Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has a virus: lecpetex.A


  • Please log in to reply
1 reply to this topic

#1 carolynhughey

carolynhughey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 March 2014 - 12:19 PM

My Microsoft Essentials says I have a virus lecpetex.A, and I have it deleted, but it keeps coming back.  I ran your program and here is the information it reported:

 

First.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Carolyn (administrator) on CAROLYN-MINI-PC on 31-03-2014 08:14:19
Running from C:\Users\Carolyn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Jaksta Technologies Pty Ltd) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-862467753-3908090212-3527102901-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [641400 2013-11-03] (BitTorrent, Inc.)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2013-12-16] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2013-12-16] (Jaksta Technologies Pty Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\bbc1v84o.default-1379691003171
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Block site - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\bbc1v84o.default-1379691003171\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-11-15]
FF Extension: YesScript - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\bbc1v84o.default-1379691003171\Extensions\yesscript@userstyles.org.xpi [2013-11-12]
FF Extension: Bluhell Firewall - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\bbc1v84o.default-1379691003171\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-11-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-28]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-05-09]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Carolyn\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Carolyn\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R1 appliand; C:\Windows\System32\DRIVERS\appliand.sys [30304 2013-02-05] (Applian Technologies Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 08:14 - 2014-03-31 08:17 - 00013282 _____ () C:\Users\Carolyn\Downloads\FRST.txt
2014-03-31 08:13 - 2014-03-31 08:14 - 00000000 ____D () C:\FRST
2014-03-31 08:11 - 2014-03-31 08:11 - 02157056 _____ (Farbar) C:\Users\Carolyn\Downloads\FRST64.exe
2014-03-28 21:58 - 2014-03-28 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 09:17 - 2014-03-24 09:17 - 00000000 ____D () C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-24 09:17 - 2014-03-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-24 09:14 - 2014-03-24 09:14 - 01402880 _____ () C:\Users\Carolyn\Downloads\HiJackThis.msi
2014-03-12 17:56 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:56 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:56 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 17:56 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:56 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:56 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 17:56 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:56 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:56 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 17:56 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 17:56 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 17:56 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 17:56 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 17:56 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 17:56 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:56 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 17:56 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:56 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:56 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 17:56 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 17:56 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 17:56 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 17:56 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 17:56 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:56 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 17:56 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 17:56 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 17:56 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 17:56 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:56 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 17:56 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 17:56 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:56 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 17:56 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 17:56 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 17:56 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:56 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 17:56 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 17:56 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 17:56 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 17:56 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:56 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 17:56 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 17:56 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 17:55 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 17:55 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:55 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 17:55 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-01 09:07 - 2014-03-01 09:07 - 02158213 _____ (Cherubic Software) C:\Users\Carolyn\Downloads\sagethumbs_2.0.0.18_setup.exe
2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-01 08:52 - 2014-03-01 08:52 - 01376768 _____ () C:\Users\Carolyn\Downloads\7-Zip-x64.msi

