankYouPage ", "false ");
    Line Deleted : user_pref( "CT3287810.openUninstallPage ", "true ");
    Line Deleted : user_pref( "CT3287810.originalHomepage ", "about:home ");
    Line Deleted : user_pref( "CT3287810.originalSearchAddressUrl ", " ");
    Line Deleted : user_pref( "CT3287810.originalSearchEngine ", " ");
    Line Deleted : user_pref( "CT3287810.originalSearchEngineName ", " ");
    Line Deleted : user_pref( "CT3287810.price-gong.isManagedApp ", "true ");
    Line Deleted : user_pref( "CT3287810.rematchagent-matkot-user-id ", "%A8%B7%B9%BF%B7%BB%BA%BF%BB%B9%BF%B6%B7%B9%BE%BD%B8%B9%BA%BB%BC%A8 ");
    Line Deleted : user_pref( "CT3287810.rematchagent-matkot-user-id.enc ", "IjEzOTE1NDk1MzkwMTM4NzIzNDU2Ig== ");
    Line Deleted : user_pref( "CT3287810.rematchagent-periodic-reports ", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BF%B7%BB%BA%BF%BB%B8%BA%B7%BA%B8%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă ");
    Line Deleted : user_pref( "CT3287810.rematchagent-periodic-reports.enc ", "eyJwaW5nXzAiOlsxMzkxNTQ5NTI0MTQyLDE0NDAwMDAwXX0= ");
    Line Deleted : user_pref( "CT3287810.revertSettingsEnabled ", "false ");
    Line Deleted : user_pref( "CT3287810.search.searchAppId ", "130058504954995283 ");
    Line Deleted : user_pref( "CT3287810.search.searchCount ", "0 ");
    Line Deleted : user_pref( "CT3287810.searchFromAddressBarEnabledByUser ", "true ");
    Line Deleted : user_pref( "CT3287810.searchInNewTabEnabledByUser ", "true ");
    Line Deleted : user_pref( "CT3287810.searchInNewTabEnabledInHidden ", "true ");
    Line Deleted : user_pref( "CT3287810.searchRevert ", "false ");
    Line Deleted : user_pref( "CT3287810.searchSuggestEnabledByUser ", "true ");
    Line Deleted : user_pref( "CT3287810.searchUserMode ", "2 ");
    Line Deleted : user_pref( "CT3287810.selectToSearchBoxEnabled ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_login_isFirstLoginInvoked ", "{\ "dataType\ ":\ "boolean\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_login_loginCount ", "{\ "dataType\ ":\ "number\ ",\ "data\ ":\ "4\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_toolbarGrouping_activeCTID ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "CT3287810\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_toolbarGrouping_activeDownloadUrl ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "hxxp://VisualBeeV11.OurToolbar.com//xpi\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_toolbarGrouping_activeToolbarName ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "VisualBee V.11 \ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_toolbarGrouping_invoked ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_service_usage_toolbarUsageCount ", "{\ "dataType\ ":\ "number\ ",\ "data\ ":\ "2\ "} ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_Configuration_lastUpdate ", "1393855655279 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_appTrackingFirstTime_lastUpdate ", "1393711080411 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_appsMetadata_lastUpdate ", "1393855655278 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_gottenAppsContextMenu_lastUpdate ", "1393711080266 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate ", "1379955545130 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate ", "1379955546347 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_login_10.20.0.15_lastUpdate ", "1382188089492 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_login_10.20.1.508_lastUpdate ", "1393855655154 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_otherAppsContextMenu_lastUpdate ", "1393711080226 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_searchAPI_lastUpdate ", "1393855655279 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_serviceMap_lastUpdate ", "1393855655254 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_toolbarContextMenu_lastUpdate ", "1393855655274 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_toolbarSettings_lastUpdate ", "1393855655278 ");
    Line Deleted : user_pref( "CT3287810.serviceLayer_services_translation_lastUpdate ", "1393855655272 ");
    Line Deleted : user_pref( "CT3287810.settingsINI ", true);
    Line Deleted : user_pref( "CT3287810.shouldFirstTimeDialog ", "false ");
    Line Deleted : user_pref( "CT3287810.showToolbarPermission ", "false ");
    Line Deleted : user_pref( "CT3287810.smartbar.CTID ", "CT3287810 ");
    Line Deleted : user_pref( "CT3287810.smartbar.Uninstall ", "0 ");
    Line Deleted : user_pref( "CT3287810.smartbar.homepage ", "true ");
