Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Office problem


  • This topic is locked This topic is locked
10 replies to this topic

#1 Canicoll

Canicoll

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 26 February 2014 - 02:01 AM

Hello, I hope you can help me out.

I was having problems with outlook not downloading from hotmail. Tried many times but no luck.

Tried an online Microsoft Fix-it but it didn't work.

Tried to repair outlook with no luck.

Tried to open a document or spreadsheet and got an error

Thought i should reinstall office but it wouldn't allow me to uninstall. When I clicked uninstall nothing happened.

Found a microsoft Fix-it for uninstalling office 2103 which seems successful.

Now I can't reinstall office. Every time I go to open the file it says there is a problem and I need to make sure i'm connected to the internet or have enough space. Both are ok so i'm suspecting something is not right which is why i'm here.

Reading the pre posting instructions, it mentions to enable a firewall so I make sure I have a firewall enabled and microsoft security essentialls will not open.

Thank you for your time,

Cameron

 

Here are my logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Cameron at 17:41:48 on 2014-02-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32657.29009 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
c:\Program Files\AuthenTec TrueSuite\TouchControl.exe
c:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
D:\Installed Programs\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - c:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [Uninstall C:\Users\Cameron\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Cameron\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{1769F4DA-5C1B-40EC-9A34-5B98B91E61CF} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{1769F4DA-5C1B-40EC-9A34-5B98B91E61CF}\355736B6D497449636B6 : DHCPNameServer = 10.3.9.196 10.3.1.100
TCP: Interfaces\{D6410229-D6C6-4828-AA48-C2D2C63AFDDC} : DHCPNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - c:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [KeepSafe] "c:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" /startup
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-26 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-26 27456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-26 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-28 248240]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-4-1 30496]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-24 143120]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-11-3 299848]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-26 7168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-26 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-26 165760]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-26 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-8 72216]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-31 339776]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-31 134944]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2012-5-23 35328]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-8-2 390672]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-8 5087584]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-26 364416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-26 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-26 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-26 787736]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-24 348376]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2013-1-26 295056]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-26 677480]
S2 SBSDWSCService;SBSD Security Center Service;D:\Installed Programs\Spybot - Search & Destroy\SDWinSec.exe [2013-3-13 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-26 162672]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DSDEVICE;DimTech Device;C:\Windows\System32\drivers\DSDEVICE.sys [2013-8-24 76648]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-7-14 1432400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-26 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-7 288776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-26 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-21 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-20 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-21 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-14 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-9 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-02-26 06:28:54 -------- d-----w- C:\FRST
2014-02-26 06:15:29 -------- d-----w- C:\Program Files (x86)\Microsoft Office 15
2014-02-26 05:40:04 -------- d-----w- C:\Windows\Migration
2014-02-26 05:10:30 -------- d-----w- C:\Users\Cameron\AppData\Local\Microsoft Games
2014-02-26 03:27:30 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-26 03:27:30 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-26 03:27:30 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-26 03:27:30 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-26 03:05:13 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2014-02-26 03:05:13 -------- d-----r- C:\Users\Cameron\OneDrive
2014-02-26 01:48:55 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-26 01:48:55 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-26 01:48:55 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-26 01:48:55 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-26 01:42:47 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4931A1D-4538-4FCD-903D-D74A7EA16881}\mpengine.dll
2014-02-26 01:41:48 -------- d-----w- C:\Program Files\Microsoft Games
2014-02-26 01:35:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-26 01:35:45 -------- d-----w- C:\Program Files\iTunes
2014-02-26 01:35:45 -------- d-----w- C:\Program Files\iPod
2014-02-26 01:35:45 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-26 00:46:21 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFE9FA4D-15FA-482C-BA42-E1606EDD930E}\gapaengine.dll
2014-02-06 09:19:40 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-05 06:48:30 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-05 06:48:30 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-05 06:48:30 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-02-05 06:48:30 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-02-05 06:48:30 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-02-05 06:48:30 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-05 06:48:30 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-05 06:48:29 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-05 06:48:27 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-02-26 03:36:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-26 03:36:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-07 09:10:22 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-07 09:10:22 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-01-07 09:10:22 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 10:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 17:41:54.67 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 28 February 2014 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Canicoll

Canicoll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 March 2014 - 09:32 AM

Hi nasdaq, sorry for the delay in reply but i'm having some connection issues.

