Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I thought I got rid of conduit. Carbonite not working


  • Please log in to reply
13 replies to this topic

#1 zzyzxgal

zzyzxgal

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 19 November 2013 - 12:43 PM

The first thing I noticed was my browsers changed my designated home pages and settings. I knew I was in trouble. Messages telling me to backup started appearing (I know they're bogus).  And Carbonite is unable to connect.

 

I have Windows 8.1 which I upgraded to last week.  In that process I had to uninstall my Kaspersky anti-virus because there were compatibility issues with Firefox after that.  So, I've been relying on Windows Defender.

 

I ran the Defender full scan... it found nothing.

 

I ran Malwarebytes and it found and resolved 256 threats.  I thought this would get rid of the conduit virus it indicated.

 

The browser issues "appear" to be gone.  But I'm still getting a periodic message box on the bottom right of the screen telling me to backup.  I also note that Carbonite is unable to connect.  When I launch the infocenter I get a "This page can't be displayed" box saying:

 

* Make sure the web address http://localhost:668 is correct.

* Look for the page with your search engine.

* Refresh the page in a few minutes.

 

Something's still out there.  So, I ran Malwarebytes quick scan but it came back clean.  Should I run the full scan again?  Or is there something I need to move on to?

 

Thank you for your assistance.

 

 



BC AdBot (Login to Remove)

 


#2 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 19 November 2013 - 12:54 PM

I figured out the backup message was coming from MyPC Backup so I removed it.  I'm just concerned about the Carbonite problem and I'm hesitant to log in to my account from the browser because I'm concerned there might be malware that set up to grab my userID and password when I do.  There's a suspicious intermediate screen of code that flashes before the site comes up.  It's too fast for me to make out.

 

Am I just being paranoid?



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:58 PM

Posted 19 November 2013 - 03:34 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 19 November 2013 - 08:26 PM

Thanks for your welcome and your help.

 

I had a little trouble with the Malwarebytes Anti-Root kit.  I was able to get the system-log file but the program is still running (or so it appears) and won't spit out the other log.  The same thing happened earlier and the system eventually got hung.  At least this time the computer continues to run.  So, I'm sending what I got.

 

Thanks.

 

 

 Results of screen317's Security Check version 0.99.77  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Java version out of Date! 

 Adobe Flash Player  11.9.900.152  

 Adobe Reader XI  

 Mozilla Firefox (25.0.1) 

 Google Chrome 31.0.1650.48  

 Google Chrome 31.0.1650.57  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

 

Farbar Service Scanner Version: 10-11-2013

Ran by Lorena (administrator) on 19-11-2013 at 15:57:19

Running from "C:\Users\Lorena\Downloads"

Microsoft Windows 8.1  (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll

[2013-08-22 05:25] - [2013-08-22 05:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

 

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-11-12 12:34] - [2013-11-12 12:34] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A

 

C:\Windows\System32\dnsrslvr.dll

[2013-11-12 12:34] - [2013-11-12 12:34] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

 

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll

[2013-11-12 12:31] - [2013-11-12 12:31] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

 

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-11-12 12:34] - [2013-11-12 12:34] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

 

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit

C:\Windows\System32\ipnathlp.dll

[2013-11-12 12:34] - [2013-11-12 12:34] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

 

C:\Windows\System32\iphlpsvc.dll

[2013-11-12 12:34] - [2013-11-12 12:34] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

MiniToolBox by Farbar  Version: 13-07-2013

Ran by Lorena (administrator) on 19-11-2013 at 15:58:33

Running from "C:\Users\Lorena\Downloads"

Microsoft Windows 8.1  (X64)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ============================== 

 

"network.proxy.no_proxies_on", ""

"network.proxy.type", 0

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)

Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="wireless_13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="wireless_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Household-Main

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : home

 

Wireless LAN adapter Local Area Connection* 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 68-94-23-06-5F-FE

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter

   Physical Address. . . . . . . . . : 68-94-23-06-5F-FC

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)

   Physical Address. . . . . . . . . : 78-E3-B5-B2-51-3F

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::603e:efc5:1739:c804%2(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.17(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Tuesday, November 19, 2013 3:50:22 PM

   Lease Expires . . . . . . . . . . : Wednesday, November 20, 2013 3:50:22 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 259580853

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C9-EF-80-78-E3-B5-B2-51-3F

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 14:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:248f:215f:93d9:7f2c(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::248f:215f:93d9:7f2c%9(Preferred) 