    Line Deleted : user_pref( "CT3287810.smartbar.toolbarName ", "VisualBee V.11 ");
    Line Deleted : user_pref( "CT3287810.startPage ", "true ");
    Line Deleted : user_pref( "CT3287810.toolbarBornServerTime ", "23-9-2013 ");
    Line Deleted : user_pref( "CT3287810.toolbarCurrentServerTime ", "2-3-2014 ");
    Line Deleted : user_pref( "CT3287810.toolbarLoginClientTime ", "Mon Sep 23 2013 12:59:06 GMT-0400 (Eastern Standard Time) ");
    Line Deleted : user_pref( "CT3287810.twitter_v1.8.0_twitter_app_open_t_f ", "%EC%E7%F2%F9%EB ");
    Line Deleted : user_pref( "CT3287810.twitter_v1.8.0_twitter_app_open_t_f.enc ", "ZmFsc2U= ");
    Line Deleted : user_pref( "CT3287810.url_history0001 ", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%B4%EF%EE%EB%E7%F8%FA%B4%E9%F5%F3%B5%FA%E7%F2%F1%B5%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BE%BD%BA%BE%BE%BF%[...]
    Line Deleted : user_pref( "CT3287810.url_history0001.enc ", "aHR0cDovL3d3dy5paGVhcnQuY29tL3RhbGsvOjo6Y2xpY2toYW5kbGVyOjo6MTM4NzQ4ODkzNzc0MSwsLGh0dHA6Ly93d3cuaWhlYXJ0LmNvbS90YWxrLzo6OmNsaWNraGFuZGxlcjo6OjEzODc0ODg5Mzc3[...]
    Line Deleted : user_pref( "CT3287810.versionFromInstaller ", "10.20.0.15 ");
    Line Deleted : user_pref( "CT3287810.xpeMode ", "0 ");
    Line Deleted : user_pref( "CT3287810_Firefox.csv ", "[{\ "from\ ":\ "Abs Layer\ ",\ "action\ ":\ "loading toolbar\ ",\ "time\ ":1393855652842,\ "isWithState\ ":\ "\ ",\ "timeFromStart\ ":0,\ "timeFromPrev\ ":0}] ");
    Line Deleted : user_pref( "CT3314312.FF19Solved ", "true ");
    Line Deleted : user_pref( "CT3314312.UserID ", "UN29952748441156936 ");
    Line Deleted : user_pref( "CT3314312.browser.search.defaultthis.engineName ", "true ");
    Line Deleted : user_pref( "CT3314312.fullUserID ", "UN29952748441156936.IN.20131014153021 ");
    Line Deleted : user_pref( "CT3314312.installDate ", "14/10/2013 15:30:26 ");
    Line Deleted : user_pref( "CT3314312.installSessionId ", "{04B4A7DB-A631-4E5C-B073-1ACEF7EDA0F7} ");
    Line Deleted : user_pref( "CT3314312.installSp ", "TRUE ");
    Line Deleted : user_pref( "CT3314312.installerVersion ", "1.7.1.7 ");
    Line Deleted : user_pref( "CT3314312.keyword ", "true ");
    Line Deleted : user_pref( "CT3314312.originalHomepage ", "hxxp://mysearch.avg.com?cid={533E6C54-FE2C-4D3D-B357-5A15DCC56743}&mid=c0849a8e87554ed39285f7f57df42ee3-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=co0[...]
    Line Deleted : user_pref( "CT3314312.originalSearchAddressUrl ", " ");
    Line Deleted : user_pref( "CT3314312.originalSearchEngine ", "AVG Secure Search ");
    Line Deleted : user_pref( "CT3314312.originalSearchEngineName ", "AVG Secure Search ");
    Line Deleted : user_pref( "CT3314312.searchRevert ", "false ");
    Line Deleted : user_pref( "CT3314312.searchUserMode ", "2 ");
    Line Deleted : user_pref( "CT3314312.smartbar.homepage ", "true ");
    Line Deleted : user_pref( "CT3314312.versionFromInstaller ", "10.20.3.20 ");
    Line Deleted : user_pref( "CT3314312.xpeMode ", "0 ");
    Line Deleted : user_pref( "Smartbar.ConduitHomepagesList ", "hxxp://search.conduit.com/?ctid=CT3287810&octid=CT3287810&SearchSource=61&CUI=UN33812119381801467&UM=2&UP=SP7B11140B-1FA0-40B6-8228-4B2FF7872351 ");
    Line Deleted : user_pref( "Smartbar.ConduitSearchEngineList ", "VisualBee V.11 Customized Web Search ");
    Line Deleted : user_pref( "Smartbar.ConduitSearchUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN33812119381801467&UM=2&q= ");
    Line Deleted : user_pref( "Smartbar.SearchFromAddressBarSavedUrl ", " ");
    Line Deleted : user_pref( "Smartbar.keywordURLSelectedCTID ", "CT3287810 ");
    Line Deleted : user_pref( "browser.search.defaultenginename ", "Mysearchdial ");
    Line Deleted : user_pref( "browser.search.defaultthis.engineName ", "SweetPacks A5 Customized Web Search ");
    Line Deleted : user_pref( "browser.search.defaulturl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314312&CUI=UN29952748441156936&UM=2&SearchSource=3&q={searchTerms} ");
    Line Deleted : user_pref( "extensions.delta.admin ", false);
    Line Deleted : user_pref( "extensions.delta.aflt ", "babsst ");
    Line Deleted : user_pref( "extensions.delta.appId ", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} ");
    Line Deleted : user_pref( "extensions.delta.autoRvrt ", "false ");
    Line Deleted : user_pref( "extensions.delta.dfltLng ", "en ");
    Line Deleted : user_pref( "extensions.delta.excTlbr ", false);
    Line Deleted : user_pref( "extensions.delta.ffxUnstlRst ", true);