Still having the same issues after following your instructions.

 

 

# AdwCleaner v3.020 - Report created 03/03/2014 at 00:56:06
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Cameron - LAP
# Running from : C:\Users\Cameron\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Users\Cameron\AppData\Local\genienext
Folder Deleted : C:\Users\Cameron\AppData\Local\iLivid
Folder Deleted : C:\Users\Cameron\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Cameron\AppData\Local\PackageAware
Folder Deleted : C:\Users\Cameron\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Cameron\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Cameron\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Cameron\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Cameron\Documents\Mobogenie
Folder Deleted : C:\Users\Cameron\Documents\smart pc cleaner
File Deleted : C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\200821140405180805011820
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Nation Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11094 octets] - [03/03/2014 00:52:35]
AdwCleaner[S0].txt - [10989 octets] - [03/03/2014 00:56:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11050 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Cameron on Mon 03/03/2014 at  1:01:50.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/03/2014 at  1:10:54.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 01
Ran by Cameron (administrator) on LAP on 03-03-2014 01:21:21
Running from C:\Users\Cameron\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AuthenTec, Inc) c:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
() c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) c:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) c:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [25600 2010-09-15] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-24] (Microsoft Corporation)
HKLM\...\Run: [KeepSafe] - c:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-22] (Authentec)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-03] (Oracle Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-10] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-29] (Hewlett-Packard)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-03] ()
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [SpybotSD TeaTimer] - D:\Installed Programs\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-27] (Safer Networking Limited)
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\RunOnce: [Uninstall C:\Users\Cameron\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cameron\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\MountPoints2: {91c84dfa-88ce-11e2-bdd4-0090f5de4a40} - F:\SETUP.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.com/?rd=1&ucc=MX&dcc=MX&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - c:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - c:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
 