==================== One Month Modified Files and Folders =======

2014-03-31 08:17 - 2014-03-31 08:14 - 00013282 _____ () C:\Users\Carolyn\Downloads\FRST.txt
2014-03-31 08:17 - 2011-08-24 23:01 - 00000000 ____D () C:\Users\Carolyn\AppData\Roaming\uTorrent
2014-03-31 08:14 - 2014-03-31 08:13 - 00000000 ____D () C:\FRST
2014-03-31 08:14 - 2011-07-24 16:52 - 01538750 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 08:11 - 2014-03-31 08:11 - 02157056 _____ (Farbar) C:\Users\Carolyn\Downloads\FRST64.exe
2014-03-31 08:10 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 08:10 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 08:09 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 08:02 - 2012-04-26 06:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 08:02 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 08:02 - 2009-07-13 21:51 - 00061719 _____ () C:\Windows\setupact.log
2014-03-31 07:54 - 2012-05-24 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 07:52 - 2013-02-11 23:26 - 01921024 _____ () C:\Users\Carolyn\AppData\Local\SageThumbs.db3
2014-03-28 22:01 - 2014-03-28 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 16:42 - 2013-03-18 10:45 - 00000602 _____ () C:\Users\Carolyn\Desktop\telephony.txt
2014-03-24 09:19 - 2011-08-25 09:27 - 00000000 ____D () C:\Users\Carolyn\AppData\Local\VirtualStore
2014-03-24 09:17 - 2014-03-24 09:17 - 00000000 ____D () C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-24 09:17 - 2014-03-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-24 09:14 - 2014-03-24 09:14 - 01402880 _____ () C:\Users\Carolyn\Downloads\HiJackThis.msi
2014-03-20 08:20 - 2011-08-25 11:53 - 00000000 ____D () C:\Users\Carolyn\AppData\Local\Microsoft Help
2014-03-20 02:00 - 2013-02-06 10:58 - 00000000 ____D () C:\Users\Carolyn\Downloads\Audio Books Download from Torrents
2014-03-19 00:11 - 2013-08-12 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 00:03 - 2012-05-09 20:37 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 16:18 - 2011-08-28 07:26 - 00000000 ____D () C:\Users\Carolyn\AppData\Roaming\foobar2000
2014-03-13 00:32 - 2009-07-13 21:45 - 00446608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 00:30 - 2013-03-13 00:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 00:30 - 2013-03-13 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 00:09 - 2011-08-25 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 20:55 - 2012-05-24 21:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:55 - 2012-05-24 21:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:55 - 2011-07-24 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 11:06 - 2012-04-11 18:19 - 00000000 ____D () C:\Users\Carolyn\Downloads\Audio and Ebooks
2014-03-01 09:13 - 2010-11-20 20:47 - 00123322 _____ () C:\Windows\PFRO.log
2014-03-01 09:13 - 2009-07-13 22:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-01 09:07 - 2014-03-01 09:07 - 02158213 _____ (Cherubic Software) C:\Users\Carolyn\Downloads\sagethumbs_2.0.0.18_setup.exe
2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-01 08:52 - 2014-03-01 08:52 - 01376768 _____ () C:\Users\Carolyn\Downloads\7-Zip-x64.msi

Some content of TEMP:
====================
C:\Users\Carolyn\AppData\Local\Temp\AskSLib.dll
C:\Users\Carolyn\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Carolyn\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Carolyn\AppData\Local\Temp\iet8282.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\libcurl-4.dll
C:\Users\Carolyn\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Carolyn\AppData\Local\Temp\setup.exe
C:\Users\Carolyn\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Carolyn\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Carolyn\AppData\Local\Temp\tbuTor.dll
C:\Users\Carolyn\AppData\Local\Temp\utt6708.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\utt7FDC.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 00:47

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Carolyn at 2014-03-31 08:19:10
Running from C:\Users\Carolyn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0413.2011 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3004 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Illustrator CS5  (HKLM-x32\...\Adobe Illustrator CS5 15) (Version: 15 - Adobe Illustrator CS5 )
Adobe Illustrator CS5 Lite (HKLM-x32\...\Adobe Illustrator) (Version: CS5 Lite - )
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version:  - Leo Davidson / Pretentious Name)
Adobe Reader 9.5.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Applian Network Monitor (3.0.8.1) (HKLM-x32\...\Applian Network Monitor) (Version: 3.0.8.1 - Applian Technologies)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 2.0 build 60 - Convivea Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Brother HL-3040CN (HKLM-x32\...\{EEEC235B-B4C4-40D0-9B47-48071D882AEC}) (Version: 1.00 - Brother)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{2A795E68-BD67-40EC-899F-CEE817F723CF}) (Version: 0.8.68 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FLV Player (HKLM-x32\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)
foobar2000 v1.1.7 (HKLM-x32\...\foobar2000) (Version: 1.1.7 - Peter Pawlowski)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Lifetime Updater (HKLM-x32\...\{45411273-7307-4F9D-BCAF-7E5ED0A36050}) (Version: 2.1.10 - Garmin)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version:  - )
Kindle Previewer (HKCU\...\KindlePreviewer) (Version:  - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird (6.0) (HKLM-x32\...\Mozilla Thunderbird (6.0)) (Version: 6.0 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.209.0 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Replay Media Catcher 5 (5.0.1.24) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.24 - Applian Technologies)
SageThumbs 2.0.0.18 (HKLM\...\SageThumbs) (Version: 2.0.0.18 - Cherubic Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.9.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

