Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 desktop changed, programs not working, pics & docs empty


  • This topic is locked This topic is locked
14 replies to this topic

#1 hellib

hellib

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 29 April 2015 - 05:18 PM

Acer Verioin X275 , Pentium ® Dual core CPU E5899 3,20HZ, 4 GB ram  running Window 7 Professional, 64 bit disk used -total size 269GB, space free 52.5gb.  I am a nearly 70 femaile,however, fairly computer savvy.  I am pretty sure I am infected. I did do a system restore all this before realizing something very wrong. Unfortunately I only have AVG freeware but will definitely invest in  something  better..  I have not done anything in safe mode.  Yesterday is when all the above things happened.   I just turned by computer on and today and for the first time I got a system restore message that asked me to restore system.also user file set to default.  I downloaded Malwarebytes anti-malware and ran which found threats...I think I deleted them all but can not remember.  I also downloaded Rogue killer and it too found things and I emailed the log to my email.  I hope this will help you understand my problem.  I have a wd mypassport 1 tb external hd which i use as a back up but forgot the password so I really hope that I haven't lost my documents and pictures which are most important. Any help would really be appreciated,  I do know how to use the c:  prompts etc.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:37 PM

Posted 29 April 2015 - 10:05 PM

Welcome hellib... let's try running these and see how it is.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 02:56 AM

thankyou, i will try these in the morning when i a more awake, it's almost 1: am..  Do i post the logs on here?



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:37 AM

Posted 30 April 2015 - 03:25 AM

Yes, post your logs back here for boopme's perusal.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 01:20 PM

MiniToolBox by Farbar  Version: 14-04-2015
Ran by hellib (administrator) on 30-04-2015 at 11:00:09
Running from "C:\Windows\SysWOW64\config\systemprofile\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: Veriton X275 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)
TunnelBear Adapter V9 = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=? subinterface=ethernet_14 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : hellib-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
                                       cg.shawcable.net
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TunnelBear Adapter V9
   Physical Address. . . . . . . . . : 00-FF-96-7D-B6-A4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : D0-27-88-76-3D-CF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::395c:c398:e697:4b16%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : April-30-15 10:50:15 AM
   Lease Expires . . . . . . . . . . : June-06-51 5:28:39 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 198190984
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-91-19-65-D0-27-88-76-3D-CF
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{967DB6A4-B189-4157-90B4-AFA45D0453C5}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:a8:1696:b9b2:2415(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::a8:1696:b9b2:2415%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2607:f8b0:400a:807::200e
  24.244.4.20
  24.244.4.50
  24.244.4.25
  24.244.4.24
  24.244.4.54
  24.244.4.39
  24.244.4.40
  24.244.4.55
  24.244.4.35
  24.244.4.45
  24.244.4.44
  24.244.4.59
  24.244.4.30
  24.244.4.49
  24.244.4.29
  24.244.4.34
 
 
Pinging google.com [173.194.33.135] with 32 bytes of data:
Reply from 173.194.33.135: bytes=32 time=43ms TTL=55
Reply from 173.194.33.135: bytes=32 time=39ms TTL=55
 
Ping statistics for 173.194.33.135:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 43ms, Average = 41ms
Server:  UnKnown
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
  98.138.253.109
  206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=48
Reply from 98.139.183.24: bytes=32 time=94ms TTL=48
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 106ms, Average = 100ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...00 ff 96 7d b6 a4 ......TunnelBear Adapter V9
 10...d0 27 88 76 3d cf ......Broadcom NetXtreme Gigabit Ethernet
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.9     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.9    276
      192.168.2.9  255.255.255.255         On-link       192.168.2.9    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.9    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.9    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.9    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:6ab8:a8:1696:b9b2:2415/128
                                    On-link
 10    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::a8:1696:b9b2:2415/128
                                    On-link
 10    276 fe80::395c:c398:e697:4b16/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 \Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 \Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/30/2015 10:54:11 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:52:05 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:52:04 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:50 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:49 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:48 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:46 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:45 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (04/30/2015 10:51:44 AM) (Source: Microsoft-Windows-User Profiles Service) (User: hellib-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
 
System errors:
=============
Error: (04/30/2015 10:50:36 AM) (Source: Service Control Manager) (User: )
Description: The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 02:41:12 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
Error: (04/29/2015 02:39:33 PM) (Source: Service Control Manager) (User: )
Description: The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 11:13:36 AM) (Source: Service Control Manager) (User: )
Description: The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 01:01:07 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
Error: (04/28/2015 11:19:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
Error: (04/28/2015 11:05:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (04/28/2015 10:57:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
Error: (04/28/2015 10:01:45 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
Error: (04/28/2015 09:38:18 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DCSMITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C7F26D0-4583-4663-AECE-9FA35AF98516}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (11/21/2012 05:45:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 68 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
 