Chrome: 
=======
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
CHR Plugin: (VLC Web Plugin) - D:\Installed Programs\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Angry Birds) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-06-23]
CHR Extension: (Google Docs) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-23]
CHR Extension: (Google Drive) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-23]
CHR Extension: (YouTube) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-23]
CHR Extension: (Pool) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2013-11-09]
CHR Extension: (Google Search) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-23]
CHR Extension: (Website Logon) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eioaimhbaiomogmbefipmnbpjmefhhoc [2013-04-23]
CHR Extension: (Motocross Nitro) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdikdnjblenkgleaedpepneeafbljagc [2013-11-09]
CHR Extension: (iCloud Bookmarks) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-09]
CHR Extension: (Red Crucible 2) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iechpocbkaimjmlpfinoahkolenfdmig [2013-11-09]
CHR Extension: (Little Alchemy) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-06-23]
CHR Extension: (WGT Golf Game) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2013-11-09]
CHR Extension: (Google Wallet) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - c:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-24] (SUPERAntiSpyware.com)
R2 FPLService; c:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-30] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-24] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-24] (Microsoft Corporation)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2012-05-23] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-22] ()
S2 SBSDWSCService; D:\Installed Programs\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-27] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-25] (CSR)
S3 DSDEVICE; C:\Windows\System32\drivers\DSDEVICE.sys [76648 2013-04-29] (FTDI Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-10] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-28] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-28] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-03 01:20 - 2014-03-03 01:20 - 00000000 ____D () C:\Users\Cameron\Desktop\FRST-OlderVersion
2014-03-03 01:10 - 2014-03-03 01:10 - 00000635 _____ () C:\Users\Cameron\Desktop\JRT.txt
2014-03-03 01:01 - 2014-03-03 01:01 - 00000000 ____D () C:\Windows\ERUNT
2014-03-03 01:00 - 2014-03-03 01:00 - 01037734 _____ (Thisisu) C:\Users\Cameron\Desktop\JRT.exe
2014-03-03 00:52 - 2014-03-03 00:56 - 00000000 ____D () C:\AdwCleaner
2014-03-03 00:49 - 2014-03-03 00:49 - 01244192 _____ () C:\Users\Cameron\Desktop\adwcleaner.exe
2014-02-26 20:00 - 2014-02-26 20:00 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-26 17:41 - 2014-02-26 17:43 - 00021854 _____ () C:\Users\Cameron\Desktop\dds.txt
2014-02-26 17:41 - 2014-02-26 17:42 - 00015099 _____ () C:\Users\Cameron\Desktop\attach.txt
2014-02-26 17:30 - 2014-03-03 01:21 - 00017017 _____ () C:\Users\Cameron\Desktop\FRST.txt
2014-02-26 17:30 - 2014-02-26 17:30 - 00032675 _____ () C:\Users\Cameron\Desktop\Addition.txt
2014-02-26 17:28 - 2014-03-03 01:21 - 00000000 ____D () C:\FRST
2014-02-26 17:28 - 2014-03-03 01:20 - 02156544 _____ (Farbar) C:\Users\Cameron\Desktop\FRST64.exe
2014-02-26 17:15 - 2014-02-26 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-02-26 16:36 - 2014-02-06 23:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-26 16:36 - 2014-02-06 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-26 16:36 - 2014-02-06 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-26 16:36 - 2014-02-06 22:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-26 16:36 - 2014-02-06 22:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-26 16:36 - 2014-02-06 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-26 16:36 - 2014-02-06 21:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-26 16:36 - 2014-02-06 21:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-26 16:36 - 2014-02-06 21:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-26 16:36 - 2014-02-06 21:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-26 16:36 - 2014-02-06 21:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-26 16:36 - 2014-02-06 21:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-26 16:36 - 2014-02-06 21:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-26 16:36 - 2014-02-06 21:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-26 16:36 - 2014-02-06 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-26 16:36 - 2014-02-06 21:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-26 16:36 - 2014-02-06 21:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-26 16:36 - 2014-02-06 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-26 16:36 - 2014-02-06 21:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-26 16:36 - 2014-02-06 20:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-26 16:36 - 2014-02-06 20:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-26 16:36 - 2014-02-06 20:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-26 16:36 - 2014-02-06 20:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-26 16:36 - 2014-02-06 20:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-26 16:36 - 2014-02-06 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-26 16:36 - 2014-02-06 20:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-26 16:36 - 2014-02-06 20:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-26 16:36 - 2014-02-06 20:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-26 16:36 - 2014-02-06 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-26 16:36 - 2014-02-06 20:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-26 16:36 - 2014-02-06 20:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-26 16:36 - 2014-02-06 20:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-26 16:36 - 2014-02-06 20:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-26 16:36 - 2014-02-06 20:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-26 16:36 - 2014-02-06 19:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-26 16:36 - 2014-02-06 19:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-26 16:36 - 2014-02-06 19:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-26 16:36 - 2014-02-06 19:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-26 16:36 - 2014-02-06 19:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 16:36 - 2013-12-21 20:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-26 16:36 - 2013-12-21 19:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-26 16:10 - 2014-02-26 22:53 - 00000000 ____D () C:\Users\Cameron\AppData\Local\Microsoft Games