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 150994944

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C9-EF-80-78-E3-B5-B2-51-3F

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.home:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  Wireless_Broadband_Router.home

Address:  192.168.1.1

 

Name:    google.com

Addresses:  2607:f8b0:4007:802::1007

 74.125.224.32

 74.125.224.46

 74.125.224.41

 74.125.224.37

 74.125.224.38

 74.125.224.34

 74.125.224.36

 74.125.224.40

 74.125.224.39

 74.125.224.33

 74.125.224.35

 

 

Pinging google.com [74.125.224.41] with 32 bytes of data:

Reply from 74.125.224.41: bytes=32 time=23ms TTL=56

Reply from 74.125.224.41: bytes=32 time=27ms TTL=56

 

Ping statistics for 74.125.224.41:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 23ms, Maximum = 27ms, Average = 25ms

Server:  Wireless_Broadband_Router.home

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  206.190.36.45

 98.139.183.24

 98.138.253.109

 

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=116ms TTL=52

Reply from 98.139.183.24: bytes=32 time=139ms TTL=50

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 116ms, Maximum = 139ms, Average = 127ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 10...68 94 23 06 5f fe ......Microsoft Wi-Fi Direct Virtual Adapter

  4...68 94 23 06 5f fc ......Ralink RT5390R 802.11bgn Wi-Fi Adapter

  2...78 e3 b5 b2 51 3f ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)

  1...........................Software Loopback Interface 1

  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.17     10

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.17    266

     192.168.1.17  255.255.255.255         On-link      192.168.1.17    266

    192.168.1.255  255.255.255.255         On-link      192.168.1.17    266

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.17    266

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.17    266

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  9    306 ::/0                     On-link

  1    306 ::1/128                  On-link

  9    306 2001::/32                On-link

  9    306 2001:0:9d38:6abd:248f:215f:93d9:7f2c/128

                                    On-link

  2    266 fe80::/64                On-link

  9    306 fe80::/64                On-link

  9    306 fe80::248f:215f:93d9:7f2c/128

                                    On-link

  2    266 fe80::603e:efc5:1739:c804/128

                                    On-link

  1    306 ff00::/8                 On-link

  2    266 ff00::/8                 On-link

  9    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (11/19/2013 10:34:22 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 10:29:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 10:25:28 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 10:21:15 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 10:06:57 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 07:07:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (11/19/2013 06:47:57 AM) (Source: Application Error) (User: )

Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c

Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c

Exception code: 0x40000015

Fault offset: 0x0003d228

Faulting process id: 0x1434

Faulting application start time: 0xhpasset.exe0

Faulting application path: hpasset.exe1

Faulting module path: hpasset.exe2

Report Id: hpasset.exe3

Faulting package full name: hpasset.exe4

Faulting package-relative application ID: hpasset.exe5

 

Error: (11/19/2013 04:41:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )

Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/19/2013 02:41:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )

Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/19/2013 00:41:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )

Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (11/19/2013 03:54:11 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (11/19/2013 03:50:19 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 3:20:09 PM on ?11/?19/?2013 was unexpected.

 

Error: (11/19/2013 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (11/19/2013 06:46:18 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (11/19/2013 06:40:40 AM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 

%%1053

 

Error: (11/19/2013 06:40:40 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

 

Error: (11/18/2013 10:45:03 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

 

Error: (11/18/2013 08:08:23 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: 

%%1056

 

Error: (11/18/2013 08:06:23 PM) (Source: Service Control Manager) (User: )

Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (11/18/2013 02:00:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070534: Microsoft.WindowsReadingList.

 

 

Microsoft Office Sessions:

=========================

Error: (11/16/2013 09:34:58 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 124 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (11/16/2013 09:32:41 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4478 seconds with 2460 seconds of active time.  This session ended with a crash.

 

Error: (10/03/2013 09:50:24 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 76230 seconds with 600 seconds of active time.  This session ended with a crash.

 

Error: (07/18/2013 04:51:02 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13619 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error: (03/07/2013 08:18:14 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 205811 seconds with 7320 seconds of active time.  This session ended with a crash.