    Line Deleted : user_pref( "extensions.delta.id ", "346b032200000000000000e0b8e6ca40 ");
    Line Deleted : user_pref( "extensions.delta.instlDay ", "15897 ");
    Line Deleted : user_pref( "extensions.delta.instlRef ", "sst ");
    Line Deleted : user_pref( "extensions.delta.newTab ", false);
    Line Deleted : user_pref( "extensions.delta.prdct ", "delta ");
    Line Deleted : user_pref( "extensions.delta.prtnrId ", "delta ");
    Line Deleted : user_pref( "extensions.delta.rvrt ", "false ");
    Line Deleted : user_pref( "extensions.delta.smplGrp ", "none ");
    Line Deleted : user_pref( "extensions.delta.tlbrId ", "base ");
    Line Deleted : user_pref( "extensions.delta.tlbrSrchUrl ", " ");
    Line Deleted : user_pref( "extensions.delta.vrsn ", "1.8.21.5 ");
    Line Deleted : user_pref( "extensions.delta.vrsnTs ", "1.8.21.522:36:32 ");
    Line Deleted : user_pref( "extensions.delta.vrsni ", "1.8.21.5 ");
    Line Deleted : user_pref( "extensions.delta_i.babExt ", " ");
    Line Deleted : user_pref( "extensions.delta_i.babTrack ", "affID=119351&tsp=4940 ");
    Line Deleted : user_pref( "extensions.delta_i.srcExt ", "ss ");
    Line Deleted : user_pref( "extensions.mysearchdial.aflt ", "file1202 ");
    Line Deleted : user_pref( "extensions.mysearchdial.appId ", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} ");
    Line Deleted : user_pref( "extensions.mysearchdial.cd ", "2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R ");
    Line Deleted : user_pref( "extensions.mysearchdial.cr ", "331951358 ");
    Line Deleted : user_pref( "extensions.mysearchdial.dfltLng ", " ");
    Line Deleted : user_pref( "extensions.mysearchdial.dfltSrch ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.dnsErr ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.excTlbr ", false);
    Line Deleted : user_pref( "extensions.mysearchdial.hmpg ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.hmpgUrl ", "hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCy[...]
    Line Deleted : user_pref( "extensions.mysearchdial.id ", "00E0B8E6CA400322 ");
    Line Deleted : user_pref( "extensions.mysearchdial.instlDay ", "16059 ");
    Line Deleted : user_pref( "extensions.mysearchdial.instlRef ", " ");
    Line Deleted : user_pref( "extensions.mysearchdial.newTabUrl ", "hxxp://start.mysearchdial.com/?f=2&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut[...]
    Line Deleted : user_pref( "extensions.mysearchdial.prdct ", "mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.prtnrId ", "mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.srchPrvdr ", "Mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.tlbrId ", "base ");
    Line Deleted : user_pref( "extensions.mysearchdial.tlbrSrchUrl ", "hxxp://start.mysearchdial.com/?f=3&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0EyC0C0AyEtDtDtAtBtBtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Cz[...]
    Line Deleted : user_pref( "extensions.mysearchdial.vrsn ", "1.8.21.0 ");
    Line Deleted : user_pref( "extensions.mysearchdial.vrsni ", "1.8.21.0 ");
    Line Deleted : user_pref( "extensions.mysearchdial_i.hmpg ", true);
    Line Deleted : user_pref( "extensions.mysearchdial_i.newTab ", false);
    Line Deleted : user_pref( "extensions.mysearchdial_i.smplGrp ", "none ");
    Line Deleted : user_pref( "extensions.mysearchdial_i.vrsnTs ", "1.8.21.021:33:29 ");
    Line Deleted : user_pref( "keyword.URL ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN33812119381801467&UM=2&q= ");
    Line Deleted : user_pref( "plugin.blocklisted.npviewpoint ", true);
    Line Deleted : user_pref( "smartbar.addressBarOwnerCTID ", "CT3287810 ");
    Line Deleted : user_pref( "smartbar.conduitHomepageList ", "hxxp://search.conduit.com/?ctid=CT3287810&CUI=UN33812119381801467&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287810&octid=CT3287810&SearchSource[...]
    Line Deleted : user_pref( "smartbar.conduitSearchAddressUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN33812119381801467&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
    Line Deleted : user_pref( "smartbar.defaultSearchOwnerCTID ", "CT3314312 ");
    Line Deleted : user_pref( "smartbar.homePageOwnerCTID ", "CT3314312 ");
    Line Deleted : user_pref( "smartbar.machineId ", "WNENARKZT/SM90YC+CKSTTNYRYDQVQT/CCV6MK+ZFYLISHTFOUSCKOA13LGYGGVTO18J1IQGYCJAO/LHRK2XTQ ");
    Line Deleted : user_pref( "smartbar.originalHomepage ", "hxxp://search.conduit.com/?ctid=CT3287810&CUI=UN33812119381801467&UM=2&SearchSource=13 ");