2014-02-26 14:45 - 2013-12-04 13:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-26 14:45 - 2013-12-04 13:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-26 14:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-26 14:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-26 14:45 - 2013-12-04 13:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-26 14:45 - 2013-12-04 13:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-26 14:45 - 2013-12-04 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-26 14:45 - 2013-12-04 13:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-26 14:45 - 2013-12-04 13:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-26 14:45 - 2013-12-04 13:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-26 14:45 - 2013-12-04 13:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-26 14:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-26 14:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-26 14:45 - 2013-12-04 13:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-26 14:45 - 2013-12-04 12:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-26 14:45 - 2013-12-04 12:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-26 14:45 - 2013-12-04 12:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-26 14:45 - 2013-12-04 12:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-26 14:27 - 2013-12-06 13:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-26 14:27 - 2013-12-06 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-26 14:27 - 2013-12-06 13:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-26 14:27 - 2013-12-06 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-26 14:06 - 2014-01-01 10:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-26 14:06 - 2014-01-01 10:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-26 14:05 - 2014-02-26 16:24 - 00002179 _____ () C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 14:05 - 2014-02-26 16:24 - 00000000 ___RD () C:\Users\Cameron\OneDrive
2014-02-26 14:05 - 2014-02-26 14:05 - 00002102 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 14:05 - 2014-02-26 14:05 - 00002102 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 14:05 - 2014-02-26 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-02-26 12:48 - 2013-12-25 10:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-26 12:48 - 2013-12-25 09:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-26 12:48 - 2013-11-26 19:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-26 12:48 - 2013-11-23 09:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-26 12:45 - 2014-02-26 12:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-26 12:35 - 2014-02-26 12:35 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files\iPod
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 17:48 - 2013-11-27 12:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-05 17:48 - 2013-11-27 12:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-05 17:48 - 2013-11-26 22:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-05 17:48 - 2013-11-26 21:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-03 01:21 - 2014-02-26 17:30 - 00017017 _____ () C:\Users\Cameron\Desktop\FRST.txt
2014-03-03 01:21 - 2014-02-26 17:28 - 00000000 ____D () C:\FRST
2014-03-03 01:20 - 2014-03-03 01:20 - 00000000 ____D () C:\Users\Cameron\Desktop\FRST-OlderVersion
2014-03-03 01:20 - 2014-02-26 17:28 - 02156544 _____ (Farbar) C:\Users\Cameron\Desktop\FRST64.exe
2014-03-03 01:10 - 2014-03-03 01:10 - 00000635 _____ () C:\Users\Cameron\Desktop\JRT.txt
2014-03-03 01:04 - 2013-07-10 05:23 - 00000310 _____ () C:\Windows\Tasks\Mpkovbn.job
2014-03-03 01:04 - 2009-07-14 15:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 01:04 - 2009-07-14 15:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 01:02 - 2009-07-14 16:13 - 00805622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 01:01 - 2014-03-03 01:01 - 00000000 ____D () C:\Windows\ERUNT
2014-03-03 01:00 - 2014-03-03 01:00 - 01037734 _____ (Thisisu) C:\Users\Cameron\Desktop\JRT.exe
2014-03-03 00:58 - 2013-01-26 07:48 - 01238271 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 00:57 - 2013-09-18 06:15 - 00004031 _____ () C:\Windows\setupact.log
2014-03-03 00:57 - 2013-04-23 13:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 00:57 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 00:56 - 2014-03-03 00:52 - 00000000 ____D () C:\AdwCleaner
2014-03-03 00:52 - 2013-02-08 15:35 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-03 00:51 - 2013-04-23 13:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 00:49 - 2014-03-03 00:49 - 01244192 _____ () C:\Users\Cameron\Desktop\adwcleaner.exe
2014-02-27 01:35 - 2013-02-08 08:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 22:53 - 2014-02-26 16:10 - 00000000 ____D () C:\Users\Cameron\AppData\Local\Microsoft Games
2014-02-26 20:00 - 2014-02-26 20:00 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-26 20:00 - 2013-08-01 11:47 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-26 19:07 - 2013-02-08 17:51 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\uTorrent
2014-02-26 18:48 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-02-26 17:43 - 2014-02-26 17:41 - 00021854 _____ () C:\Users\Cameron\Desktop\dds.txt
2014-02-26 17:42 - 2014-02-26 17:41 - 00015099 _____ () C:\Users\Cameron\Desktop\attach.txt
2014-02-26 17:30 - 2014-02-26 17:30 - 00032675 _____ () C:\Users\Cameron\Desktop\Addition.txt
2014-02-26 17:23 - 2013-02-08 04:58 - 00144696 _____ () C:\Users\Cameron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 17:23 - 2009-07-14 15:45 - 05112376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 17:22 - 2013-05-07 13:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-26 17:22 - 2013-02-08 07:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-26 17:22 - 2010-11-21 18:17 - 00000000 ____D () C:\Windows\ShellNew
2014-02-26 17:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-26 17:18 - 2013-10-03 06:05 - 00146500 _____ () C:\Windows\PFRO.log