 

Error: (11/03/2012 10:10:11 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1353 seconds with 1200 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-19 14:04:53.353

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-19 14:04:53.330

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-19 14:03:19.453

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-19 14:03:19.424

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.921

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.873

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.633

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.524

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.383

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-11-16 16:21:31.237

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

=========================== Installed Programs ============================

 

3D Home Design by Livecad (free version)

4 Elements II (Version: 2.2.0.98)

Adobe AIR (Version: 3.7.0.1860)

Adobe Bridge 1.0 (Version: 001.000.000)

Adobe Common File Installer (Version: 1.00.0000)

Adobe Connect 9 Add-in (Version: 11,2,385,0)

Adobe Download Assistant (Version: 1.2.5)

Adobe Flash Player 11 Plugin (Version: 11.9.900.152)

Adobe Help Center 1.0 (Version: 001.000.000)

Adobe Help Manager (Version: 4.0.244)

Adobe Illustrator CS6 (Version: 16.0)

Adobe Photoshop CS2 (Version: 9.0)

Adobe Photoshop Elements 11 (Version: 11.0)

Adobe Reader XI (11.0.05) (Version: 11.0.05)

Adobe Shockwave Player 12.0 (Version: 12.0.3.133)

Adobe Stock Photos 1.0 (Version: 001.000.000)

Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)

AMD APP SDK Runtime (Version: 10.0.938.2)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AMD VISION Engine Control Center (Version: 2012.0828.2156.37465)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Ask Toolbar (Version: 1.15.9.0)

Ask Toolbar Updater (Version: 1.2.3.29495)

Bejeweled (Version: 2.2.0.95)

Bejeweled 3 (Version: 2.2.0.98)

Bonjour (Version: 3.0.0.10)

Build-a-lot 4 - Power Source (Version: 2.2.0.98)

Carbonite (Version: 5.5.0 build 3621  (Oct-10-2013))

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2012.0828.2156.37465)

Catalyst Control Center InstallProxy (Version: 2012.0828.2156.37465)

Catalyst Control Center Localization All (Version: 2012.0828.2156.37465)

CCC Help Chinese Standard (Version: 2012.0828.2155.37465)

CCC Help Chinese Traditional (Version: 2012.0828.2155.37465)

CCC Help Czech (Version: 2012.0828.2155.37465)

CCC Help Danish (Version: 2012.0828.2155.37465)

CCC Help Dutch (Version: 2012.0828.2155.37465)

CCC Help English (Version: 2012.0828.2155.37465)

CCC Help Finnish (Version: 2012.0828.2155.37465)

CCC Help French (Version: 2012.0828.2155.37465)

CCC Help German (Version: 2012.0828.2155.37465)

CCC Help Greek (Version: 2012.0828.2155.37465)

CCC Help Hungarian (Version: 2012.0828.2155.37465)

CCC Help Italian (Version: 2012.0828.2155.37465)

CCC Help Japanese (Version: 2012.0828.2155.37465)

CCC Help Korean (Version: 2012.0828.2155.37465)

CCC Help Norwegian (Version: 2012.0828.2155.37465)

CCC Help Polish (Version: 2012.0828.2155.37465)

CCC Help Portuguese (Version: 2012.0828.2155.37465)

CCC Help Russian (Version: 2012.0828.2155.37465)

CCC Help Spanish (Version: 2012.0828.2155.37465)

CCC Help Swedish (Version: 2012.0828.2155.37465)

CCC Help Thai (Version: 2012.0828.2155.37465)

CCC Help Turkish (Version: 2012.0828.2155.37465)

ccc-utility64 (Version: 2012.0828.2156.37465)

Chuzzle Deluxe (Version: 2.2.0.95)

Contents (Version: 16.1.0.45)

Corel VideoStudio Pro X6 (Version: 16.1.0.45)

Coupon Companion (Version: 1.24.151.151)

Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)

Cradle of Rome 2 (Version: 2.2.0.98)

CyberLink LabelPrint (Version: 2.5.1.5510)

CyberLink Media Suite 10 (Version: 10.0.1.1916)

CyberLink PhotoDirector (Version: 2.0.1.3109)

CyberLink Power2Go 8 (Version: 8.0.1.1902)

CyberLink PowerDirector 10 (Version: 10.0.1.1925)

CyberLink PowerDVD (Version: 10.0.8.5511)

D3DX10 (Version: 15.4.2368.0902)

Elements 11 Organizer (Version: 11.0)

Elevated Installer (Version: 2.3.9.0)

Enthought Canopy (64-bit) (Version: 1.1.0.46)

Farm Frenzy (Version: 2.2.0.98)

FATE: The Cursed King (Version: 2.2.0.97)