    -\\ Google Chrome v

    [ File : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [35866 octets] - [06/03/2014 20:13:57]
    AdwCleaner[R1].txt - [34820 octets] - [06/03/2014 20:20:18]
    AdwCleaner[S0].txt - [1608 octets] - [06/03/2014 20:16:32]
    AdwCleaner[S1].txt - [35222 octets] - [06/03/2014 20:21:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [35283 octets] ##########
     
  13. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    [​IMG] Uninstall:
    Free Studio Free Download Packages
    Google Earth Free Download Packages
    Google Earth Free Download Packages 21
    IrfanView Free Download Packages
    Mozilla Thunderbird Free Download Packages


    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    OK, I think I did what you asked me to do. I don't have a (FRST64), I have a 32bit computer) but this is what I got from the Fixlog.txt file:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-03-2014
    Ran by Jean at 2014-03-06 22:19:55 Run:2
    Running from C:\Users\Jean\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKLM - DefaultScope value is missing.
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    S3 LVRS; system32\DRIVERS\lvrs.sys [X]
    S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIM; system32\DRIVERS\SymIM.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    C:\Users\Jean\AppData\Local\Temp\Quarantine.exe
    Task: {1302A3B6-5898-4775-B40A-152B7A71D9E7} - \GlaryInitialize 3 No Task File

    *****************

    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    IpInIp => Service not found.
    LMIRfsClientNP => Service not found.
    LVRS => Service not found.
    LVUVC => Service not found.
    NwlnkFlt => Service not found.
    NwlnkFwd => Service not found.
    SymIM => Service not found.
    SymIMMP => Service not found.
    "C:\Users\Jean\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1302A3B6-5898-4775-B40A-152B7A71D9E7} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 3 => Key not found.