13-03-2014 07:00:54 Windows Update
17-03-2014 07:46:33 Windows Update
19-03-2014 07:00:23 Windows Update
22-03-2014 15:41:20 Windows Update
24-03-2014 16:15:15 Installed HiJackThis
26-03-2014 15:42:30 Windows Update
30-03-2014 07:15:52 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {8656832F-CD6B-4DD0-8ED5-E7E25413CC44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-28 21:58 - 2014-03-28 21:59 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-02-05 23:24 - 2013-02-05 23:24 - 00904704 _____ () C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\System.Data.SQLite.dll
2013-12-16 10:50 - 2013-12-16 10:50 - 01589248 _____ () C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jalw.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
AlternateDataStreams: C:\temp:rnd.dat
AlternateDataStreams: C:\temp:srv
AlternateDataStreams: C:\Users\Carolyn\Documents\Fonts:Shareaza.GUID
AlternateDataStreams: C:\Users\Public\TheElementsofInvesting_1666.epub:com.apple.metadatakMDItemDownloadedDate
AlternateDataStreams: C:\Users\Public\TheElementsofInvesting_1666.epub:com.apple.metadatakMDItemWhereFroms
AlternateDataStreams: C:\Users\Public\TheElementsofInvesting_1666.epub:com.apple.quarantine
AlternateDataStreams: C:\Users\Public\Zachary's MedCard copy.pdf:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2014 08:02:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 07:38:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 08:47:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x266ff740
Faulting process id: 0x90c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (03/24/2014 08:58:50 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 27.0.1.5156 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d8

Start Time: 01cf458ccdb15166

Termination Time: 3145

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 13918633-b36d-11e3-a202-b870f49b96c7

Error: (03/21/2014 08:27:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2014 07:58:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2014 00:32:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2014 00:09:54 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (03/11/2014 07:59:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 08:37:25 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 27.0.1.5156 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e70

Start Time: 01cf39b1bf7be32c

Termination Time: 14130

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 586ba185-a8ce-11e3-95c1-b870f49b96c7


System errors:
=============
Error: (03/31/2014 08:04:58 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3F0E8C7B-CADA-4709-8A2C-FECEECCDAA22}.
The backup browser is stopping.

Error: (03/31/2014 08:03:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/31/2014 08:00:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (03/29/2014 07:55:50 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3F0E8C7B-CADA-4709-8A2C-FECEECCDAA22}.
The backup browser is stopping.

Error: (03/29/2014 07:39:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/29/2014 07:34:30 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/21/2014 08:28:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/21/2014 08:23:42 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/19/2014 07:58:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/19/2014 07:57:09 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:55:32 AM on ‎3/‎19/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 07:50:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 345879 seconds with 1140 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 05:30:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 159295 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (12/09/2013 07:21:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 387889 seconds with 1500 seconds of active time.  This session ended with a crash.

Error: (04/30/2013 07:47:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 295120 seconds with 1140 seconds of active time.  This session ended with a crash.

Error: (01/27/2013 10:24:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 88801 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/19/2012 11:14:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2095 seconds with 780 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-01-21 08:09:44.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-21 08:09:04.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 1770.9 MB
Available physical RAM: 602.65 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 2187.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:119.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F9CF9E7)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

How do I get rid of this, Please.

 

Thank you,

Carolyn

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 03 April 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-862467753-3908090212-3527102901-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [641400 2013-11-03] (BitTorrent, Inc.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: Block site - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\bbc1v84o.default-1379691003171\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-11-15]
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-05-09]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Carolyn\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Carolyn\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
C:\Users\Carolyn\AppData\Local\Temp\AskSLib.dll
C:\Users\Carolyn\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Carolyn\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Carolyn\AppData\Local\Temp\iet8282.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Carolyn\AppData\Local\Temp\libcurl-4.dll
C:\Users\Carolyn\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Carolyn\AppData\Local\Temp\setup.exe
C:\Users\Carolyn\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Carolyn\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Carolyn\AppData\Local\Temp\tbuTor.dll
C:\Users\Carolyn\AppData\Local\Temp\utt6708.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\utt7FDC.tmp.exe
C:\Users\Carolyn\AppData\Local\Temp\zlib1.dll
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
AlternateDataStreams: C:\temp:rnd.dat
AlternateDataStreams: C:\temp:srv
end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

====

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users