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
Acer eLock Management (HKLM-x32\...\{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}) (Version: 3.00.5002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3015 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5005 - Acer Incorporated)
Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM-x32\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM-x32\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0823.2010 - Acer Incorporated)
Acer SmartBoot (HKLM-x32\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.3006 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Airmiles Toolbar (HKLM-x32\...\Airmiles Toolbar) (Version:  - )
Ancestral Quest 12.1 (HKLM-x32\...\InstallShield_{596E8AF6-FB4A-4E5B-AAA5-7A7BC7FA6B4D}) (Version: 12.01.0033 - Incline Software, LC)
Ancestral Quest 12.1 (x32 Version: 12.01.0033 - Incline Software, LC) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 8.4.2.5 - AuthenTec, Inc.) Hidden
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.2.39 - NewTech Infosystems) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.50.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.30.0 - Canon Inc.)
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
createsetup-new (HKLM-x32\...\createsetup-new) (Version:  - )
Customizer 10000 Plus (HKLM-x32\...\{1A9B5637-F3E2-4539-B42B-F8286A034531}) (Version:  - )
Document Express DjVu Plug-in (HKLM-x32\...\{47E710D1-F85F-4507-AF14-90A0E0140C73}) (Version: 6.1.35213 - Cuminas Corporation)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
EMBASSY Security Center Lite (Version: 04.01.00.049 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
Embassy Trust Suite - Acer Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 07.03.04.009 - Wave Systems Corp)
ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Family History Resource File Viewer 4.0 (HKLM-x32\...\{C08C47C2-E9EF-4357-B8FD-AD90FD2EF791}) (Version: 4.00.0000 - The Church of Jesus Christ of Latter-day Saints)
FamilySearch Indexing 3.24.2 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP LaserJet 200 color MFP M275 (HKLM-x32\...\{43E99CBA-D12F-45D8-B21C-4455D6ED4E5D}) (Version:  - Hewlett-Packard)
HP LaserJet 200 color MFP M275 Digital Filing (HKLM-x32\...\{2EE37716-2A3C-4C34-9BA6-6CCE62D099D4}) (Version: 26.0.157.0 - Hewlett-Packard Co.)
HP LJ200 M275 HP Scan (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.6579 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 1.0.1.94 - HP) Hidden
HP Unified IO (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.434 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM275DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPLaserJet200colorMFP-M275_HelpLearnCenter_SI (HKLM-x32\...\{42D075F7-1DB1-481A-AAE0-2B2D6280830A}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 3.00.0003 - HP) Hidden
HPLJUTM275 (x32 Version: 1.02.0013 - HP) Hidden
hppLaserJetService (x32 Version: 009.022.00813 - Hewlett-Packard) Hidden
hppM275LaserJetService (x32 Version: 007.016.00104 - Hewlett-Packard) Hidden
hppToolboxProxyM275 (x32 Version: 035.024.006 - HP) Hidden
hpStatusAlerts (x32 Version: 035.039.0004 - Hewlett Packard) Hidden
hpStatusAlertsM275 (x32 Version: 035.026.0004 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.45.14 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MCCI®Firmware Update Driver for MTK (HKLM-x32\...\{13E92303-C1AC-4012-9E22-54EACBF54888}) (Version: 1.00.0000 - MCCI)
Memory Craft 300E update (HKLM-x32\...\{6B57F426-244C-48B6-8C8C-C84F467F4FD5}) (Version: 1.11 - Janome Sewing Machine Co., Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{ba2cfbb1-9d38-42a7-94d2-3cd237a3e7f9}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
office Convert Pdf to Jpg Jpeg Tiff Free 6.5 (HKLM-x32\...\office Convert Pdf to Jpg Jpeg Tiff Free_is1) (Version:  - Officeconvert Software, Inc.)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker (HKLM-x32\...\{48B37F15-13C4-4FFD-92E8-1D5CB4F0FA23}) (Version: 2.0.4 - PearlMountain Soft)
Private Information Manager (Version: 06.05.00.022 - Wave Systems Corp.) Hidden
Private Information Manager (x32 Version:  - ) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
RAW FILE CONVERTER EX powered by SILKYPIX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage)
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scattrbrain (HKLM-x32\...\Scattrbrain.7AF17EE7462EC4BA20B99CC170AEA252BFF8A178.1) (Version: 1.3 - Jacob Pierson)
Scattrbrain (x32 Version: 1.3 - Jacob Pierson) Hidden
Shaw Internet Update 3.3.1 (HKLM-x32\...\Shaw Internet Update_is1) (Version:  - Shaw Cable)
Shaw Support 3.4.41 (HKLM-x32\...\{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1) (Version:  - Shaw Cable)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
ToolboxProxy (x32 Version: 035.024.006 - HP) Hidden
TunnelBear (HKLM-x32\...\{a8a8801e-37a4-4866-a5dc-2d8b0943b84c}) (Version: 2.3.13.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.13.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2965207) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8A41C250-4D2E-4D77-84E3-5854162C4D44}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
upekmsi (Version: 03.64.05.0000 - Wave Systems Corp) Hidden
Veriton ControlCenter (HKLM-x32\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Wave Infrastructure Installer (Version: 07.65.30.0040 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.044 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version:  - ) Hidden
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0) (HKLM\...\BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8) (Version: 04/21/2011 01.0.0.0 - Cambridge Silicon Radio Ltd.)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.0.0.10) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.0.10 - Wondershare Software)
Wondershare Video Editor(Build 4.7.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
YanCEyDesktop (HKLM-x32\...\YanCEyDesktop) (Version:  - )
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 4061.24 MB
Available physical RAM: 1576.8 MB
Total Pagefile: 8120.68 MB
Available Pagefile: 5282.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.88 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:269.99 GB) (Free:52.94 GB) NTFS
 