    ==== End of Fixlog ====

    OK, did I do it correctly?

    Jean
     
  15. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did fine.

    Let's check on your connection.
    Make sure you run both tools from normal mode.

    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Restore Points
    Click Go and post the result.
     
  16. 2014/03/06
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    OK here we go again and then I have to go to bed.

    FSS results
    Farbar Service Scanner Version: 25-02-2014
    Ran by Jean (administrator) on 06-03-2014 at 23:51:02
    Running from "C:\Users\Jean\Desktop "
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal

    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is set to Disabled. The default start type is Auto.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Nsi Service is not running. Checking service configuration:
    The start type of Nsi service is set to Disabled. The default start type is Auto.
    The ImagePath of Nsi service is OK.
    The ServiceDll of Nsi service is OK.
    Checking LEGACY_Nsi: ATTENTION!=====> Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.


    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error. Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    The start type of bfe service is set to Disabled. The default start type is Auto.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.
    Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is Auto.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.

    cryptsvc Service is not running. Checking service configuration:
    The start type of cryptsvc service is set to Demand. The default start type is Auto.
    The ImagePath of cryptsvc service is OK.
    The ServiceDll of cryptsvc: "%SystemRoot%\system32\cryptsvc.dll ".
    Checking LEGACY_cryptsvc: ATTENTION!=====> Unable to open LEGACY_cryptsvc\0000 registry key. The key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware "=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-08-13 14:38] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Mini Tool Bar Results:

    MiniToolBox by Farbar Version: 23-01-2014
    Ran by Jean (administrator) on 06-03-2014 at 23:54:13
    Running from "C:\Users\Jean\Desktop "
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    ::1 localhost

    127.0.0.1 localhost

    ========================= IP Configuration: ================================



    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Jean-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2
    Physical Address. . . . . . . . . : 00-E0-B8-E6-CA-40
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    Physical Address. . . . . . . . . : 00-E0-4C-68-00-0C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::f9fb:1849:8371:22df%10(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.34.223(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{0271D2AC-1FFD-4C96-A066-B06379D17507}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 16:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{575FEBB4-1BC0-4E1A-ABFD-91934B099DA3}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 192.168.1.1

    Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
    Address: 192.168.1.1

    Ping request could not find host yahoo.com. Please check the name and try again.Unable to contact IP driver, error code 1753,===========================================================================
    Interface List
    11 ...00 e0 b8 e6 ca 40 ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2
    10 ...00 e0 4c 68 00 0c ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    1 ........................... Software Loopback Interface 1
    16 ...00 00 00 00 00 00 00 e0 isatap.{0271D2AC-1FFD-4C96-A066-B06379D17507}
    12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    13 ...00 00 00 00 00 00 00 e0 isatap.{575FEBB4-1BC0-4E1A-ABFD-91934B099DA3}
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 169.254.34.223 276
    169.254.34.223 255.255.255.255 On-link 169.254.34.223 276
    169.254.255.255 255.255.255.255 On-link 169.254.34.223 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 169.254.34.223 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 169.254.34.223 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    10 276 fe80::/64 On-link
    10 276 fe80::f9fb:1849:8371:22df/128
    On-link
    1 306 ff00::/8 On-link
    10 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    If Metric Network Destination Gateway
    0 4294967295 2620:9b::/96 On-link
    ===========================================================================
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
    Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
    Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
    Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {01395817-a119-44c1-9bac-a7ca32dd0da8}

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode.
    If not in safe mode, make sure that EventSystem service is enabled.
    CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {01395817-a119-44c1-9bac-a7ca32dd0da8}

    Error: (03/06/2014 11:51:07 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
    Writer Name: ASR Writer
    Writer Instance ID: {496a5556-10c3-460a-8f33-c2d367d8daae}

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode.
    If not in safe mode, make sure that EventSystem service is enabled.
    CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
    Writer Name: ASR Writer
    Writer Instance ID: {496a5556-10c3-460a-8f33-c2d367d8daae}

    Error: (03/06/2014 11:51:07 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Error: An error 0x8000ffff was encountered while trying to initialize the Registry Writer. This may cause
    future shadow-copy creations to fail.