2014-02-26 17:15 - 2014-02-26 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-02-26 16:40 - 2013-01-26 10:42 - 00798236 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 16:24 - 2014-02-26 14:05 - 00002179 _____ () C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 16:24 - 2014-02-26 14:05 - 00000000 ___RD () C:\Users\Cameron\OneDrive
2014-02-26 15:36 - 2013-02-08 12:09 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\Apple Computer
2014-02-26 15:36 - 2013-02-08 12:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-26 15:31 - 2013-12-12 09:53 - 00000000 ____D () C:\Users\Cameron\AppData\Local\4F0FC9AB-E49C-4314-93FF-23AF7BEE6C00.aplzod
2014-02-26 14:37 - 2013-02-08 08:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-26 14:36 - 2013-02-08 08:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 14:36 - 2013-02-08 08:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 14:05 - 2014-02-26 14:05 - 00002102 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 14:05 - 2014-02-26 14:05 - 00002102 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-26 14:05 - 2014-02-26 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-02-26 14:05 - 2013-02-08 04:57 - 00000000 ____D () C:\Users\Cameron
2014-02-26 12:46 - 2013-09-18 06:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 12:45 - 2014-02-26 12:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-26 12:45 - 2013-06-26 06:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-26 12:35 - 2014-02-26 12:35 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files\iPod
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-26 12:34 - 2013-02-08 12:08 - 00000000 ____D () C:\ProgramData\Apple
2014-02-26 11:46 - 2013-04-23 13:14 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-26 11:46 - 2013-04-23 13:14 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 23:16 - 2014-02-26 16:36 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 22:30 - 2014-02-26 16:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 22:30 - 2014-02-26 16:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 22:12 - 2014-02-26 16:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 22:07 - 2014-02-26 16:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 22:06 - 2014-02-26 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 21:57 - 2014-02-26 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 21:56 - 2014-02-26 16:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 21:52 - 2014-02-26 16:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 21:49 - 2014-02-26 16:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 21:48 - 2014-02-26 16:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 21:48 - 2014-02-26 16:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 21:38 - 2014-02-26 16:36 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 21:32 - 2014-02-26 16:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 21:20 - 2014-02-26 16:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 21:17 - 2014-02-26 16:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 21:11 - 2014-02-26 16:36 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 21:01 - 2014-02-26 16:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 21:00 - 2014-02-26 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 20:57 - 2014-02-26 16:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 20:57 - 2014-02-26 16:36 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 20:52 - 2014-02-26 16:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 20:52 - 2014-02-26 16:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 20:50 - 2014-02-26 16:36 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 20:49 - 2014-02-26 16:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 20:48 - 2013-02-08 07:57 - 00000000 ____D () C:\Windows\pss
2014-02-06 20:47 - 2014-02-26 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 20:46 - 2014-02-26 16:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 20:41 - 2013-02-08 04:58 - 00000000 ___RD () C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 20:25 - 2014-02-26 16:36 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 20:25 - 2014-02-26 16:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 20:24 - 2014-02-26 16:36 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 20:22 - 2014-02-26 16:36 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 20:13 - 2014-02-26 16:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 20:09 - 2014-02-26 16:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 20:03 - 2014-02-26 16:36 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 19:55 - 2014-02-26 16:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 19:41 - 2014-02-26 16:36 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 19:40 - 2014-02-26 16:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 19:36 - 2014-02-26 16:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 19:34 - 2014-02-26 16:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 18:12 - 2013-09-18 05:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-05 18:29 - 2013-03-21 07:43 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Cameron\AppData\Local\Temp\235.exe
C:\Users\Cameron\AppData\Local\Temp\5235.exe
C:\Users\Cameron\AppData\Local\Temp\7za.exe
C:\Users\Cameron\AppData\Local\Temp\car.exe
C:\Users\Cameron\AppData\Local\Temp\com.exe
C:\Users\Cameron\AppData\Local\Temp\facebook.exe
C:\Users\Cameron\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Cameron\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Cameron\AppData\Local\Temp\nsaE4AD.exe
C:\Users\Cameron\AppData\Local\Temp\nsg3282.exe
C:\Users\Cameron\AppData\Local\Temp\nsgE73E.exe
C:\Users\Cameron\AppData\Local\Temp\nsl2FE2.exe
C:\Users\Cameron\AppData\Local\Temp\nsx8889.exe
C:\Users\Cameron\AppData\Local\Temp\Office Home and Business 2013.exe
C:\Users\Cameron\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cameron\AppData\Local\Temp\Quarantine.exe
C:\Users\Cameron\AppData\Local\Temp\setup__1567.exe
C:\Users\Cameron\AppData\Local\Temp\utt5383.tmp.exe
C:\Users\Cameron\AppData\Local\Temp\uttEFC2.tmp.exe
C:\Users\Cameron\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Cameron\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Cameron\AppData\Local\Temp\Xvid.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-26 13:21
 