Final Drive Fury (Version: 2.2.0.95)

Finale 2012 (Version: 2012.c.r13.5)

FlatOut 2 (Version: 2.2.0.98)

Free Ride Games Player

Garmin Communicator Plugin (Version: 4.0.4)

Garmin Communicator Plugin x64 (Version: 4.0.4)

Garmin Express (Version: 2.3.9.0)

Garmin Express Tray (Version: 2.3.9.0)

Garmin POI Loader (Version: 2.7.2)

Garmin USB Drivers (Version: 2.3.1.0)

Garmin WebUpdater (Version: 2.5.6)

Google Chrome (Version: 31.0.1650.57)

Google Drive (Version: 1.12.5329.1887)

Google Update Helper (Version: 1.3.21.165)

GoToAssist Expert 1.6.0.545 (Version: 1.6.0.545)

Governor of Poker 2 Premium Edition (Version: 2.2.0.95)

Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)

Hoyle Card Games (Version: 2.2.0.95)

HP Connected Music (Meridian - installer) (Version: v1.0)

HP Connected Music (Meridian - player) (Version: 1.1.5-hp)

HP Connected Remote (Version: 1.0.1202)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP Games (Version: 1.0.3.0)

HP Photo Creations (Version: 1.0.0.12262)

HP Photosmart 7510 series Basic Device Software (Version: 28.0.1315.0)

HP Photosmart 7510 series Help (Version: 140.0.2.2)

HP Photosmart 7510 series Product Improvement Study (Version: 28.0.1315.0)

HP Postscript Converter (Version: 3.1.3554)

HP Quick Start (Version: 1.0.4660.30220)

HP Registration Service (Version: 1.0.5976.4186)

HP Support Assistant (Version: 7.0.39.15)

HP Support Information (Version: 12.00.0000)

HP Update (Version: 5.003.003.001)

ICA (Version: 16.1.0.45)

iCloud (Version: 2.1.1.3)

IDT Audio (Version: 1.0.6482.0)

Indeo® software

IPM_VS_Pro (Version: 16.0)

iTunes (Version: 11.0.2.26)

Jacquie Lawson Alpine Advent Calendar (Version: 1.0.2)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

Jewel Match 3 (Version: 2.2.0.98)

John Deere Drive Green (Version: 2.2.0.95)

League of Legends (Version: 1.3)

lucky leap 2013.11.07.203812 (Version: 2013.11.07.203812)

Luxor Evolved (Version: 2.2.0.98)

Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Help Viewer 1.0 (Version: 1.0.30319)

Microsoft Office (Version: 14.0.6120.5004)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Standard 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)

Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)

Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)

Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)

Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)

Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)

Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)

Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)

Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319)

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)

Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)

Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)

Mozilla Maintenance Service (Version: 25.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

Mumble 1.2.3 (Version: 1.2.3)

MuseScore 1.3 (Version: 1.3.0)

Musink Lite 1.2.0.1 (Version: 1.2.0.1)

My Photo Calendars & cards (Pro Digital Photos Edition) (Version: 5.6.0111)

Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)

MyWGU Messenger 2.5.8

NCDownloader (Version: 1.0)

Pando Media Booster (Version: 2.6.0.8)

PasswordBox (Version: 1.4.2.415)

PDF Settings CS6 (Version: 11.0)

Peggle Nights (Version: 2.2.0.98)

Penguins! (Version: 2.2.0.98)

Polar Bowler (Version: 2.2.0.97)

Polar Golfer (Version: 2.2.0.98)

PSE11 STI Installer (Version: 11.0)

PuTTY version 0.62 (Version: 0.62)

Quicken 2007 (Version: 16.1.1.27)

QuickTime (Version: 7.73.80.64)

Ralink RT5390R 802.11bgn Wi-Fi Adapter (Version: 5.0.0.0)

RCA Detective™ 3.0.4.0

RCA easyRip 2.6.1.0

RCA Updater 2.1.7.1

Reader Rabbit Preschool

Recovery Manager (Version: 5.5.0.5530)

Redist (Version: 3.00.0000)

Retrogamer toolbar Chrome Extension

Roads of Rome 3 (Version: 2.2.0.98)

Room Arranger (Version: 7.1.2)

ScorpionSaver (Version: 1.0.0.0)

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)

Setup (Version: 16.1.0.45)

Share (Version: 16.1.0.45)

Share64 (Version: 16.1.0.45)