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
    Writer Name: COM+ REGDB Writer
    Writer Instance ID: {bd36ec24-cb12-4224-9f32-77a163b74025}

    Error: (03/06/2014 11:51:07 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode.
    If not in safe mode, make sure that EventSystem service is enabled.
    CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


    Operation:
    Subscribing Writer

    Context:
    Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
    Writer Name: COM+ REGDB Writer
    Writer Instance ID: {bd36ec24-cb12-4224-9f32-77a163b74025}

    Error: (03/06/2014 11:51:07 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422


    System errors:
    =============
    Error: (03/06/2014 11:51:10 PM) (Source: Service Control Manager) (User: )
    Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

    Error: (03/06/2014 10:20:31 PM) (Source: Microsoft Antimalware) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.167.1000.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (03/06/2014 10:12:39 PM) (Source: Service Control Manager) (User: )
    Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

    Error: (03/06/2014 10:11:00 PM) (Source: Service Control Manager) (User: )
    Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

    Error: (03/06/2014 10:11:00 PM) (Source: DCOM) (User: )
    Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (03/06/2014 10:10:40 PM) (Source: Service Control Manager) (User: )
    Description: Process creation detector.%%2

    Error: (03/06/2014 10:10:37 PM) (Source: Service Control Manager) (User: )
    Description: Microsoft Network Inspection SystemBase Filtering Engine%%1058

    Error: (03/06/2014 10:10:37 PM) (Source: Service Control Manager) (User: )
    Description: Windows FirewallBase Filtering Engine%%1058

    Error: (03/02/2014 06:27:13 PM) (Source: Service Control Manager) (User: )
    Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

    Error: (03/02/2014 06:27:01 PM) (Source: Service Control Manager) (User: )
    Description: Microsoft Antimalware Service1150001Restart the service


    Microsoft Office Sessions:
    =========================
    Error: (02/26/2014 04:26:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 235 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (02/16/2014 10:02:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (02/15/2014 03:13:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1311 seconds with 600 seconds of active time. This session ended with a crash.

    Error: (01/29/2014 11:21:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (01/22/2014 01:24:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 158 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (01/16/2014 09:22:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (01/16/2014 08:45:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (01/11/2014 11:51:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 223 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (01/08/2014 10:28:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 158 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (01/08/2014 10:25:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 336 seconds with 120 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-03-04 11:20:44.208
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:44.083
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.958
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.833
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.708
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.584
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.412
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.287
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.162
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-04 11:20:43.038
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ========================= Devices: ================================

    ========================= Restore Points ==================================


    **** End of log ****
     
  17. 2014/03/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, let's start with some disabled services.

    Go Start and in "Start search" type:
    services.msc
    Press Enter.

    Services window will open.
    Find following services:

    Base Filtering Engine
    Cryptographic Services
    COM+ Event System
    DHCP Client
    DNS Client
    EventSystem Service
    Network Store Interface Service

    Right click on each service, click "Properties" and under "Startup type" select "Automatic" from drop-down menu.

    Restart computer.

    Post fresh FSS log.
     
  18. 2014/03/07
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    OK I made all the services Automatic except for EventSystem Service. It was not in the list.

    Here is the fresh FSS log:

    Farbar Service Scanner Version: 25-02-2014
    Ran by Jean (administrator) on 07-03-2014 at 09:51:58
    Running from "C:\Users\Jean\Desktop "
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware "=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-08-13 14:38] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****


    I'll await for more instructions.

    Jean
     
  19. 2014/03/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you check your internet connection?
     
  20. 2014/03/07
    larsonjean

    larsonjean Well-Known Member Thread Starter

    Joined:
    2002/06/03
    Messages:
    766
    Likes Received:
    2
    Yes I just checked it (I was afraid to do anything to the computer until you told me to) and it is working. Wow, I can't believe it. Now is there anything else I need to do?

    Thank you again.
     
  21. 2014/03/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll run couple more scans but....good news :)

    What about initial Security Center issue?

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.