...



#6 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 01:49 PM

TDSSkiller no threats found.



#7 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 01:50 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Professional x64
Ran by SYSTEM on 30/04/2015 at 11:38:39.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] reimagerealtimeprotector
Successfully deleted: [Service] reimagerealtimeprotector
 
 
 
~~~ Tasks
 
Failed to delete: [Task] C:\Windows\system32\tasks\Western Digital
Successfully deleted: [Task] C:\Windows\system32\tasks\Reimage Reminder
Successfully deleted: [Task] C:\Windows\system32\tasks\ReimageUpdater
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\reimage.ini
Successfully deleted: [File] C:\Windows\wininit.ini
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\wiseconvert
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\reimage repair
Successfully deleted: [Folder] C:\ProgramData\reimage protector
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/04/2015 at 11:41:21.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 04:53 PM

I couldn't save or export to my desktop but figured out how to get it in a wordpad then emailed it to myself.  

 

Infected 40 cleaned 38

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\ReimagePackage.exe Win32/ReImageRepair.F potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\Downloads\ReimageRepair.exe Win32/ReImageRepair.F potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2132094111-3292105980-2515834171-1001\$RFCIP65.exe Win32/Toggle potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir Win32/Conduit.SearchProtect.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3316852\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3316852\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\Conduit\Chrome\CT3316852\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\Conduit\Chrome\CT3316852\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\hellib\AppData\Local\NativeMessaging\CT3316852\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Backup\hellib\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\Backup\hellib\AppData\Local\Temp\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Backup\hellib\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Backup\hellib\AppData\LocalLow\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined
C:\Program Files (x86)\shaw\bin\QuickUninstall.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Users\hellib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\877c433-2b4f5090 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\hellib\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\utorrentcontrol2.jar Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\hellib\Downloads\Avery Wizard 4.01 - US 20111209 (1).exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\hellib\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\hellib\Downloads\PC_Cleaner_Pro.exe a variant of Win32/PCCleaners potentially unwanted application deleted - quarantined
C:\Users\hellib\Downloads\pstagesetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\hellib\Downloads\shawsupport_setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined
C:\Users\hellib\Dropbox\New folder\mishmash to be perused\downloads\BugdoctorSetup.exe Win32/Adware.BugDoctor application cleaned by deleting - quarantined
C:\Users\hellib\Dropbox\New folder\mishmash to be perused\downloads\shawsupport_setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined
C:\Users\hellib\Dropbox\New folder\mishmash to be perused\downloads\Microsoft Office 2007 Enterprise Edition + Service Pack 2 Update + Keygen\Microsoft Office 2007 Enterprise Edition + Service Pack 2 Update + Keygen.7z a variant of Win32/Injector.ADC trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\ReimagePackage.exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\Downloads\ReimageRepair.exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:37 PM

Posted 30 April 2015 - 06:23 PM

That conduit infection is a real troublemaker.
You probably infected yourself using a keygen. It's usually the trade fre malware for free stuff.
 
Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 06:54 PM

​adwarecleaner is blocked and i can't run anything under adminstrator when my computer boots up it says the user profile service failed the login user profile cannot be loaded.  
 now i can't even boot the computer at all just stops at the windows 7 and hellib icon comes up and I click then the above message comes on.​ it's getting worse.


#11 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 06:56 PM

i am using another computer to post, i can't use my computer at all now.



#12 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 30 April 2015 - 07:50 PM

thanks for you help I was able to find a tutorial to get the computer to boot up properly.  



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:37 PM

Posted 01 May 2015 - 09:10 AM

So it seems obvious the machine has file corruption from the malware.

We should get a deeper look at it.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 hellib

hellib
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Kootenays in beautiful British Columbia
  • Local time:01:37 PM

Posted 01 May 2015 - 07:11 PM

Posted FRST in Virus etc. file.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:37 PM

Posted 01 May 2015 - 07:32 PM

Thank you!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users