Sheet Music Plus Digital Print (Version: 255.11.14)

Sheet Music Plus Digital Print (Version: v2011.11.14)

Skype Click to Call (Version: 6.13.13771)

Skype™ 6.9 (Version: 6.9.106)

SmartSound Common Data (Version: 1.1.0)

SmartSound Quicktracks 5 (Version: 5.1.6)

SmartSound Quicktracks Plugin (Version: 3.0.1.2)

Smilebox

SOLITAIRE KINGDOM Packages

Solitaire Kingdom Supreme

SpiderMania Solitaire (Version: 2.2.0.98)

Spotify (Version: 0.9.6.72.ge389c074)

Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)

swMSM (Version: 12.0.0.1)

Tales of Lagoona (Version: 2.2.0.110)

The Print Shop 3.0 Deluxe (Version: 1.00.0000)

The Print Shop 3.0 Fonts (Version: 1.0)

The Weather Channel App

Ulead VideoStudio 8.0 (Version: 8.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Vacation Quest™ - Australia (Version: 2.2.0.98)

Verizon Media Manager (Version: 9.5.95)

VSClassic (Version: 16.1.0.45)

VSHelp (Version: 16.1.0.45)

VSPro (Version: 16.1.0.45)

Vz In-Home Agent (Version: 9.0.55.0)

WildTangent Games (Version: 1.0.4.0)

WildTangent Games App (Version: 4.0.10.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.2980)

WinZip 17.0 (Version: 17.0.10381)

WinZip Courier (Version: 4.5.10424)

World of Warcraft (Version: 5.4.0.17399)

Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

Zuma's Revenge (Version: 2.2.0.98)

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 38%

Total physical RAM: 5527.53 MB

Available physical RAM: 3415.15 MB

Total Pagefile: 6423.53 MB

Available Pagefile: 3742.9 MB

Total Virtual: 4095.88 MB

Available Virtual: 3958.18 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:910.31 GB) (Free:745.31 GB) NTFS

2 Drive d: (Recovery Image) (Fixed) (Total:19.39 GB) (Free:2.38 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\HOUSEHOLD-MAIN

 

Administrator            Guest                    Lorena                   

 

 

**** End of log ****

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.19.07

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16438

Lorena :: HOUSEHOLD-MAIN [administrator]

 

11/19/2013 4:08:55 PM

MBAM-log-2013-11-19 (16-20-33).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258219

Time elapsed: 9 minute(s), 44 second(s)

 

Memory Processes Detected: 2

C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 1728 -> No action taken.

C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 1964 -> No action taken.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 4

HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Util lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.

HKLM\SOFTWARE\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\plugins (PUP.Optional.LuckyLeap.A) -> No action taken.

 

Files Detected: 8

C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\sqlite3.dll (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\utilluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.FFUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.GCUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.IEUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.

 

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3243290624

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3274092544

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3669131264

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 11/19/2013 04:53:10 PM in x64 mode.

Windows Version: Windows 8.1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

 

Backup Registry file created at:

 C:\Users\Lorena\Desktop\rkill\rkill-11-19-2013-04-53-13.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity:

 

 * AllUserInstallAgent [Missing Service]

 * SDRSVC [Missing Service]

 * adp94xx [Missing Service]

 * adpahci [Missing Service]

 * adpu320 [Missing Service]

 * arc [Missing Service]

 * discache [Missing Service]

 * HdAudAddService [Missing Service]

 * iirsp [Missing Service]

 * LSI_SCSI [Missing Service]

 * nfrd960 [Missing Service]

 * Wd [Missing Service]

 * AppMgmt [Missing Service]

 * CSC [Missing Service]

 * CscService [Missing Service]

 * PeerDistSvc [Missing Service]

 

 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]

 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * No issues found.

 

Program finished at: 11/19/2013 04:53:59 PM

Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:58 PM

Posted 19 November 2013 - 09:07 PM

p22002970.gif Your MBAM log says "No action taken".

Re-run MBAM, fix all issues and post new log.

 

p22002970.gif Try MBAR from safe mode.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 20 November 2013 - 12:05 AM

Sorry about that MBAM log.  I think I actually sent you the log I was looking at prior to fixing the issues.  (I was making sure it was there & I think I saved it.)  Anyway, I ran it again and sent the log here.  If you need to see the one that was right after the fix I can look for it.