==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 02 March 2014 - 10:05 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] - [X]
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [AdobeBridge] - [X]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

The attach.txt file is showing some problems with some updates.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
How long have you had Norton and Microsoft Antimalware protection tools.
Did you have any problems with either of these programs?

#5 Canicoll

Canicoll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 March 2014 - 10:15 AM

I've had them for almost a year and no problem so far.
Here are the results and thank you for your effort.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by Cameron at 2014-03-03 02:11:28 Run:1
Running from C:\Users\Cameron\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] - [X]
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\...\Run: [AdobeBridge] - [X]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
 
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-866203047-2143008174-2467394295-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL not found.
 
==== End of Fixlog ====
 
 
 
 
Farbar Service Scanner Version: 25-02-2014
Ran by Cameron (administrator) on 03-03-2014 at 02:14:09
Running from "C:\Users\Cameron\Desktop\Farbar"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 02 March 2014 - 11:51 AM

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with changes we are trying to make.

Disable it and see if you can repair or re-install office.

TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.
TeaTimer's snapshot files are refreshed at this time.

When all is well restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

#7 Canicoll

Canicoll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 03 March 2014 - 03:52 AM

Same thing mate. Teatimer off and still cannot install office or open MS security centre



#8 Canicoll

Canicoll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 03 March 2014 - 06:19 AM

Got outlook working again. MS security essentials still won't open. Uninstalled and installed and still no luck



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 03 March 2014 - 09:35 AM


I can't start the Microsoft Security Essentials service
http://windows.microsoft.com/en-CA/windows/i-cant-start-the-microsoft-security-essentials-service

If you decide to remove Norton I suggest you run their un-installer.

Download and run the Norton Removal Tool FOR YOUR CURRENT PROGRAM.
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb
===

First try the fix suggested on this article.

http://support.microsoft.com/kb/900936

Execute the instructions under this heading.
Windows Vista and Windows Server 2008

Restart the computer when done.

Keep me posted.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 08 March 2014 - 09:54 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 14 March 2014 - 07:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users