 

It's taken me a long time to get MBAR done because my computer kept shutting down and my password (stupid Windows 8.1) wasn't working right.  Once it finally ran through correctly, I was scrolling to the right to peak at the output and accidentally hit the CLEANUP button then immediately panicked and hit the X.  It then forced a reboot and I have no idea what damage I may have done.  

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.19.07

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16438

Lorena :: HOUSEHOLD-MAIN [administrator]

 

11/19/2013 6:29:21 PM

mbam-log-2013-11-19 (18-29-21).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258964

Time elapsed: 11 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.11.20.02

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16438

Lorena :: HOUSEHOLD-MAIN [administrator]

 

11/19/2013 8:07:15 PM

mbar-log-2013-11-19 (20-07-15).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 288534

Time elapsed: 18 minute(s), 30 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 5

HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3243290624

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3274092544

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 3669131264

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9600 Windows 8 x64

 

System is currently in a safe mode

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.194000 GHz

Memory total: 5796032512, free: 4825587712



#7 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 20 November 2013 - 04:57 PM

I feel so stupid for screwing up MBAR.  Sorry I posted an extra thread for it... thought maybe it would be considered a separate issue.

 

Meanwhile, I wanted to update here the impact either it's having or maybe more infection issues.

 

Access to the internet goes down after about 15 minutes (the connection is still good).  Rebooting the system allows me to use it again.  MS Outlook can't load the messages (even the ones that were previously downloaded.)

 

Generally, any program I run might stall after a few minutes.

 

Thanks for all your help.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:58 PM

Posted 20 November 2013 - 08:06 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 20 November 2013 - 11:44 PM

Here are the logs.  ESET found 0 threats.
 
I'm noticing scorpionsaverjs on Firefox when I'm have trouble there now.  So, I guess I'm not out of the woods yet.
 
Thanks so much for all your help.
 
 
# AdwCleaner v3.012 - Report created 20/11/2013 at 17:27:46
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Lorena - HOUSEHOLD-MAIN
# Running from : C:\Users\Lorena\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Coupon Companion
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PC Performer
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Lorena\AppData\Local\apn
Folder Deleted : C:\Users\Lorena\AppData\Local\Conduit
Folder Deleted : C:\Users\Lorena\AppData\Local\Coupon Companion
Folder Deleted : C:\Users\Lorena\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lorena\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lorena\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\Lorena\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Lorena\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Lorena\AppData\Roaming\WebCake
Folder Deleted : C:\Users\Lorena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\elqwsgau.default\CT3306061
Folder Deleted : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\elqwsgau.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
File Deleted : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\elqwsgau.default\Extensions\firefox@luckyleap.net.xpi
File Deleted : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\v7vqga3u.default-1384405902229\Extensions\firefox@luckyleap.net.xpi
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\elqwsgau.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C02A4673-4ABB-4969-8473-8E29A4BF6037}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B73E679-8EB1-41A7-92CA-6EC24D3818D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\elqwsgau.default\prefs.js ]
 
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN97340446013637291");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN97340446013637291.IN.20131118195243");
Line Deleted : user_pref("CT3306061.installDate", "18/11/2013 19:52:48");
Line Deleted : user_pref("CT3306061.installSessionId", "{E3FEACBA-8A11-4330-A2FA-F486A87E05F8}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "hxxps://sso.wgu.edu/WGULogin/?goto=hxxps%3A%2F%2Fmy.wgu.edu%2Fc%2Fportal%2Flogin");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=1F23B58D-8633-4544-8D58-5B49490F711F&apn_ptnrs=TV&apn_sauid=3CCC48F4-BFFD-[...]
Line Deleted : user_pref("CT3306061.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "Ask.com");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "18-11-2013 19:52:44");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("FoxFilter.blockedTitle", "porn - Yahoo Search Results");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN97340446013637291&UM=2&UP=SPE29FD00A-92EC-4F60-986D-0F761EAF5CD4");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=1F23B58D-8633-4544-8D58-5B49490F711F&apn_ptnrs=TV&apn_sauid=3CCC48F4-BF[...]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN97340446013637291&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN97340446013637291&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN97340446013637291&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN97340446013637291&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "1S5HJP0VSKZVASABBJMDXZ/GK57J6ESSCJP/CQRQVS0SZHWGPRVZUTZ53OG5T+DKGTI6B26XIQYHL6JZXWBCJQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN97340446013637291&UM=2&SearchSource=13");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Family User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [15254 octets] - [20/11/2013 17:22:45]
AdwCleaner[S0].txt - [15247 octets] - [20/11/2013 17:27:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15308 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Lorena on Wed 11/20/2013 at 17:35:35.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Free Ride Games
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{03E41D5C-52AD-4F0A-A56E-A1E175E6864B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{01547F9A-FFE1-425B-BCC9-833F8E85045B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{01547F9A-FFE1-425B-BCC9-833F8E85045B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01547F9A-FFE1-425B-BCC9-833F8E85045B}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Failed to delete: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Lorena\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{1AD67AA4-B6DD-4F18-8909-EED5F97D6000}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{2633F535-3E4B-4D73-B6D1-C14F48FCFFBF}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{30560BC2-5434-416B-A471-5F2C27051631}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{397E8E0A-EE50-410A-A233-07093C6D30C1}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{5496FB5D-494C-4035-9F7D-3AF88B6765AF}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{5D5E85E5-A543-47CB-9367-EF5AC64EC077}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{6066DA7C-C50F-427C-B232-69DFC207DDCA}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{641680AE-2663-4360-9F81-2579B2C9E3D2}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{6E490BE2-2F3D-48FB-9463-C69164206E56}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{78151DD1-84E5-44C9-9154-A91229820BBD}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{83C6207A-16F9-4E08-B849-976C9CC65494}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{88E4D36B-0F69-45D5-89C5-51E1FFAFE87A}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{8D11D933-565E-4B2B-B89F-545A42A8057F}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{8D65C665-B7A3-4E5D-BA1D-3971AFC1D1E7}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{9112AC0D-90F9-4603-BAF6-9D126DD7D19C}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{91A3DCBC-1FFE-4FB4-B793-A51C1B4E45C3}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{9427FDD0-0211-469A-AE42-AC8715A932EC}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{9BE44AA1-2451-464F-A97C-CE0A65AFD3EF}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{9F649EFC-21B0-48B6-8760-7A357C09D756}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{A47F97CA-C396-4CB4-A183-0C4C084B722E}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{B0CE4B4D-D312-4AE2-84F4-2A574BFAE4D1}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{B86AC1AC-8FE5-44FF-86EB-F40A68CD548D}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{BF422B82-CE24-4791-A769-33163CF2291C}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{C11D5C7C-B242-4C5B-9293-AAE61E0DB501}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{C82D8EFA-A92F-489A-B203-A46BEBE7B449}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{E3C9E0C1-F57E-4884-B42C-0C99306AD085}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{E7C45F6D-3A20-4703-BE1E-2D9830535A9D}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{E8DD4BBD-88E6-4135-9E06-8E3EF38888CF}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{E93B47EF-BEAB-4579-ACB8-33B986BD834F}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{EDF7FB9A-1E3F-4F53-8435-B5AB577905CD}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{F389B97D-84CA-45B7-9A7C-0F81CFF1F86B}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{F65D338E-A153-4608-9A5C-22D0477F6C45}
Successfully deleted: [Empty Folder] C:\Users\Lorena\appdata\local\{FCF8FE39-CC4B-45F3-8131-60745DF09256}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Lorena\AppData\Roaming\mozilla\firefox\profiles\elqwsgau.default\prefs.js
 
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
Emptied folder: C:\Users\Lorena\AppData\Roaming\mozilla\firefox\profiles\elqwsgau.default\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/20/2013 at 17:40:02.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:58 PM

Posted 21 November 2013 - 12:24 AM

p22002970.gif Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

p22002970.gif 1. Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

 

p22002970.gif Any other issues?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 21 November 2013 - 01:16 AM

Old problems appear solved... New ones seem to be popping up.

 

Trying to bring up things on the internet some things failing and I see it trying to access these things:

 

f.scorpionsaverjs

superfish

 

Do I need to start again?



#12 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 21 November 2013 - 01:45 AM

I'm wrong about all the old problems being solved.  Actually, Carbonite still not working.  And my VPN connection for work hasn't been working either.  Could these things not be virus related?



#13 zzyzxgal

zzyzxgal
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 21 November 2013 - 02:50 AM

I did some research about scorpionsaver & superfish and was able to remove them which resolved my website issues and VPN connection problem.

 

Carbonite was still not working so I reinstalled it and now it's fine.

 

So.... I think I'm good!  Thanks so much for your assistance!!!!



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:58 PM

Posted 21 November 2013 - 06:11 PM

Great!

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users